How to use the Internet in a business environment while staying secure

There has been a significant increase in the ‘access anywhere/anytime culture' with a growth in social networking, a move to convergence solutions just as VoIP (Voice over Internet Protocol), a major increase in smartphone use, a growth in cloud computing, and the use of personal devices for company data. The range of security threats includes:* Malicious threats, just as viruses and other malware* Fraud threats just as phishing emails, spyware and toll fraud* Unauthorised access from hacking, data leakage, botnets, unsecured wireless, and user name/password insecurity, etc. * Operational threats, such as distributed denial of service attacks, attacks on VoIP (Voice over Internet Protocol), the failure of cloud computing suppliers to secure your network, or security risks from remote workers. * Newer threats such as social networking insecurity, web application threats, smartphone insecurity and poor security for converged voice/data applications on the network The basics that companies need to protect themselves in the internet environment include: Risk assessment/risk management. A risk assessment should be carried out Earlier implementing additional aspects of internet use, to identify the risks and determine what, if anything, needs to be done to minimise them. It is important to regularly review all security policies. Staff training Educated staff are the first and main line of defence. Staff need to be brought on board, where security is concerned. The impetus needs to come from the top and be maintained. Staying up to date Make sure you rapidly deploy software updates, such as operating system and browser updates and that security patches are installed as shortly as available. Anti-virus/anti-spywareAnti-virus systems should be behaviour-based and updated automatically in the background. Many anti-virus solutions as well incorporate anti-spyware components, to help cope with problems such as the theft of user names and passwords. Suppliers include Kaspersky Lab, VIPRE Business, Norton, McAfee and Symantec. Anti-spyware suppliers include Barracuda Networks and WebRoot. Free anti-spyware solutions, such as Spybot, are as well available. Firewalls A huge range of firewalls is available today from companies such as Check Point, Nortel, Nokia and WatchGuard. Firewalls are as well available as part of a unified threat management appliance or an extensible threat management appliance, where a firewall is combined with other security functions, including web application firewalling, at times also known as deep packet inspection. AuthenticationSingle factor authentication involves the use of passwords only, ranging from weak to complex. It has a number of insecurities and is highly vulnerable to the same password being used for multiple applications, increasing the risk that your business applications security could be breached. Strong two factor authentication comprises something you know and something you have or a swipe card). Companies including VASCO, RSA and CRYPTOCard provide strong two factor authentication solutions. During there are nevertheless risks with this approach, it provides significantly improved security at a comparatively low costBiometric authentication is more appropriate for high security applications, such as financial or defence. Remote user security Encrypted virtual private networks, either IPsec or SSL, are the typical solution for secure branch to head office communications, for communications between companies and third parties such as suppliers, and for secure communications between remote/mobile workers and head office/branches. This should be done, using a minimum of two-factor authentication. Branch offices can install low-cost remote UTMs which incorporate VPNs and these can be centrally administered, typically by the head office. Companies such as WatchGuard, Check Point and NETASQ provide remote, centrally manageable IPsec and SSL VPN solutions.Another method of securing remote and mobile users is endpoint security. Coupled with central management, it can ensure that firewall, anti-virus and security patches are used. A range of solutions is available from companies such as Check Point, GFI Software, Kaspersky Lab and Citrix. Many employees are using their own PCs, laptops and smartphones to link to the company. This carries a significant risk of these devices being infected by spyware, etc. and introduced to the network. Additionally, data on them could be unprotected. Coupled with this, there is the high cost of providing, supporting, patching and managing company supplied devices.One solution is for the employer to give the employee an allowance to buy their own PC or laptop and to supply them with a secure, hardware encrypted flash drive with embedded security software. Smartphone growth presents another remote access security risk. Staff are increasingly using them to retrieve email and use other applications on the move. Because of the dangers, smartphones should be treated just like PCs, when it comes to securing them.Smartphone security solutions are available from Kaspersky Lab, Sipera, CRYPTOCard and Check Point. Wireless security Strong two factor authentication should be used for access to all confidential internal data, from wireless pcs, laptops and smartphones. IPSec or SSL encrypted VPNs should be used for all wireless communications between head office and remote locations, such as branch offices, mobile users or home workers. Wireless security providers include Aruba Networks, Check Point, Ruckus, SonicWall, and WatchGuard. EncryptionLoss or theft of data can be easily and inexpensively protected using encryption software from Pointsec, Utimaco and PGP. The use of unified encryption management means encryption can be easily managed across all data risk areas including desktops, laptops, PDAs, USB sticks, mobile phones and other removable media.Multi functional solutions:UTMsUnified threat management systems are designed to provide a range of security solutions in a single appliance, reducing costs and simplifying the whole process of security systems management and installation. The minimum requirement for a UTM is a firewall, VPN, anti-virus and intrusion detection/prevention. Some UTMs may also provide anti-spam, web content inspection spyware protection, centralised management, monitoring, and logging capabilities. XTMsExtensible threat management systems are suitable for 50-10,000 or more users. This creates a secure tunnel, stronger than an SSL VPN, between the remote worker's PC and the applications on the home network. File transfer between the PC hosting the flash drive, and the corporate network, is strictly controlled. The use of applications and programmes too is subject to the applied security policy. These types of solutions in substance provide a secure, virtual environment, irrespective of the security status of the users PC/Laptop. They include solutions from Check Point and IronKey, as so then as the virtual desktop infrastructure from Citrix and VMware.Popular UTM and XTM solutions include those from WatchGuard, Check Point, Fortinet, Barracuda Networks and NetASQ. Web Application FirewallingWeb application firewalls apply rules to HTTP conversations. This is on occasion also known as deep packet inspection.

Related topics: Application and software security Authentication and identity management Computer and PC Security Data management and data security Encryption Eye biometrics Fingerprint biometrics Firewall Hacking and intrusion prevention Internet and Web security Knowledgebase Mobile and Wireless Security Network Security Security management and policies Virus, Worm, Email security, spyware and malware VPN