Today in this post I want to talk a little bit about some general rules when it comes to network security. There are so many different running services in every network and securing every each and one of them is such a big pain in the neck but following some general efficient rules and applying them in every portion of your design can assure some really good, if not ultimate, level of security in your network.
Begin your security from the weakest part. This is very important to know that your network is only as secure as the weakest portion of it. If you have the greatest firewalls and VPN servers placed at the edge of your network but the client infected by a malware, can easily connect to the network, then your network could be at risk. So start small. Start from the clients first and then go bigger.
Known vulnerabilities are the first to be patched. There are hundreds of security vulnerabilities published everyday on different security websites by security researchers. If you as the security engineer want to check every single one of them and patch the network, it could be a big waste of time, so try to concentrate on the known vulnerabilities and patch the system against the threats threatening those weaknesses.
A false sense of security is always worse than a true sense of insecurity. I have seen tens of engineers in this field who are always so confident about their infrastructure and they believe their network is fully secure against any attack while they have absolutely done nothing to keep it secure. You know they just keep convincing themselves and the others about the security of their systems and network… But that’s only keeping a blind eye to the reality. The reality is that if someone at least knows that they have an insecure network and environment or at least they know which part is more vulnerable to attacks, then in case of an attack they will know which part they are hit at and taking action is always more easily done.
Keep the security design as simple as you can. The more complex your systems, the less secure it is. I have seen a great number of really complicated systems that even the system designer was not able to understand some parts of it and in such network do you think security can be totally accomplished? Don’t you think there will be always some ways hackers will be able to find a way into that very complicated system even without anyone realizing.
The more secure the system, the less usable it is for the user somehow, so know the limits. What is the main objective of a service? To serve users right? Right… So, it first of all needs to be usable and usability must never be sacrificed by security. Remember security and usability are always inversely proportional.
I hope they were some good and useful tips for you. I thought they could help you have a better understanding on what a pretty good and secure design is and how you can accomplish that…