When deploying a new network or modifying an existing infrastructure, carefully evaluate effects on security and security’s impact on the infrastructure. When you or your team overlook or sidestep standard security practices, you can actually decrease security or break the network. Business interruptions can result not only in lost profits, but also in lost opportunities and even in lost jobs. If the compromise is serious enough, the business might not recover.

The threats facing business are numerous and constantly changing. Often, these issues arise daily. Malicious code, information leakage, zero-day exploits, unauthorized software, unethical employees, and complex network infrastructures are just a few of the concerns that every organization and network manager must face.

Malicious code can make its way into a computer through any communication channel. This includes file transfers, email, portable device syncing, removable media, and websites. Precautions against malicious code include network traffic filtering with a firewall, anti-malware scanning, and user behavior modification.

Information leakage often stems from malicious employees who purposefully (maliciously) or accidentally release internal documentation to the public. It can also result from accidents, or can occur when a storage device is lost, recycled, donated, stolen, or improperly thrown away. It also occurs when users accidentally publish documents to peer-to-peer (P2P) file-sharing services or websites. Precautions against information leakage include conducting thorough background checks on employees, using the principle of least privilege to provide access only to what is essential for completing one’s job responsibilities, detailed auditing and monitoring of all user activity, classifying all information and controlling communication pathways, using more stringent controls on use of portable devices, and practicing zeroization—purging a storage device to be discarded by filling its space with zeros.

Zero-day exploits are new and previously unknown attacks for which no current specific defenses exist. Think of these as surprise attacks on your networks. Zero-day refers to the newness of an exploit, which may be known in the hacker community for some time, but about which vendors and security professionals are just learning.

The zero-day label comes from the idea that work to develop a patch begins the moment a vendor learns of a problem. The moment of discovery of the new exploit is called “day zero.” No specific defenses against zero-day attacks exist, but general security management, use of intrusion detection and intrusion prevention, along with detailed logging and monitoring can assist in quickly discovering and preventing new attacks. Once you know of an attack or exploit, you can begin to take steps to contain damage or minimize the extent of the compromise.

Unauthorized software is any piece of code or program that a user chooses to run on a client system that was not approved by or provided by the organization. Not all unauthorized software is directly problematic, but you should prevent its use for many reasons. Such software could cost the organization money, time, and effort. Installation or use of the software could be a license violation. The software could include hidden malicious components, known or unknown to the user, which could compromise the security of the network. Steps you can take to prevent the use of unauthorized software should include limiting installation privileges of normal users and using whitelists to block the execution of any program not on the approved list.

Users are the final link in security and are often the weakest link in network security. If a user chooses to violate a security policy and release information to the public or execute malicious code, the results could devastate the organization or land the perpetrator in court. Unethical employees purposefully violate the stated rules and goals of the organization. These employees often believe the rules are not important, do not really apply to them, or are not really enforced. Most believe they will never get caught. When users violate the mission and goals of the organization, consequences could be catastrophic.

Methods of preventing unethical employees from doing damage include better background screening, detailed auditing and monitoring of all user activity, and regular management oversight and job performance reviews. Background screening should be more detailed for those employees in positions of trust or who have access to confidential or proprietary information of the organization. When you discover a problematic person, you might be able to grant the employee a second chance after retraining. In many cases, however, the safest choice for the organization is to terminate employment.

Complex network infrastructures often lead to complex vulnerabilities. The larger a network becomes, the more servers, clients, network devices, and segments it includes. The sheer number of moving parts almost guarantees that something is bound to be misconfigured, improperly installed, lack current firmware or patches, have or induce a bottleneck, or be used incorrectly. Any of these conditions could result in a vulnerability that internal or external attackers can exploit. The larger and more complex a network, the more thoroughly the security team needs to watch over the infrastructure and investigate every symptom, trend, or alert that exceeds the organization’s threshold for acceptable use. Preventing complexity from becoming a liability involves detailed planning, careful implementation, regular security management, and constant review of the effectiveness of the infrastructure.

Studies have shown that most threats come from internal sources, but too many organizations focus on external sources and discount the internal threats. A better stance is to count all threats—regardless of the source—as worthy of investigation. Once a potential threat is understood, its risk, potential loss, and likelihood can be better understood and evaluated.

One of the most obvious external threats is the Internet. The Internet is a global network linking people and resources with high-speed, real-time communications. Unfortunately, this wonderful infrastructure is the tool of choice for hackers and malware distributors. Once your organization installs an Internet connection, the world is at your door—or rather, at the fingertips of every employee. That world includes both potential customers and potential attackers.

Without a global communication infrastructure, hackers had to be physically present—wired in—in or near your building to launch attacks. With the advent of the Internet and wireless technology, any hacker anywhere can initiate attempts to breach your network security. Often, attacks are not targeted at your particular organization, but rather at a specific operating system, communication protocol, or software vulnerability. It is helpful, therefore, to think of the Internet as a threat. It is not one that you should lightly dismiss, nor should you discard the Internet as a powerful tool. The benefits of Internet access are well worth the effort and expense you should expend to defend against its negative features.

Some of the best defenses against Internet threats include a well-researched and written security policy; thoroughly trained personnel; use of firewalls to filter traffic; intrusion, detection, and prevention systems; use of encrypted communications (such as VPNs); and thorough auditing and monitoring of all user and node activity.

Again, perfect security solutions do not exist. Some form of attack, compromise, or exploit can get past any single defense. The point of network security is to interweave and interconnect multiple security components to construct a multifaceted scheme of protection (that is, defense in depth).

The goal is to balance the strengths and weaknesses of multiple security components. The ultimate functions of network security are to lock things down in the best way possible, then monitor for all attempts to violate the established defense. The perfect lock does not exist, so improve on the best locks available with auditing and monitoring. Once you know this, your next step is to understand the common network security components and the best uses of each.