Government Security Computer Check List

Nobody likes to think the worst, that around every corner there is someone snooping into private information maintained by your organization. But if your enterprise operates either a wired or wireless network and has information you want to keep confidential, a little paranoia might serve you well.

Basic steps you can take


Here are four basic measures that can help reduce your network security fears.

1. Use a firewall

A firewall controls access to your network. It can block Internet intruders from probing at the data on your private network. And it can control what your employees can access outside of your network.

There are two basic types of firewalls: Hardware and software. Both work by examining data passing into your network and discarding it when it fails to meet certain criteria. Hardware firewalls are best suited for networks because they can protect all the computers on your network. They also offer an additional layer of defense because they can effectively make all your network PCs invisible to the outside world. Software firewalls, such as the Windows Firewall built into Microsoft Windows XP Professional, protect only the computer they are running on and provide a good back-up defense to hardware firewalls.

2. Use strong passwords

Most public enterprises use passwords to authenticate identity whether on computers, for building access, or for alarm systems. Though there are more sophisticated authentication systems such as smart cards and fingerprint or iris scans, passwords are most common because they are easy to use. But they are easily misused. Hackers have automated tools that help them come up with simple passwords in minutes. And crooks can use fraud to get employees to divulge passwords.

Too often, passwords are not effective for these reasons:

  • Sensitive documents have not been password protected, allowing anyone to walk up to an unsecured computer and log on
  • Passwords are weak and/or never changed
  • Passwords are written down in plain sight next to a computer

Educating your staff about the importance of passwords is the first step in making passwords a valuable network security-enhancement tool. Employees should regard their password the same way they do an office key: Don't leave it lying around and don't share it. Employees should also avoid weak and easy-to-guess passwords that include the following:

  • Their real name, user name, or organization name
  • A common dictionary word that makes them vulnerable to dictionary guesses
  • Common passwords, such as password, letmein, or 1,2,3,4
  • Commonly known letter substitutions, such as replacing i with ! or s with $
  • A password that someone knows

What does a strong password look like? It should have the following characteristics:

  • Be at least eight characters long (the longer the better)
  • Have a combination of lower and upper case letters, numbers, and symbols
  • Use 15 plus character lowercase pass phrases, long enough to be safe and easier to remember than cryptic passwords. Phrases should be easy to remember, but nonsensical, for example, coffeeeverymorn
  • Be changed at least every 90 days. When changed, passwords should be significantly different than previous passwords
3. Use wireless security enhancement features

Wireless networks use a radio link instead of cables to connect computers. As a result, anyone within radio range can theoretically listen in or transmit data on the network. Freely available tools enable intruders to sniff for insecure networks. While risks increase with a wireless network, computer-savvy crooks have tools to help them break into all types of computer systems.

There are security features built into Wi-Fi products, but manufacturers often turn them off by default because it makes the network easier to set up. If you use wireless networking, make sure you turn security features on and use the configurable encryption and access control features that can make your network more secure.

Also consider:

  • Restricting wireless access, if your access point allows it, to office hours or whenever you expect to use the network
  • Filtering out casual intruders by setting access points to restrict network access to trusted Media Access Control (MAC) addresses only
  • Upgrading to a more robust Wi-Fi Protected Access (WPA) encryption if your equipment is older
4. Close unnecessary network ports

Network ports enable communications between client computers and servers. To strengthen your network security and thwart unauthorized access, you should close unused or unnecessary network ports by using dedicated firewalls, host-based firewalls, or Internet Protocol Security filters. A word of caution: Microsoft server products use a variety of numbered network ports and protocols to communicate with the client and server systems. Blocking ports used by the Microsoft Windows Server System can prevent a server from responding to legitimate client requests, which can mean the server can't function properly, if at all.

Read more about it
Helping to secure your network: Identifying SMB network perimeters
Network ports used by key Microsoft server products
Protecting clients from network security risks
Helping to secure remote access
Helping to secure remote clients and portable computers
Learn more about remote access (including VPNs)
Configuring Windows XP IEEE 802.11 wireless networks for home and small business
Firewall frequently asked questions
**
**