Computer Security > Small Business Security Computer Checklist

Step 6 – Secure Your Private Network

When you connect a group of computers at your workplace in order to share files, a printer, or other resources, you create a private network. It is important to take steps to control access to this network - from both outside and within your organisation - to protect your information and network operations. You also need to pay special attention to security settings if you set up a wireless network.

Key point: Make sure all the employees using network-connected PCs use strong passwords and only let a few individuals have administrative privileges on your company network.

On This Page
More about private networksMore about private networks
How to secure your networkHow to secure your network
Wireless network securityWireless network security

More about private networks

Private networks typically come in two types: peer-to-peer and server-based. If you are connecting just a few computers at your business, you may use a peer-to-peer network that enables employees to directly access the files on each other's computers. If you're trying to share files and resources among a large number of computers, you may have a server-based network. With a server-based network, your workplace computers (also called clients or workstations) connect to a server that provides efficient, centralised storage for shared files, access to shared resources such as a printer, and special software to manage the network.

Whether your network is peer-to-peer or server-based, you want to keep hackers and other unauthorised outsiders from gaining access to your private network. And you also want to control access to your network from within your organisation.

How to secure your network

Here are five things you can do to safeguard your network from attacks and protect information stored on your network computers.

1. Consider a hardware firewall
A software firewall such as the Windows Firewall in Windows Vista and Windows XP helps protect individual computers from Internet-based attacks. But hardware firewall devices are a good choice for networks because they can provide protection for all computers on the network at the same time. If your business has a high-speed Internet connection such as cable or DSL, consider installing a piece of equipment called a router that can act as a hardware firewall. A router is typically installed between the modem that delivers your Internet service and a workplace computer or server.

Hardware firewall devices are supported on networks that run Windows Small Business Server (SBS) 2003 R2, a server solution designed for small businesses. SBS 2003 R2 Premium Edition also comes with an advanced software firewall called Internet Security and Acceleration Server 2004. You get tools to manage and monitor Internet access, block spammers, and automatically remove dangerous e-mail attachments to prevent virus attacks.

2. Keep software up to date on workstations
Having up-to-date software on your workstations is key to protecting your private network from attacks and malicious software. You can use the Automatic Updates feature in Windows Vista and Windows XP Service Pack 2 (SP2) to ensure that critical updates are downloaded and installed on your computers and servers.

If you have a server that runs SBS 2003 R2, you can automate the delivery of updates to all the computers on your network using Microsoft Windows Server Update Services (WSUS). Patches are downloaded once, stored on your server, and then pushed out to other computers on your network. Each day, you receive a report showing you your software is up to date or detailing steps you need to make your computers more secure.

3. Protect your systems against viruses and spyware
All computers on your network should have antivirus software and antispyware installed that is continually updated against the latest threats. To protect your SBS 2003 R2 server, you can use third-party antivirus software that is compatible with Windows Server 2003 and Exchange Server 2003.

4. Require employees to use strong passwords
Requiring your employees to use passwords to log on to workstations or your network can help keep unauthorised users from accessing company information. Educate your staff about the importance of creating "strong" passwords that are difficult for hackers and intruders to guess or discover. A strong password should have the following characteristics:

Be at least eight characters long

Have a combination of lower and upper case letters, numbers, and symbols

Be significantly changed at least every 90 days

Because complex passwords can be difficult to remember or are often written down, you may want to consider alternatives to passwords. Windows Vista includes support for alternative authentication methods such as biometrics or tokens.

5. Restrict employee computer privileges
Limiting what employees can do on workstations can also help keep your network more secure. Many organisations routinely give users administrative privileges to their computers, which allows them to perform any operation on their computer. However, by setting up an employee with a limited user account rather than an administrator account, you can prevent them from downloading an application that may contain a virus or other malware.

Windows Vista includes User Account Control, which can minimise the risk of users making changes that could destabilise their computers or inadvertently expose the network to viruses.

Wireless network security

If you have a wireless network, take time to set up the security features that come with a wireless router or access points. Wireless networks use a radio link instead of cables to connect computers and anyone within radio range can theoretically "listen in" or transmit data on the network. Freely available tools allow intruders to discover insecure wireless networks.

To offset the risks, turn on and use the encryption and access control features that come with your wireless equipment. Most wireless hardware vendors now offer network equipment that supports Wi-Fi Protected Access (WPA), the latest wireless security specification. Both Windows Vista and Windows XP SP2 computers support WPA.


Seven Steps to Better Security

1. Update Your Software
2. Install Virus and Spyware Protection
3. Set Up a Firewall
4. Back Up Your Data
5. Guard Against Computer Theft
6. Secure Your Private Network
7. Create a Security Plan

Tell Me More

You can deploy the SBS 2003 R2 software firewall in conjunction with the Windows Firewall that comes with Windows Vista and Windows XP. The SBS 2003 R2 firewall services defend against external threats such as hackers or malicious attacks. The Windows Firewall on the computers connected to your server help provide defence against internal threats that get past your server firewall.