Tips for Securing Your Network

When computer networks were isolated within the walls of offices, an Internet connection was a luxury and not a critical component of business functions. That has now completely changed for businesses that rely on computers to acquire and deliver services. Customers, business partners, remote office locations, and mobile workers expect connectivity to your office network. This interconnected nature of networks opens doors to new levels of productivity; and to threats that can disrupt business.

Securing your network should not be an afterthought; it just makes business sense. The benefits of a secure network are numerous:

It is more reliable, has fewer problems, and consequently costs less to maintain.
It improves productivity across all your stakeholders: customers, partners, and employees.
It protects your investment in bandwidth by controlling abusive use and unwitting hosting.
It lowers your exposure to legal and regulatory action.

In this article I highlight numerous tips for securing networks. This information was gleaned from research of published industry best practices and tips from government sites, such as the FCC, and from our own experience in supporting business networks.

The tips presented here can significantly enhance your computer network security. Do note, however, that no one can guarantee absolute security. You need to carefully balance the requirements for implementing security with proper investments in time and money, while keeping business objectives squarely in mind. These tips are organized into a few key strategies.

Employee Education and Policy Strategy

Provide Security Training: All employees, includes managers and executives, should be educated on basic security practices and how to protect sensitive business information. Establish policies and rules, including penalties for violating them, on how to protect sensitive data and make training available on a regular basis. Topics include: whether and when to use Web for personal use on office computers, instant messaging, social networking sites, streaming video and music, if and how company monitors Web usage, prohibited activities, tips for safe browsing, common techniques used by hackers and how to avoid falling prey.

Use Strong Passwords: Passwords are the most common method for gaining access to network resources. Unfortunately, they are also easy to hack through the use of automated tools. Train staff to use their passwords as they would their home keys: don’t leave them lying around and don’t share them. Strong passwords typically use a combination of letters, numbers and symbols, are at least 8-characters long, are changed every quarter, and differ significantly from previous passwords.

Regulate Access to Information: You probably don’t want to give everyone full access to everything. The judicious use of network user groups and permissions ensure network resources and data are available on a business need basis and that the Administrator account is only provided to trusted resources and executives and used only when necessary. Many line-of-business applications support roles, such as Sales, Operations, Accounts Payables, etc. to provide access to data they maintain on a business need basis.

Internal Network Strategy

Implement Backup and Disaster Recovery Procedures: Core business data is the lifeblood of any business. Implementing a multi-level backup procedure; image, file and folder, and offsite, is a simple way to protect critical data. Backup and Disaster Recovery (BDR) appliances take this a step further by helping you quicken server recovery in case of failure. Testing your backups periodically is an important component of any backup strategy.

Implement Desktop and Server Virus Protection: These software solutions have been around for a long time and they continue to evolve as threats evolve. Keep your anti-malware software current and its definitions current.

Patch Desktops and Servers Regularly: Security vulnerabilities in the operating system and in applications are regularly addressed by reputable software vendors. Take advantage of them. Keeping security patches current from your software vendors protects your computer from known attacks and vulnerabilities. Again, there are centralized patch management tools that make the process less time consuming.

Centralize Computer Administration: By implementing a server and applying a group policy across computers, you can standardize the process and save each user the time it takes to implement configurations one computer at a time. There are tools to centrally manage virus updates, security patches, desktop firewall, permission groups, and other security features.

Secure Physical Access: Do not overlook the physical location of your critical network infrastructure. These should be accessible to trained and trusted employees. Keeping this infrastructure secure in a locked room or server closet will reduce inadvertent or fraudulent access or change to network.

Secure WiFi Access: WiFi access to the network enables even mobile employees to be productive. Data, as it travels over the air is typically less secure than when it travels over wired networks. Information traveling over the air is at risk of interception. Use wireless data encryption protocols to ensure that data is encrypted during transit from source to destination to protect against risk or interception. Also, setup wireless access point for guests on a separate subnet so they can access the Internet but not your network.

External Network and Perimeter Strategy

Consider Outsourcing Email Services: Corporate email has become mission critical for businesses of all sizes. If you do not have a mission-critical application support infrastructure internally, consider outsourcing your email infrastructure. The widespread availability of such solutions from key industry vendors makes these affordable. And you can leave the worry of securing and maintaining such infrastructure in the hands of those that do it 24×7.

Secure the Perimeter: Connecting your network to the Internet allows you and your employees to gain access to valuable data and be productive even when on the run, but it also exposes your network to attack from intruders. Most small businesses use consumer grade routers/firewalls to protect the edge of their network that is right behind the broadband modem. Though these devices have grown in functionality, they aren’t equipped to handle the perimeter security needs of a business. With business grade routers/firewalls/UTM (Universal Threat Management) appliances, you gain a powerful hardware platform that provides ability to filter malicious traffic and spam from the outside, receive regular security updates, provide secure remote access, implement intrusion detection and prevention services, and prevent infectious code from executing from trusted but compromised sites.

Stay Informed and Vigilant: There are numerous industry and government sites dedicated to network security. Stay informed as data and practices continue to evolve. Business-grade UTM appliances are designed to be monitored remotely from security operations centers and to send reports and alerts that may need attention.

Request Links to Related Resources

If you found this topic of interest, I encourage you to request a list of additional resources you can download at no cost. Simply email: info@rcare-solutions.com with the words “Network Security Tips” in the Subject line.

Protect People And Property With A Monitored Home Security Network

A monitored home security network provides homeowners an affordable and effective way to keep occupants safe and protect their investment in the house and its contents. These services monitor the property around the clock and every day of the year. Alarm systems alert the service provider in the event of burglaries, fires, medical emergencies, floods and other situations where the home’s occupants are in need of help.

The standard alarm system to prevent burglary or theft is a basic closed circuit that surrounds the house. Installers typically attach sensors to the hardware in doors, windows and other entryways. As long as the system remains activated, if someone forces open the window or door, the sensors will sound the alarm.

Systems installed outdoors often have motion sensors. If anyone walks near the sensors, bright lights will be turned on, thus exposing the intruder. This is often enough of a deterrent to convince the intruder to leave immediately.

Pet owners used to stay away from motion detectors because they were worried about false alarms. With advancements in technology, certain motion sensors are able to distinguish between humans and pets. The sensors use mass and weight parameters to tell the difference between a small pet and a human.

The system will usually include a digital keypad installed somewhere near the front entryway. Homeowners use a personal code to arm or disarm the system. The keypad may also provide a convenient and fast way to contact local police, fire and other emergency responders.

Some systems also include a keychain remote. With the remote, the homeowner can control the alarm system from anywhere inside the house with no need to walk to where the keypad is installed. The portable remote also works from outside the house within a certain distance.

Consumers should purchase a system that has battery backup. This feature is especially valuable in areas that frequently lose power due to storms. An emergency backup lets homeowners rest assured their property remains protected without interruption.

To discourage trespassers, homeowners can display yard signs and window decals in strategic places. Decals and signs indicate the property is protected by an alarm system. Burglars usually look for an easy target to exploit. They are far more likely to move along when they see any evidence of an alarm or surveillance system on the property.

Consumers can choose a system with a control panel that doubles as an intercom with two-way communications capabilities. With this setup, the control panel will respond to voice commands from almost anywhere inside the house. Residents can still request help from an emergency dispatcher even if something is preventing them from interacting directly with the control panel.

Homeowners with a reliable monitored home security network know that help will be on the way at the first sign of a fire, break in or any other type of emergency. They can relax when they travel knowing their property is under protection 24 hours a day. Purchasing a security system is a wise investment because it can save lives and protect your property.

Ant Colony Optimisation for E-Learning Applications Over a Secure Network

This work was initiated when Paraschool, the French leading e-learning company contacted the INRIA research center to conceive an automatic algorithm that would allow the relatively rigid albeit functional existing Paraschool software to behave differently depending on user specificities. After several brainstorming sessions where neural networks, evolutionary algorithms and other artificially intelligent techniques were considered, it appeared that swarm-like algorithms could be used, thanks to the great number of actual users (more than 10000) and more especially ant-based probabilistic optimisation that could easily be grafted on the existing pedagogical graph constituted by the Paraschool software.

Moreover, Ant Colony systems present the interesting property of exhibiting emergent behaviour that allow individuals to benefit from the dynamic experience acquired by the collectivity, which means, in pedagogic terms that a student could benefit from the pedagogic lessons drawn out of his peers’ successes and failures.

The implementation of these algorithms yields results that go beyond the requirements of the Paraschool company which will soon be experimenting in real size the automatic dynamic optimisation of the pedagogic graph (their set of interconnected lessons and exercises) implemented by their software. This paper successively presents a concise description of human-learning concepts and their software implementation, a short description of the technical implementation of the Ant-Colony based optimisation algorithm and a discussion on the use of various selection operators. A set of experiments is then conducted, showing that erroneous arc probabilities can be automatically corrected by the system.

II. ELEMENTS ON THE PHILOSOPHY OF LEARNING

The main concepts of teaching and learning used nowadays are still very old. The two main currents are Constructivism, that was elaborated by Kant and Behaviourism: a theory that came from Pavlov’s experiments.

A. Constructivism

In 1781, Kant tried to synthesize rationalist and empiricist viewpoints. Kant sees the mind as an active agent, that organizes and coordinates experiences. Along these lines, Piaget states that knowledge is not simply “acquired,” by children bit by bit, but constructed into coherent, robust frameworks called
“knowledge structures.” Children are not passive absorbers of experience and information, but active theory builders. Papert, a mathematician, and one of the early pioneers of Artificial Intelligence (he founded the Artificial Intelligence Laboratory at MIT), worked with Piaget at the University of Geneva

IV. IMPLEMENTATION OF THE ANT COLONY:

ALGORITHMIC OVERVIEW

All nodes (html pages) of the new Paraschool software now contain a new ACO-powered NEXT button that leads the user along an arc chosen by a selection algorithm (see section V), based on the probability associated with the arc. This probability is computed by taking several factors into account in the design of a weighted fitness function described in the next section. These factors are the following and play at both
the individual and collective levels:

A. Pedagogic Weights: W

This pedagogical weight is the main value of each arc. It is implemented as a static (i.e. “global”) variable (W), accessible to all ants. (W) is set by the Paraschool teachers and reflects the relative importance of the arcs that come out of a particular node. In other words, the teachers encourage the students to go toward such or such exercise after such or such lesson by giving the corresponding arc a higher weight. This valuation of the graph describes the pedagogic structure that will be optimized by the ACO algorithm

B. Pheromones: S and F

There are two kinds of pheromones that can be released on arcs to reflect students’ activity:

S: success pheromone.
This floating point value is incremented by ants/students on the adequate incoming arcs when
they are successful in completing the corresponding exercise.

F: failure pheromone.
This last value is S’s counterpart for failure. These pheromones are released not only on the arc that
led the ant to that node but also on previous ones in the ant’s history with decreasing amplitude.

This is meant to reflect the fact that the outcome of a particular node (exercise) is influenced by all the nodes (lessons, exercises) the ant went through before but with an influence that, of course, diminishes with time. For obvious pragmatical reasons, this “back propagation” of pheromone release is limited in scope (atypical value of 4 has been agreed upon). To illustrate this, let us consider an ant that went through nodes A,B,C,D,E,F and that reaches node G. When it validates node G with success, 1 unit of success pheromone is dropped on arc (F,G), 1/2 unit on arc (E,F), 1/3 of a unit on arc (D,E) and 1/4 on arc (C,D). In addition, to allow for dynamic adaptability of these pheromone amounts (S and F), evaporation is performed on a regular basis, usually every day, by reducing S and F in a given proportion _ typically around 0.999.

CONCLUSIONS AND PERSPECTIVE

Paraschool wanted a smart automatic system that could adapt to different users without manual intervention, which would be totally unrealistic to envisage on 10000 students. The ant-based system described in this paper not only offers such automatic features by gradually modifying pedagogic paths suggested by teachers using collective experience and by making the structure individual-specific thanks to variables such as H but also comes up with emergent informations that can be used as a refined auditing tool to help the pedagogical team identify the strengths and weaknesses of the software and pedagogic material.

From a more theoretical standpoint, this work can be seen as a new take on Interactive Evolutionary Computation where the solution to a problem is gradually constructed and modified by multiple interacting entities with different and possibly opposite goals. A creative and robust compromise can be reached that balances all the influences and constraints, which allows all participating entities to benefit from an emergent culture and to enhance their decision making processes accordingly. This suggest a great deal of new and exciting applications in the field of Collective Cognition Modelling and Collective Evolutionary Design.