Viruses and other malwares can penetrate a network through the user/workstation; this is often attributed to user negligence and the lack of corporate I.T. policy.  Intrusions are network centric - attack the network and you control the entire infrastructure.  So it is of utmost importance that your network is fully secure and 99% unpenetratable.  Sadly, most of the network installed are hard on the outside and soft on the inside.

Nortel Corp. senior security solutions manager Pamela Warren provided some tips to protect your network that will lower training costs and speed the introduction of new security capabilities:

1. Use a layered defense. Employ multiple complementary approaches to security enforcement at various points in the network, therefore removing single points of security failure.

2. Incorporate people and processes in network security planning. Employing effective processes, such as security policies, security awareness training and policy enforcement makes your program stronger. Having the people who use the network (employees, partners and even customers) understand and adhere to these security policies is critical.

3. Clearly define security zones and user roles. Use firewall, filter and access control capabilities to enforce network access policies between these zones using the least privileged concept. Require strong passwords to prevent guessing and/or machine cracking attacks, as well as other strong forms of authentication.

4. Maintain the integrity of your network, servers and clients. The operating system of every network device and element management system should be hardened against attack by disabling unused services. Patches should be applied as soon as they become available, and system software should be regularly tested for viruses, worms and spyware.

5. Control device network admission through endpoint compliance. Account for all user device types, wired and wireless. Don't forget devices such as smart phones and handhelds, which can store significant intellectual property and are easier for employees to misplace or have stolen.

6. Protect the network management information. Ensure that virtual LANs (VLAN) and other security mechanisms (IPsec, SNMPv3, SSH, TLS) are used to protect network devices and element management systems so only authorized personnel have access. Establish a backup process for device configurations, and implement a change management process for tracking.

7. Protect user information. WLAN/Wi-Fi or Wireless Mesh communications should use VPNs or 802.11i with Temporal Key Integrity Protocol for security purposes. VLANs should separate traffic between departments within the same network and separate regular users from guests.

8. Gain awareness of your network traffic, threats and vulnerabilities for each security zone, presuming both internal and external threats. Use antispoofing, bogon blocking and denial-of-service prevention capabilities at security zone perimeters to block invalid traffic.

9. Use security tools to protect from threats and guarantee performance of critical applications. Ensure firewalls support new multimedia applications and protocols, including SIP and H.323.

10. Log, correlate and manage security and audit event information. Aggregate and standardize security event information to provide a high-level consolidated view of security events on your network. This allows correlation of distributed attacks and a network-wide awareness of security status and threat activity.

Regardless of the size of the organization or the depth of the capabilities required, secure networking must be an inherent capability, designed into the DNA of every product. By following the steps described above, companies will have the right approach for securing their increasingly mobile, converged networks.

**********

Announcement: Watch out for the Powertips 2006 "Security Secrets and Strategies" conference.

For your questions, comments, suggestions, press releases and stories, please e-mail techtvhost@yahoo.com.  God Bless us all!!!