Continued from page 1
Have you defined a DMZ? - If you manage a network for a company, you should reexamine your firewall strategy to ensure that you have a proper DMZ. What is a DMZ? To simplify it a bit, it's a way to protect your application servers even if your web servers are compromised. You have your core application systems behind a firewall. On outside of that firewall you place your web servers. Then to protect them you put another firewall.
Is your virus protection adequate? - If you haven't installed antivirus software by this time, shame on you. It does not matter whether you run a network of ten thousand computers or a cheap home system, you'd better have this basic application not only installed, but regularly updating.
Is your system patched properly? - All vendors release software with bugs. It is responsibility of all system managers to periodically review operating system and applications patches and releases and update them as needed. Remember, even Apache web server is ridiculously insecure if not properly patched.
Are you educated on security? - If you haven't already, look around and find some books, classes or information about security. Become educated as fast as you can. Once you understand security, then propose, plan and implement what you have learned.
Do you perform background checks on IT related positions? - All new hires into IT should have thorough background checks before they are hired. You should also check backgrounds of all of your IT consultants. It's best to know who you are hiring before you hire.
Is your user community educated about security? - Perhaps one of best tasks you can perform is to educate your users on good security practices. Emphasize reasons why security is important and how it protects your users. I usually stress that security penetrations are a direct threat to their employment. Spend some time explaining and demonstrating how social engineering works - this is number one way break-ins occur.
Do you have a working disaster plan? - To be perfectly prepared, ensure that you have a working, tested, debugged disaster plan ready at all times. That way if for some reason your primary systems are rendered useless you can still have a running company.
Is your security plan confidential? - The less information you have available to evil-doers better. Keep any information about how your systems are secured confidential - treat it on a need-to-know basis.
Remember this important fact. As of September 11th United States and all of free nations are in a war. And when your country is in a state of war you had better be prepared to be attacked. It's only sane thing to do.
Richard Lowe Jr. is the webmaster of Internet Tips And Secrets at http://www.internet-tips.net - Visit our website any time to read over 1,000 complete FREE articles about how to improve your internet profits, enjoyment and knowledge.