Few people know that most of the infections can be stopped at the network level before they arrive to threaten computers and laptops.
Securing a network requires solid skills and experience that is different from the experience of securing computers. A network administrator has to implement robust policies with Acitve Directory services if he wants to bulletproof the network he is responsible of.
Internet security has tangible and intangible aspects. For novices, a network is safe if the computers have antiviruses because it is something that they can see with their eyes. For an IT pro tangible security cannot be a standalone mission; the intangible aspect of Internet security has to come into play as well under the skills that allow security to be very well configured and implemented by network administrators.
Let’s say that malware from a computer spreads across a network: how did that happen and why did it happen? Malware can spread within a network for serveral reasons such as poor user education and poor security implementation. On the users’s side, few companies educate their employees to not open dubious attachments or click on malicious links; these companies believe that a firewall should do the job together with the antivirus that protects the network. Unfortunately it is not always the case, since a firewall, to work properly, would need to be configured with rules and policies. On the administrators’ side, a network can be infected if it has few subnets and it is not split into another network with the use of smart switches.
Corporate departments should never be connected together within the same network; they should use VPN or other technologies to talk to each other, if so needed. By subdividing networks into smaller networks, the security level increases and the chances to spread malware across the network are greatly reduced.
BYOD t work is a cool feature that allowas companies to save money and users to stick to their smartphones when conducting email operations during their day to day activity. On the other hand, since smartphones can potentially download malicious apps, networks can be easily infected or eavesdropped by unconscious users. A good network policy should also allocate all these devices into a separate network so that if something potentially unwanted arises, the network’s kernel will remain immune from attacks.