All of network infrastructures for any size of organizations require internet connectivity for global communication system. Email or messaging becomes a representation of formal business communication replacing fax system in some cases. Fax system is now integrated with the networking applications including voice over IP applications. Corporate web has become an essential business representation for global recognition of the businesses. All of them require a computer network infrastructure with internet connectivity.
The benefits of having internet connectivity are apparent to support the availability of business communication system, but the emerging threats from the wild internet are frequently forgotten by mostly small businesses. Even medium to enterprise class businesses provide not enough protection to the business network. There are three main elements you can implement to protect your business network: firewall, network security software and patch management.
A hardware firewall is normally used in each of the entry point for the internet to the internal network. All of the inbound traffic from the internet must be controlled and logged via a single check point – the firewall. By default configuring the firewall should deny all the inbound traffic except all the traffic which is explicitly allowed or granted. Providing the firewall is like providing the front door of your house to prevent anyone get into the house except authorized persons. Unfortunately a traditional firewall is not enough in protecting the threats up to the applications level. Much malicious software from the internet cannot be blocked 100% to flow into your private network. Therefore other levels of security defense such as network security software and patch management must be implemented as additions of the firewall.
There are many types of network security software you can implement in additions of firewall to protect your network against any threats including antivirus software and patch management.
Centralized Antivirus Software
Do you know that hundreds or maybe thousands of new viruses and worms are introduced into the wild internet each month? We don’t know the period of time it takes when new viruses or worms are sent out to the wild internet, the time they are discovered, the time new antivirus are released by the antivirus software and the last is your response time in adding the signature updates into your computer. During this period of time your computers are vulnerable to all the threats created by these new virus or worms. It is therefore, implementing a centralized antivirus application for your network security software is very important.
There are many antivirus software are designed for businesses or corporate networks by having a centralized antivirus server with automatic online updates to the vendor’s website whenever new signature updates are available. Any computers on the network will download the updates to the antivirus server instead of downloading directly from the vendor’s website. This will reduce significant bandwidth latency.
Centralized Patch Management Server
Each of the Windows-based computers is configured with automatic updates directly from the internet. In a large networking environment with Windows computers, automatic updates directly from Windows update server website is not a good practice. You can imagine how hundreds of computers downloading the updates directly from the internet at the same time, your internet bandwidth will be hogged and saturated that will disrupt the availability of the business at the end. It is therefore implementing centralized Windows update server within the corporate network is a much better solution to save your internet bandwidth.
Microsoft offers you a free WSUS (Windows services update server) system you can install in a server with Active directory system in place. You can configure the server to download the updates directly from the internet and all the computers on the network will automatically download the updates from the WSUS server. This way you can free up your internet bandwidth from being hogged by windows updates activities.
A firewall, network security software with centralized server and patch management server within the network are three essential security protections against any emerging threats from the internet.