Antivirus and firewalls are well-known methods of protection for your computer but there are other less known methods which are no less effective in keeping out hackers and malware. The advantage of this is that most hackers are unlikely to have a countermeasure in their arsenal. Only the very best of hackers can break into a network that is protected by antivirus, firewall and any of the methods shown below.
Basically, in a network audit, a company hires network specialists or people who specifically work as network auditors to fully examine the network. An audit can be done before the network itself is created or it can be done as a form of regular checks on the system done in intervals like once a week. An auditor should concern himself with an inventory of LAN (Local Address Network), connected workstations, hardware and software.
An auditor should also be asking how many people the network will serve, how many servers will be needed and what kind of operating systems will do the job best to ensure maximum security. An auditor should also consider what kinds of virus protection mechanisms the network should employ. An auditor’s main concerns are both security and financial based. He is supposed to keep the network as safe as possible yet not go on overkill with the security so that the company only needs to spend as much as necessary. Most importantly, a network auditor has to consider what type of and how to configure a firewall so that it works best with the network in mind.
Intrusion Detection System (IDS)
An intrusion detection system is usually used in conjunction with a firewall as a form of precautionary measure. As its name implies, an IDS detects any intrusion into the system (i.e. an illegal entry attempt by a hacker) as firewalls are not full proof. An IDS runs in the background and silently monitors the network for any suspicious activity. If an intruder is detected, most IDSs will log the IP (Internet Protocol) address of the offender together with the time of the offense.
This will aid in criminal prosecution if there is a need to do so later on. IDSs are not necessary for normal day-to-day users but rather for expensive networks which contain a lot of valuable information and data. An investment in an IDS may not be profitable in the short run but in the long run, it will benefit the company. Whenever there is an intruder, the system administrators are notified and the intruder is usually flushed out of the system. The system administrators may even choose to send him a message before expelling him from the system.
The somewhat automatic version of audits, a vulnerability scanner’s job is to scan thoroughly through a system and identify any network loopholes that it is aware of. Vulnerability scanners are highly limited when compared to audits as these programs can only scan for vulnerabilities which it has in its database. Unlike humans, it cannot identify and fix some more complicated loopholes that may be present in a large network. However, vulnerability scanners provide an easy and convenient way to identify and fix common loopholes in a system and are definitely much cheaper than hiring a human auditor. This option should only be considered by medium to small-sized networks which do not contain data that is too sensitive. This technique is only useful in keeping out the average hacker. More advanced hackers can beat it fairly easily.
There is always a conflict between cutting cost and maximizing protection. Overspending on defense mechanisms are undesirable as, beyond a certain level of protection, network attacks or intrusions become highly unlikely anyway. At the same time, the marginal profits a company makes by not investing at all in network defense could be wiped out and even turned into severe losses in the event of a single network attack. Hence a compromise must be reached depending on the size or function of the company or network. With the variety of protection methods available and the number increasing every day, this becomes easier and cybercrime is gradually becoming harder to commit.
There is always a conflict between cutting cost and maximizing protection. Overspending on defense mechanisms is undesirable as, beyond a certain level of protection, network attacks or intrusions become highly unlikely anyway. At the same time, the marginal profits a company makes by not investing at all in network defense could be wiped out and even turned into severe losses in the event of a single network attack. Hence a compromise must be reached depending on the size or function of the company or network. With the variety of protection methods available and the number increasing every day, this becomes easier and cybercrime is gradually becoming harder to commit.Back to Jump
Reference
Evaluation of Vulnerability Scanners
http://img.cmpnet.com/nc/1201/graphics/f1-detect-results.pdf
Intrusion Detection
http://www.techbusiness.ws/intrusion_detection_systems.html