Well I know that this blog has been centered around web development as well as infrastructure, but today I decided it was crucial to add a security category to our arsenal.  Security of your infrastructure is crucial not only to ensure the trust of your customers but it is also a necessity when designing your applications.

When it comes to your applications a good rule of thumb is to test all vulnerabilities and patch, because if you don’t, your intruders will. I know it seems tedious to test scenarios even when it seems impossible that it would ever happen, but believe me, there are people out there that will try anything to get into your systems.

As far as your servers and other hardware, it is extremely important to stay up to date with patches. When designing your production systems, try to think N + 2 at least. If uptime is critical look at clustering and virtualization for solutions. Yes it is very expensive but trust me when you need your applications up and available, this will show its worth very quickly. Make sure you have a reliable firewall and IPS system in place, and be as educated about your hardware as possible. Scanning packets and virus protection comes at a cost of cpu time and speed, however if you size your hardware according to what traffic peaks you get, then you should be able to ensure the safety of your network while keeping performance impact to a minimum.

We all would like to think that we are fairly aware when it comes to threats that are out there on the internet, but everyday we see new ways that hackers are attempting to exploit our systems. When dealing with large systems it is sometimes unnerving to know that even when we do our best to secure our networks, something can always make its way in. The only way to guarantee that no breach can occur is to have a closed loop network… well how many of us can do that when we need to be “connected”?

So with that in mind there are many precautions we can take to ensure that our network is fairly secure. One of the biggest exploits these days is what we call social engineering. Intruders know that most of us are fairly aware enough to not download unknown files or goto unknown sites. What if it was a site you knew was a trusted site, or so it appeared. This is where an intruder works there magic and convinces the victim they are attacking that they are from somewhere important i.e. government agency, a bank, or a trusted site. They convince the person that something is wrong and that the person needs to take immediate action to correct the problem. This is sometimes done through a seemingly authentic email, or website redirect. The person would not be able to tell the difference between the real site and the fake, except for some subtle differences that can protect you if you learn to look for them.

Being able to intrude a victim’s computer is sometimes not as beneficial to the intruder as much as the network it is connected to. When a victim falls for the con they end up opening a door on a protected network for the intruder to come in. This could happen to anyone, so what network admins need to do is to always segment their network. Don’t ever  give 1 login account access to everything. Among many other security measures, remember to NEVER share your password hackers know that most people reuse their passwords, so try to vary your passwords. I like to use different levels of passwords based on the amount of data that could be exposed if someone was able to get in.  These few things will help mitigate damage to the network if an intruder is able to get in. Believe me there are many other measures to take to ensure your security on a network, so try to gather a list and review your risks so that you can put all measures into place to keep your data safe.

A lot of programs these days need network access rights. If you make sure that your systems and applications have the correct policies that give them just enough access to what they need, then you can contain a breach fairly easy. I have learned that anything is possible, and even though your firewall can keep a lot out, it will have a hard time protecting you if the compromise comes from the inside.

Teach and make people using your network aware of exploits out there like this one https://isc.sans.edu/diary.html?storyid=12883. Not everyone watches security issues out there all the time. so when you become aware of something, make others aware also… trust me it will help keep your hair on your head!.