Subscribe by Email


Saturday, November 9, 2013

Security management practices followed in home and small businesses

As there are different kinds of networks and different scales, there are different types of security management for them. In this article we shall talk about how security management is done in the home and small businesses. Given that the complexity is lower in these cases, only basic security is required for a small office or at home. When you compare this with higher scales, where a lot of effort and maintenance is required for the large businesses and large institutions. In the home and small businesses, regularly used hardware and software is used (and not the sophisticated ones when compared to the sophisticated hardware and software that is used for the prevention of spamming, hacking and other kinds of malicious attacks in larger installations). Here we list some basic points for security management at home and small office:
- A basic firewall can be installed or even a unified threat management system can be used.
- A basic antivirus software will do the task if you are working in the windows environment (as long as regular data patches and software updates are installed).
- Other software that can be installed for security include anti – spyware programs. A number of anti – virus and anti – spyware software are available in the market.
- If you are using a wireless connection, you must take care to secure your system with a robust password. A number of security methods are supported by the wireless devices, so try to use the strongest of those methods such as the AES, WPA2. A wide range of devices are supported by the TKIP. But they can only be used in the cases where there is no compliance with the AES.
- While using wireless networks, the default SSID name of the network must be changed. Another security measure that can be taken is to disable the SSID broadcast as this is not required for the home use. This can be easily bypassed by the use of modern technology and if the attacker has some knowledge regarding how the wireless traffic can be detected.
- You can enable the MAC address filtering for keeping track of all the MAC devices that are on that network connected to your router. Even though strictly this is not a security feature, it does can be used for limiting and monitoring the DHCP address pool for the attackers by both AP association and exclusion. However, it does make for more settings to be done by the home or small business, which can start to become complex.
- Static IP addresses can be assigned to the devices connected to the network. This is done for complementing the other security features and to make the AP less desirable to the attackers.
- The ICMP ping on the router must be disabled.
- You can even review the logs of the router and the firewall for the identification of any abnormal traffic or connection if any is there.
- Passwords must be set for all the accounts (and not common passwords such as pass1234, etc; make these hard to guess with a combination of upper and lower case letters, number and special characters). You can set these up randomly - for example, one of my passwords is 5Gtf$&^hsTF23%3G. Such random passwords cannot be guessed and more sophisticated techniques would need to be used to break such passwords (and don't use the same passwords for multiple services).
- If you are using a windows operating system, you can create multiple accounts for the family members to limit all the activities.
- Children of the family must be given lessons about the information security.

Security management is about identifying the important assets of the user that of course includes the information assets and checking whether the policies protecting these assets are implemented properly. It is also about protecting these assets from loss. It identifies the critical assets and focuses on protecting them first. The potential threats to the system are assessed. Then measures are taken for eliminating or minimizing these threats. The security risks are managed by the virtue of the risk management principles. It involves identification of the risks, assessment of the effectiveness of the control strategies, determination of the consequences. The risks are identified by means of the impact they can have. The identified risks are classified and appropriate response is selected for each. 


No comments:

Facebook activity