Securing IT networks

The operating systems of most modern computers contain a built-in personal firewall, meant to protect that individual computer from external attack. Many PC security packages replace the operating system firewall with their own, which is intended to be more effective and easier to use.

If you have a computer that did not come with a personal built-in firewall, buy or download one immediately (some of the well-known free products are highly effective).

If you only have one computer connected via a router to the internet, a personal firewall is probably all that you need. However, most SMEs will have many computers on their network and will want to share data between them, while ensuring adequate protection from outside attack. In this case you will need a secure local area network (LAN) and one or more network firewalls separating your LAN from the internet. Find out more about network firewalls and designing secure networks.

If your business operates from more than one site, you will probably want to share information securely between them. There are two ways you can do this. You can create your own wide area network using private cables or leased circuits, or you can create a virtual private network (VPN) using encryption over a shared bearer (eg the internet). In either case, it will be your network firewalls that control secure communication between different locations.

Wireless networks bring additional security problems, because anyone within range of the wireless router can potentially listen in or even join the network.

You may want business partners or employees to be able to access your internal networks remotely, but you will probably wish to limit what information they can access.

If (despite your best efforts) your network is attacked, you need to know about it. You also need to know if your network is successfully resisting attempts.