Right Ways to Protect Your Net -keep viruses and hackers from scoring

Businesses can bolster network security in various ways--some of them more effectively than others. Experts in the field tell how they keep viruses and hackers from scoring.

You can learn a lot from Major League Soccer, as well as from the other security-conscious companies PCWorld talked with during a month of interviews for this article. PCW spoke with network administrators who were struggling to keep up with hackers and malcontents. PCWorld also talked to security experts, who say that while no company can be totally secure, all could come a lot closer to 100 percent safety if they took additional precautions.

The Right Ways to Protect Your Net

Brad Grimes
From the September 2001 issue of PC World magazine

In this story ...The Right Ways to Protect Your NetDecisions, DecisionsCase in Point: Volkswagen's Hard-Driving FirewallsCase in Point: Marshall and Ilsley Bank Profits From Virus ProtectionCase in Point: University of Michigan's Healthy Approach to SecurityGet The MessageVital Stats: Projected IM GrowthProduction-Savvy Laserjet 9000Sign on the Dotted Line

Who was trying to break into Major League Soccer's network? The question dogged Joseph Dalessio, network administrator for the New York-based league. "Either there were a lot of guys who wanted to try out for MLS teams, or they were gamblers looking for information that could affect the outcome of games," he says.

In January, Dalessio decided it was time to take stronger measures to protect the league's network. "We have a small user base--just over 500 people in 13 offices," he says. Even a single hacker-related outage could have been devastating, hitting everyone on the league's wide area network. So he deployed Cisco Secure PIX firewalls at league headquarters and at the 12 team offices.

Aside from rolling out the new, robust firewalls, Dalessio tweaked the network's infrastructure. For example, he took the old WatchGuard Technologies Firebox II system that had provided firewall protection for the league's previous network infrastructure and dedicated it to defending the remote-access servers that allow mobile workers to call in to the network. He broke monitoring and filtering functions away from the firewall and used SurfControl's SuperScout software to set up separate systems. And rather than add

Virus protection at the firewall level, he decided to use McAfee's WebShield E50 appliances to scan incoming e-mail for the presence of viruses and other malicious code.

"We've had one-tenth of the intrusion problems that we had before," says Dalessio. "And when the Love Bug [virus] and its offspring hit, we were unscathed."

"It is becoming harder to keep track of security issues and how to defend yourself," says Lance Hayden, formerly of the CIA and currently manager of professional services in the Cisco Secure Consulting Services group. "Once you build a better mousetrap, hackers build better mice. But companies can do more to protect themselves. For example, passwords present a common problem. Make them too strong, and employees write them on sticky notes attached to their monitors. But [passwords] need to be stronger. When we do security audits, we can crack up to 70 percent of network passwords."

Better password protection is just one way to keep your network safe. Options for improving security range from perimeter firewalls and intrusion detection systems to virtual private networks and identity authentication products. But you can't just throw them all at your security holes and sleep well. You need the right solutions for your company's unique situation. .

Click here to continue reading this indepth article at PCWorld .