Chapter 15. Managing Network Security

To this point the primary focus has been on best practices for securing a network. The rest of this book will focus on how to monitor and enforce the security policy that is in place. This is another area where organizations often fall short. After gathering the requirements, putting together a strong security policy, and locking down the network, employees and administrators will allow security practices to lapse. New equipment is not properly secured and the importance of the organization's security policy is not properly stressed to new employees .

Loosening of network security occurs because administrators and managers allow it. The help desk is understaffed so employees are allowed to install their own software. A manager allows an employee to bring a wireless access point, or even a computer, from home and plug it into the network. There are numerous ways in which insecure devices are introduced into a network, but they all boil down to the same thing: Most employees (and some administrators) are not as concerned about security as they should be.

Ideally, an administrator should never have to worry about how security conscious employees are. The network should be locked down so tight that an employee should be able to set up an IRC server and use it to attack IRC servers over the world without administrators having to worry about the security implications. But the truth is that employee action, and inaction, has a tremendous impact on network security. In order to run a truly secure organization, security policies need to be continually enforced, and the network has to be constantly monitored for security weaknesses.