Network and Application Controls for IT Security

Network and application controls will help your company protect its IT infrastructure from unauthorized access. IT security experts believe that by limiting access to your corporate information systems with carefully selected controls, your business can

August 26, 2011 by Alex Collins, IT Services Consultant

Network and application controls will help your company protect its IT infrastructure from unauthorized access.  IT security experts believe that by limiting access to your corporate information systems with carefully selected controls, your business can protect itself from the potential damages that unauthorized access can cause.

 Top five network and application controls Most cyber security experts believe that the best defenses for your corporation’s IT infrastructure should include a combination of network and application controls.  These controls, when implemented properly, will limit who can access your business’s information systems.  In order for your corporation to protect its information systems, security consultants have identified the following five network and application controls:  1.    Boundary Defense Multi-layered defenses need to be in place for all information systems that are accessible through the internet.  By locking down access to your company’s IT infrastructure with firewalls, proxy systems, and limited router access, your IT environment will become less vulnerable to outside cyber threats.
  • Security consultants advise that your company use blacklists to block known malicious or infected IP addresses.
  • IT security consultants recommend that your company install an intrusion detection system on the firewall’s DMZ port to help monitor network attacks.
2.    Wireless Device Control Wireless access points and devices need to be secured.  Security consultants also recommend that the “auto-connect” feature on your business’s wireless devices such as smart phones, tablet pcs, and laptop computers should be disabled.
  • Wireless configurations for access points should be centrally administered with configurations that allow only specifically authorized devices to connect.
  • Network vulnerability scanning tools should be configured to detect all wireless access points that are connected to your corporation’s network.
  • Wireless intrusion detection systems (WIDS) should be used to identify network attacks and rogue wireless devices that attempt to connect to your business’s wireless network.  IT security experts recommend that automated reports should be generated any time unauthorized access is attempted.
3.    Application Software Security All applications that are installed on your business’s information systems need to be tested on a regularly scheduled basis.  Regardless of whether applications are created in-house or are third-party, cyber security experts recommend that any time your company decides to install a new application it do pre-deployment testing to ensure that the application does not introduce security risks to your company’s information systems.
  • Web applications should be tested using Open Web Application Security Project (OWASP) methodologies prior to implementation.  Cyber security experts recommend testing your systems with these methodologies because they are created by industry experts who understand the nature of cyber threats.
  • All in-house developed software should reference a whitelist of acceptable input sources and data types before allowing any data in or out of the program.
  4.    Malware Defenses In order to protect your company’s IT infrastructure, all operating systems must have updated antivirus locally installed.  IT security experts caution that a single, unpatched workstation can infect your business’s entire IT environment and potentially cause catastrophic damage.
  • Cyber security experts advise that as standard practice, all antivirus solutions should be scheduled to run automatically and then report to the system administrator any time a suspicious file, program, etc. is identified.
  • All laptops, workstations, and servers should be configured to automatically run an antivirus scan anytime an external device such as a USB drive is attached.  Additionally, IT security experts recommend that the “auto run” feature for all external devices is disabled.
  5.    Continuous Vulnerability Assessment and Remediation Automated vulnerability scanning tools should be used on a weekly—or more frequent basis, depending upon your business’s needs.  IT security consultants recommend that all of your business’s information systems should be scanned regularly and that any unusual reports be examined immediately.
  • Automated scan results should be compared to previous scans to ensure that any detected vulnerabilities have been properly repaired.
  • Detailed external and internal vulnerability assessments should be performed annually to ensure that security controls will protect your business’s information systems against the latest cyber threats.
Learn more Network and application controls can help your business protect its information systems against many potential cyber threats.  To learn about other sets of controls that will help your company create an effective cyber defense plan, please see the upcoming articles in this series.  To learn more about how network and application controls can be customized to meet your business’s particular needs, please contact the IT services experts at All Covered at 866-446-1133.