6. Other security measures

6.1. Unused programs

At each 'service window' that your firewall leaves open (technical term: 'open port'), you should have a computer program. This program should be providing some sort of service to your users.

Any program which isn't being used, but which has a connection outside your network, should be shut down and the 'service window' (port) closed at the firewall. Every port which isn't specifically in use should be shut down. Admittedly, this is a 'paranoia' position - the rationale for shutting them down being that a closed port is safer than an open one, regardless of how good the program is.

6.2. Bugs & patches

Programs which you are using need to stay operational, and their ports 'open'. However, occasionally programs are vulnerable to clever attackers.

Vulnerabilities are reported to organisations on the Internet which make a point of informing the companies or groups who write those programs, and distributing the modifications that these companies or groups produce to patch the vulnerabilities.

Every so often someone in your company should go to those sites, read their reports for your programs, and install the patches. Once a month is common, but you need to determine your own balance between security and convenience.

6.3. Monitoring

How do you know if someone has broken into your system? The only way to know for sure is to monitor it.

Some common types of monitoring tools are:

6.4. What do I do if I think I've been broken into?

If it was a physical break-in, call the police.

If it was a network break-in, either call the police or:

6.5. Final words

Your security system is only as strong as its weakest part. A determined intruder will keep looking until they find a vulnerability.

Security through obscurity is weak. A hidden thing is more secure than a highly visible one, but don't trust hiding on its own to protect your data. A hidden safe is more secure than a sock under the floorboards.