"Wilder than the West!" is how someone once described the internet to me. There are so many web threats out there that can harm your network, be it viruses, trojans, or any other malicious software. Maintaining web security should therefore not be regarded as a kind of low priority optional extra, but should be a critical part of any business’s continuity plans.
The problem is, however, that maintaining adequate web security can be very complex. There are many different types of machines and users with different needs hooked up to the average network. That's not all; a vast array of security packages clamor for our attention as the best solution to our web security problems.
One solution to this conundrum is to shift your protection against web security threats from local machines to web security systems at the gateway and at server level. Using such a system will give network administrators control of an impressive range of tools with which to protect their systems from a single console or machine. These tools will effectively monitor everything that enters and leaves the network (or rather, that attempts to enter and leave) and counter possible network security threats in real time before they reach the network.
There are a lot of tools that administrators can use. When choosing a web security strategy it pays to look for the following features or approaches:
The problem is, however, that maintaining adequate web security can be very complex. There are many different types of machines and users with different needs hooked up to the average network. That's not all; a vast array of security packages clamor for our attention as the best solution to our web security problems.
There are a lot of tools that administrators can use. When choosing a web security strategy it pays to look for the following features or approaches:
- › The use of multiple antivirus scanners: This will make it harder for potential malware to ‘slip through’ since different scanners use different ‘search and destroy’ techniques and some may also be ahead of the curve in terms of response to specific threats. Using multiple AV scanners at the same time means that you can capitalize on all their strengths and greatly minimize the risk of some nasty zero-day virus slipping through.
- › Configurable scanning of specific file types and other threats: By exercising central control over what enters/leaves your network (e.g. disallowing .exe, scanning .zip files with multiple engines and selectively scanning files with little risk) you will be able to enjoy a much higher level of threat protection. Web filtering and monitoring systems will also scan inside seemingly innocuous files to ensure that they are safe.
- › The ability to set policies for individual machines, groups or IP addresses: Users obviously have different needs and ‘blanket blocking’ of specific files and/or activities are bound to hinder the work of users with legitimate needs. The ability to easily set up policies to ensure that security threats are minimized and no one is inconvenienced is a major benefit of this approach.
- › Limit attempts to bypass web security: Some viruses / malware might attempt to bypass standard security by channeling downloads through HTTPS connections – which typically mask the data being transmitted. A good web security solution will include analysis of HTTPS traffic as standard procedure and thus provide additional security.
About
