Top 7 Ways Holistic Networking Will Expand Your Business Circle

By Karen Carnabucci

[ Print | Email This | Bookmark ] Networking refers to your connections to people in your professional and personal world. The larger the network, the more opportunities you have to share your work and beliefs, talk about your businesses and find referrals, resources, information and encouragement. Among the most daunting of tasks: those times when we enter events such as mixers, open houses, club meetings, awards events and community functions where we know very few or no people. Here are some tips: 1. Notice the people you're drawn to. Trust your instincts regarding what people you notice and who seems to catch your eye in the crowd. The way someone dresses, his or her level of energy, even the expression on his or her face may draw you to learn more about that person. 2. Develop a range of simple questions that are related to your business or occupation. Perhaps you are experiencing a small problem in your work; the networking event is an ideal time to seek out solutions or resources. Are you looking for a new long distance phone company? Trying to decide where to advertise? Or seeking good accountant or graphic designer? 3. Begin your question with, "Do you know someone who" and this may help you meet more people in addition to getting help in solving your problem. 4. If you have the opportunity to introduce yourself to a lot of people, practice varying your "spiel" with each person so that you don't say the same thing twice. Your words will stay fresh, you will feel more energy and you may find new connections and topics to talk about even among people whom you have met before. 5. It's OK to eavesdrop. Our energy ebbs and flows, and it's all right to take a break from talking to just listen, breathe and pause. If you notice a twosome or cluster of people talking with animation, stroll over to check out what's so interesting. Listen and ponder. You may be surprised to know what you can learn by listening. 6. Volunteer to fill a particular role or task for an organization or club where you are a member. The task such as greeter, survey taker or chairperson of a committee will give you specific reasons to meet new people while you're helping the organization. 7. Make sure you bring your business cards to exchange. Follow up on your most interesting contacts later with meetings, e-mails or phone calls. Karen Carnabucci is a creativity consultant, psychotherapist and coach in Racine, Wis., offering professional development programs and one-to-one mentoring, with a focus on

doing business from a whole person perspective, and the author of "Whole Person Marketing." See http://www.companionsinhealing.com for more about Karen, her directory of resources for holistic health professionals and her free e-newsletter, Whole Person Practice. Source: http://Top7Business.com/?expert=Karen_Carnabucci Network security starts from authenticating the user, commonly with a username and a password. Since this requires just one thing besides the user name, i.e. the password which is something you 'know', this is sometimes termed one factor authentication. With two factor authentication something you 'have' is also used (e.g. a security token or 'dongle', an ATM card, or your mobile phone), or with three factor authentication something you 'are' is also used (e.g. a fingerprint or retinal scan). Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users.[2] Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS)[3] help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high level analysis. Communication between two hosts using a network could be encrypted to maintain privacy. Honeypots, essentially decoy network-accessible resources, could be deployed in a network as surveillance and early-warning tools as the honeypot will not normally be accessed. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network being protected by the honeypot.[4]

[edit] Security management

Security Management for networks is different for all kinds of situations. A home or small office would only require basic security while large businesses will require high maintenance and advanced software and hardware to prevent malicious attacks from hacking and spamming.

[edit] Homes & Small Businesses

A basic firewall or a unified threat management system. For Windows users, basic Antivirus software. An anti-spyware program would also be a good idea. There are many other types of antivirus or anti-spyware programs out there to be considered. When using a wireless connection, use a robust password. Also try to use the strongest security supported by your wireless devices, such as WPA2 with AES encryption.

If using Wireless: Change the default SSID network name, also disable SSID Broadcast; as this function is unnecessary for home use. (However, many security experts consider this to be relatively useless. http://blogs.zdnet.com/Ou/index.php?p=43 ) Enable MAC Address filtering to keep track of all home network MAC devices connecting to your router. Assign STATIC IP addresses to network devices. Disable ICMP ping on router. Review router or firewall logs to help identify abnormal network connections or traffic to the Internet. Use passwords for all accounts. Have multiple accounts per family member, using non-administrative accounts for day-to-day activities. Disable the guest account (Control Panel> Administrative Tools> Computer Management> Users). Raise awareness about information security to children.[5]

[edit] Medium businesses

A fairly strong firewall or Unified Threat Management System Strong Antivirus software and Internet Security Software. For authentication, use strong passwords and change it on a biweekly/monthly basis. When using a wireless connection, use a robust password. Raise awareness about physical security to employees. Use an optional network analyzer or network monitor. An enlightened administrator or manager. Use a VPN, or Virtual Private Network, to communicate between a main office and satellite offices using the Internet as a connectivity medium. A VPN offers a solution to the expense of leasing a data line while providing a secure network for the offices to communicate. A VPN provides the business with a way to communicate between two in a way mimics a private leased line. Although the Internet is used, it is private because the link is encrypted and convenient to use. A medium sized business needing a secure way to connect several offices will find this a good choice. (http://www.interhack.net/pubs/networksecurity/network-security.html#SECTION00073000000000000000). Clear employee guidelines should be implemented for using the Internet, including access to non-work related websites, sending and receiving information. Individual accounts to log on and access company intranet and Internet with monitoring for accountability. Have a back-up policy to recover data in the event of a hardware failure or a security breach that changes, damages or deletes data. Assign several employees to monitor a group like CERT (http://www.cert.org) which studies Internet security vulnerabilities and develops training to help improve security.

[edit] Large businesses

A strong firewall and proxy to keep unwanted people out.

A strong Antivirus software package and Internet Security Software package. For authentication, use strong passwords and change it on a weekly/biweekly basis. When using a wireless connection, use a robust password. Exercise physical security precautions to employees. Prepare a network analyzer or network monitor and use it when needed. Implement physical security management like closed circuit television for entry areas and restricted zones. Security fencing to mark the company's perimeter. Fire extinguishers for fire-sensitive areas like server rooms and security rooms. Security guards can help to maximize security.

[edit] School
An adjustable firewall and proxy to allow authorized users access from the outside and inside. Strong Antivirus software and Internet Security Software packages. Wireless connections that lead to firewalls. Children's Internet Protection Act compliance. (Only schools in the USA) Supervision of network to guarantee updates and changes based on popular site usage. Constant supervision by teachers, librarians, and administrators to guarantee protection against attacks by both internet and sneakernet sources. An enforceable and easy to understand acceptable use policy which differentiates between school owned and personally owned devices FERPA compliance for institutes of higher education

[edit] Large government

A strong firewall and proxy to keep unwanted people out. Strong antivirus software and Internet Security Software suites. Strong encryption. Whitelist authorized wireless connection, block all else. All network hardware is in secure zones. All hosts should be on a private network that is invisible from the outside. Host web servers in a DMZ, or a firewall from the outside and from the inside. Security fencing to mark perimeter and set wireless range to this. Inventory controls of government owned mobile computing devices dictated by an enforceable acceptable use policy to avoid the loss or theft of sensitive information

Need for Network Security

In the past, hackers were highly skilled programmers who understood the details of computer communications and how to exploit vulnerabilities. Today almost anyone can become a hacker by downloading tools from the Internet. These complicated attack tools

and generally open networks have generated an increased need for network security and dynamic security policies. The easiest way to protect a network from an outside attack is to close it off completely from the outside world. A closed network provides connectivity only to trusted known parties and sites; a closed network does not allow a connection to public networks. Because they have no Internet connectivity, networks designed in this way can be considered safe from Internet attacks. However, internal threats still exist. There is a estimates that 60 to 80 percent of network misuse comes from inside the enterprise where the misuse has taken place. With the development of large open networks, security threats have increased significantly in the past 20 years. Hackers have discovered more network vulnerabilities, and because you can now download applications that require little or no hacking knowledge to implement, applications intended for troubleshooting and maintaining and optimizing networks can, in the wrong hands, be used maliciously and pose severe threats.

Types of attack:
Classes of attack might include passive monitoring of communications, active network attacks, close-in attacks, exploitation by insiders, and attacks through the service provider. Information systems and networks offer attractive targets and should be resistant to attack from the full range of threat agents, from hackers to nation-states. A system must be able to limit damage and recover rapidly when attacks occur. There are five types of attack:

Passive Attack
A passive attack monitors unencrypted traffic and looks for clear-text passwords and sensitive information that can be used in other types of attacks. Passive attacks include traffic analysis, monitoring of unprotected communications, decrypting weakly encrypted traffic, and capturing authentication information such as passwords. Passive interception of network operations enables adversaries to see upcoming actions. Passive attacks result in the disclosure of information or data files to an attacker without the consent or knowledge of the user.

Active Attack

In an active attack, the attacker tries to bypass or break into secured systems. This can be done through stealth, viruses, worms, or Trojan horses. Active attacks include attempts to circumvent or break protection features, to introduce malicious code, and to steal or modify information. These attacks are mounted against a network backbone, exploit information in transit, electronically penetrate an enclave, or attack an authorized remote user during an attempt to connect to an enclave. Active attacks result in the disclosure or dissemination of data files, DoS, or modification of data.

Distributed Attack

A distributed attack requires that the adversary introduce code, such as a Trojan horse or back-door program, to a trusted component or software that will later be distributed to many other companies and users Distribution attacks focus on the malicious modification of hardware or software at the factory or during distribution. These attacks introduce malicious

code such as a back door to a product to gain unauthorized access to information or to a system function at a later date.

Insider Attack
An insider attack involves someone from the inside, such as a disgruntled employee, attacking the network Insider attacks can be malicious or no malicious. Malicious insiders intentionally eavesdrop, steal, or damage information; use information in a fraudulent manner; or deny access to other authorized users. No malicious attacks typically result from carelessness, lack of knowledge, or intentional circumvention of security for such reasons as performing a task

Close-in Attack

A close-in attack involves someone attempting to get physically close to network components, data, and systems in order to learn more about a network Close-in attacks consist of regular individuals attaining close physical proximity to networks, systems, or facilities for the purpose of modifying, gathering, or denying access to information. Close physical proximity is achieved through surreptitious entry into the network, open access, or both. One popular form of close in attack is social engineering in a social engineering attack, the attacker compromises the network or system through social interaction with a person, through an e-mail message or phone. Various tricks can be used by the individual to revealing information about the security of company. The information that the victim reveals to the hacker would most likely be used in a subsequent attack to gain unauthorized access to a system or network.

Phishing Attack
In phishing attack the hacker creates a fake web site that looks exactly like a popular site such as the SBI bank or paypal. The phishing part of the attack is that the hacker then sends an e-mail message trying to trick the user into clicking a link that leads to the fake site. When the user attempts to log on with their account information, the hacker records the username and password and then tries that information on the real site.

Hijack attack
Hijack attack In a hijack attack, a hacker takes over a session between you and another individual and disconnects the other individual from the communication. You still believe that you are talking to the original party and may send private information to the hacker by accident.

Spoof attack
Spoof attack In a spoof attack, the hacker modifies the source address of the packets he or she is sending so that they appear to be coming from someone else. This may be an attempt to bypass your firewall rules.

Buffer overflow
Buffer overflow A buffer overflow attack is when the attacker sends more data to an application than is expected. A buffer overflow attack usually results in the attacker gaining administrative access to the system in a ommand prompt or shell.

Exploit attack
Exploit attack In this type of attack, the attacker knows of a security problem within an operating system or a piece of software and leverages that knowledge by exploiting the vulnerability.

Password attack
Password attack An attacker tries to crack the passwords stored in a network account database or a password-protected file. There are three major types of password attacks: a dictionary attack, a brute-force attack, and a hybrid attack. A dictionary attack uses a word list file, which is a list of potential passwords. A brute-force attack is when the attacker tries every possible combination of characters.