Ask 10 network professionals about infrastructure security and you'll get almost as many opinions ranging from "you don't need more than a firewall and a good set of access rules" to "invest in a variety of included and separate network security tools" and everything in between. However, the truth usually lies in the middle.
Admittedly, you don't always need to buy a shelf full of software to realize good infrastructure security on a budget. "All you really want is a good firewall and good security permission within the network," says Ryan Jones, an independent network security consultant. "Use a limited-access principle and give everyone the minimum required access and escalate the permission upward only when required."
This approach will work for some, but others — especially those involved in banking or e-commerce — will need at least another layer. "Using metrics management and monitoring [for] the network and data is complex, but basically, apply some methodologies and use the software of your choice to manage security," recommends Rodrigo Arruda, an IT specialist for Itaú, an international financial institution headquartered in Sao Paulo, Brazil. "It does often involve some cost, though."
Stay Up to Date
You don't have to spend your department's whole budget on just a few things. In fact, Peoria Magazines says much of what you can do to secure your network without breaking the bank is free or close to it. Keeping your software up to date between major revisions is usually free and will plug up holes you might discover at an inconvenient time.
Stay Fired Up
You should also be using a sturdy firewall product and configuring it per the nature and sensitivity of your data. Don't set it to auto-learn, which can be just as bad as auto-correct on a smartphone. Manage the rules so it knows which programs have what level of access, and be sure to specify the ports that will be used. Keep in mind firewalls should be supplements to more comprehensive authentication and threat-detection protocol.
Deny the SPAM
Although Kaspersky and similar cloud-based security services integrate pretty well with professional email platforms, your team should be willing to invest about $1,500 in a decent spam-filtering appliance, as phishing is often how network intrusions are initiated with unsuspecting staff (you've trained them on phishing content, right?).
Lock It Up Properly
Another way to ensure infrastructure security on a budget is to limit user access. This means John in Accounting and Mary in Sales shouldn't be installing new software on a regular basis. In fact, these users should only need to install new software once or maybe twice a year. Only administrators, and select department heads, should be given administrative access to the network. Everyone else should be given the most basic rights they need to do their jobs efficiently and securely.
Use Deception to Foil Intruders
Sun Tzu, in his famous tome, said: "All warfare is based upon deception." A minor modification and it resonates with IT personnel: "All 'warefare' is based upon deception." In other words, use software to deceive intruders. Products like Sourceforge's Active Defense Harbinger Distribution (ADHD) can detect a malicious network entry and block all outgoing traffic to that IP. To the intruder, your network just went dark.
Use a VPN for Remote-Access Users
Once upon a time, you could give your remote users a phone number, have them dial into your network and use something akin to a secure net key to give them remote access. The encryption that a virtual private network (VPN) uses is typically unbreakable, and even if it is breached, it will have taken so long to do so that the connection itself drops by the time that key is broken. OpenVPN is a solid open-source project and free through its community version.
Keeping your network secure with limited funds isn't impossible, but it may seem like an insurmountable task at times. With proper planning, however, it doesn't have to. Whether it's free or very inexpensive, spam filters are your biggest commitment. Most of the suggestions above will only cost you and your team some necessary time.