		Network Security

Encrypt sensitive data

Either dynamically (as the data is transmitted) or staticly (off-line) run data through an encryption system before transmitting it outside your own network, and, maybe, even before you commit it to your own cable.

Depending on your level of paranoia...

Adopt VPN for external accessors
Encrypt before transmitting outside
Encrypt for internal storage
Encrypt all packets on the network
Encrypt before committing data to the network

Adopt VPN for external accessors

Any users accessing your network from outside should be first authenticated by some means other than account name and password and then all transmissions should be encrypted.

Encrypt before transmitting outside

Anything that is in any way sensitive should not be sent in the clear. Either encrypt before transmission (static encryption) or during transmission (dynamic encryption). Both methods have pros and cons. Dynamic requires higher powered equipment to keep up with transmission speeds but does ensure that there is only ever a small relationship between the plaintext and the cryptogram. Static encryption requires less power as it is done off-line but does mean that the plaintext and the cryptogram will be adjacent in the system.A hacke finding them both would have a headstart in breaking the cypher and decoding similar messages.

Encrypt for internal storage

Don’t forget the encryption and decryption keys... This can be inconvenient and creates a large task in managing the keys. It does have the benefit that any data stolen will still not be easily accessible to the hackers who stole it.

Encrypt all packets on the network

If your network is not totally contained within the physical perimeter that you control, any data traversing unprotected segments should be encrypted. It is simply too easy to connect to a cable and passivlely suck up all data that passes by.

Encrypt before committing data to the network

If you cannot be sure that any part of the network is secure, then data shoulc be encrypted before being transmitted. This would be done (preferably) by hardware in the Network Interface Card (NIC). This requires that all Work Stations, File Servers, Hosts and Routers, etc. have the same facility.