Securing a network can be a challenging task. It is important that a hosting company has a standard way that they set up the network for its clients and how they monitor the network. Some must-haves to secure a network are packet inspection, enterprise firewalls, Intrusion Prevention Systems (IPS), a way to proactively monitor the amount of network traffic being transferred and network separation between clients.
The first thing to consider is the firewall. When setting up a new client the firewall is used to allow only specific network traffic to the server; all other network traffic will not be allowed. You can think of a firewall as a giant filter. So if a given client needs a server set up for http traffic and a way to connect to the server, then they will only need http web traffic (port 80 for you techies) opened on the firewall. The firewall itself will also perform packet inspection to ensure the packets are in the correct format. If the packets appear to be in an abnormal format or have some additional suspicious overhead included, the firewall will drop the packet. These are some of the high level tasks that the firewall will be busy performing.
An Intrusion Prevention System’s (IPS) main job is to prevent suspicious or abnormal traffic from reaching the inbound networks. The IPS will alert the hosting network admin of any network abnormalities and, in some cases, block certain traffic from accessing the network. An example of this is that an IPS may block types of malware or hack scripts that can transmitting on the web traffic port (port 80) from trying to access the site or database. This type of piggy-backing method is a sneaky way for hackers or malware to get a foot in the door to your networks and then compromise your systems. Some venders will package the IPS within the firewall itself, and in some cases the IPS is a separate device.
Also, ways to monitor the amount of traffic on your network or switch ports is vital. One way to do this is to use a protocol on a switch and have a tool that will email or alert the network admin upon reaching a certain bandwidth threshold on the switch or switch port. Then if you see an unusual amount of traffic on a port of your network switch you can quickly make the needed adjustments and determine if it is legitimate traffic or not. If it is not legitimate traffic, you may need to block this traffic from entering your network.
Lastly, it is important to set up the network so that the network segments are not over-congested. Having a saturated network without the proper separation is a breeding ground for malware, the spread of a virus and even a compromised server. In some cases, it is best to ask a hosting company for your server to be on a completely separated network or Virtual Local Area Network (VLAN) from the rest of the clients. Shared hosting accounts are usually on the same network and the same server, so these types of hosting accounts are not as secure. If you are looking for a more secure hosting solution, a dedicated hosting solution with network or VLAN separation is essential.
I hope this information is helpful in determining your hosting network security needs. Please do not hesitate to write with any questions you might have regarding network security and hosting.