Do you know what's happening on your network?

Corporate networks have become vast and complex beasts on which staff waste time and criminal activity takes place. Will Sturgeon sheds some light on how to make sure you're in control of nefarious network traffic.

Businesses understandably put a great emphasis on having a robust and secure network but are they doing everything they can to manage it effectively with those goals in mind?

It seems incredible to think companies could fail to protect themselves against some of the biggest threats on their network, yet in such a complex environment the pitfalls are all too plentiful. While most IT departments are well aware of the risks posed by malicious code and spam, less well-publicised threats and practices are still finding room to grow and prosper on many a corporate network.

Understanding the role mobility has to play in complementing or undermining network management is also becoming more critical. And many companies are failing to control and identify issues on their networks such as productivity of staff.

Certainly companies know the value of their network. According to recent Economist Intelligence Unit (EIU) research, security is seen as the most critical element of network performance - cited as 'critical' by 65 per cent of respondents. The management of network availability and downtime came a close second, cited as 'critical' by 62 per cent of respondents.

On the security front, Greg Day, technical solutions architect at McAfee, said threats posed to networks from the outside world have certainly changed. In days gone by, a company would know it was under attack because its network would grind to a halt - as with mass mailing worms such as the Love Bug. As symptoms go it was hard to miss.

Day said: "Now it's more about manual infection or self infection and pretty slow spread rates. I've not for a long time seen anything that has totally flooded a network."

As such businesses must get a lot smarter about looking for performance issues and identifying rogue network traffic, applications or devices. And the place to start is increasingly within the firewall.

Day said: "In terms of what's the biggest threat on the LAN at the moment I think it is control of what comes into your network - recognising what are the assets people are plugging into your network and asking whether they should be there."

The same goes for the applications and data employees transfer via the corporate network, or host on the network. This is part of the reason why the use of unlicensed software remains a big problem in enterprises, according to Peter Anaman, senior internet investigator at corporate law firm Covington & Burling.

Mistakes which are all too easy to make can have serious consequences.

Anaman said: "There's certainly a great concern that a lot of unauthorised pieces of software have been introduced into different corporate networks."

This could be because staff are bringing software from a previous employer, or from home because they are familiar with it and want to use it in work, he added. Alternatively employees might be downloading software from peer-to-peer sites in full knowledge of its illegality.

And with companies ultimately responsible for what travels over or resides on their networks, failure to act, or claiming ignorance, is no defence.

Anaman said: "This creates a great liability for the company itself because it has permitted the unauthorised installation of that software." He added company directors can face criminal prosecution if they fail to control the use of illegal software.

It's not just software which companies need to monitor, any copyrighted content on the network, such as MP3s or movie downloads, should also set alarm bells ringing.

Anaman said: "Because many corporate networks have big bandwidth we've noticed an increase in the use of those networks to download MP3s or a piece of software. There is a direct liability for the company there as well.

"This is even more so for BitTorrent for example where people upload as much as they download so a company is distributing - sending out from their network - copyrighted works."

Clamping down on file sharing and trying to eradicate it from the network is therefore essential and companies should also be mindful of allowing access to websites that could be a breach of HR or regulatory policies.

Ian Bowles, COO of content security vendor Clearswift, said in the age of web 2.0 and social networking companies need to watch out for employees sharing information they shouldn't. Bowles said companies should make an informed decision about the extent to which they want to allow employees to interact with the wider web.

Continued on page 2...