Ram Herkanaidu, Security Researcher, Kaspersky Labs is an expert in the field of Network Security. We posed three frequently asked questions to him and will be posting his answers in the Infosecurity Adviser forum in the coming weeks.

Question 1:

Owing to mergers and acquisitions, our group now consists of a parent company and three subsidiaries spread across the UK and the Benelux countries. How do we go about discovering all elements of our IP-based network and where the private net ends, and a public link starts?

Answer:

A good place to start is with a comprehensive IT audit of all hardware and software used in the new combined business. From an IT security perspective all hardware and software should then be patched with the latest firmware and patches, maybe done in conjunction with whatever migration plans you have to standardise the IT infrastructure. In today’s environment it is more relevant to talk about securing all communications rather than what is private or public. Connections between all offices as well as remote (mobile) users should be done via some of kind of VPN. One thing to bear in mind is that IT security like physical security is not a one time thing; procedures and practices should be put in place to constantly monitor and test your systems.