Securing Your Network
This is just a guide introducing terms and considerations and therefore not so detailed on specifics due to the wide variances, solutions, and policies that can be adapted in an attempt to secure your network. I say ‘attempt’ because we almost can never 100% secure, If you are targeted, well let’s say…time will tell.
Risks if not secure
- Someone will definitely be spending countless or ‘charged’ time recovering
- Downtime doesn’t go down well with ‘most’ employees
- Network can be used for spoofing and avertedly gets slow or blacklisted
- We all know the risk of Virus, Trojans, Malware, spyware, DDOS to say the least
- Productivity is affected
- Lose important company data – A rave today is to sell this data
Some Popular Types of attacks
Port scanning, SQL Injection, Blue-snorting/Jacking/bugging, PoD, CMP and SYN flood attack Session Hijacking Attack, botnet, phishing, vishing, spoofing, social engineering, smurf, buffer overflow and the more popular – manipulation of users to infiltrate system.
Most of these attack sources are from internal users, unaware of the risk they pose. USB drives and ports, internet gateways, laptops, access point, employee use of other users system, human Trojan, email and smartphone. Some Hypervisors can even be attacked through firmware by injecting a rooting and other technique.
Have you ever noticed how software has to be constantly updated with patches, especially, the more popular software’s? If you don’t patch, you will be open to some sort of attack. Corporate networks should always be careful on selecting and using of software from a company that doesn’t have policies in place to debug and update. Not saying you should not go to the corner shop to get your customized software –just ensure the framework software is built on is stable, updated and certain guidelines are followed in development.
<Warning sign> A consultant should be considered for long term investments. if no in-house expertise exists. Call MICCA Solutions.
With the advent of Cloud computing, BYOD and Mobile Computing, you must protect end user linking to your network in any form, through any gateway. I’ve seen hundreds of persons enabling servers, putting anti-virus and router-firewall and believe it ends there. It doesn’t or I should say ‘should not’ end there. Unprotected end-user devices slip Trojans and worms unto your network.
<Warning sign> Use Citrix Mobile to work in a secure and policed mobile environment with centralized management and updates. Click for more info
- VPN, Remote desktop viewing, FTP, Private and Public cloud should employ encryption means of at least 2048.
- Try to avoid telnet- it’s an old technology – still has its uses.
- For firewall restrict all, then open as needed
- Ports should be closed if unused
- Remove unused services
- DHCP has benefits for ease of use but can allow spoofing because it cannot uniquely identify device. Use static IP if possible
- Employ MAC authentication on Wi-Fi access point
- VLANs and subnets can segregate traffic making it more secure
- Place conduits behind walls and out of sight where possible
- Ensure logs are available and review periodically
The physical door-room access will get a ‘yes’ nod, but yet 95% fail in this aspect. Physical access can also be infrastructure security to also cabling route and distribution points. New installs, especially outdoor, should consider Fiber Optics due to its more secured and harder method for tap or sniffing. Analytic tools can easily detect any form of intrusion on fiber optics.
<Warning sign> MICCA Solutions can secure your fiber optic lines and implement monitoring devices. Contact us for options or if you need to see the benefits of fiber optics in your network.
For home networks, ensure strong pass-phrase password is employed and Wifi is secured using settings in order best to least with WPA2, WPA, WEP combined with at least CCMP(AES), PSK, TKIP, based on what’s available.
Don’t forget the Operating System unwanted services and ports using lockdown tools or referring to best practices guides for selected system or application. Datto has a very stable Business Continuity solution that you should employ to minimize downtime, should there be a problem with servers or computers.
I have an article following with Internet of Thngs, and I’ll include some security considerations there.
If more detailed information is needed, please contact us. We have solutions available that minimizes maintenance effort with automation and central management.