Best practice approach to network security
Network Defence in Depth has, for a long time been the best practice approach to network security, but as we become more mobile and it becomes increasingly challenging to defend the network against evolving Cyber threats, the defence in depth methodology is of acute importance to help your organisation avoid the headlines.
As Cyber criminals wield increasingly sophisticated social, economic, technical and brute force tools; deploying these in parallel to strain network security from many different angles, organisations should consider a complimentary suite of defensive measures to counter the escalating risk.
With mobility and Cloud changing the way we operate, our networks are always-on, supporting connections from our phones, tablets and laptops outside the safe haven of the corporate network. As we support access across Guest Internet and open Wireless connections the perception of the network perimeter is now blurred, and can no longer be defined by the edge of the Firewall. The ‘inside’ of the network is everywhere, demanding a security everywhere to secure all angles of attack, both from outside and from within.
As new zero-day attacks emerge – security is generally reactive to emerging threats, there’s an inevitable delay before security vendors can identify and remediate during which our networks are exposed, and in our always-on, connected world organisations must adopt best-practice edge-to-edge defence across and within the network to limit the depth of an attack, whilst diversifying security across a blend of network security technologies to offer the complete solution.
The defence in depth approach recognises that each individual layer of security can be compromised – there is no silver bullet technology that’s always ahead of the Cyber criminals, but defence in depth seeks to mitigate the impact of a security breech, restricting an attack circumference with granular access control and micro-segmentation, whilst buying time for security specialists to identify and remediate the threat.
Syscomm advocate a multi-layered, multi-vendor approach to IT security, building layers of complimentary security technology, layered up from a fundamentally secure Ethernet network architecture up to the user application, providing protection for the entire network function. We design and deliver holistic perimeter-everywhere security to protect each entry point into your network.
Our approaches to Network Defence represent a cost-effective blend of the following technologies and mitigations:
- Underlying Ethernet Network:
Building LAN and WAN networks that support edge-to-edge, switch-to-switch encryption. Building dynamic networks that only extend networks out to the devices that need them, and only for the time that they’re needed. Using Network Access Control to restrict access to the network on a who, what, where, when basis to ensure only valid devices can connect to the network. Building stealthy networks that do not reveal the extent of the network or reveal routing to hackers using tools to identify the network topology. Building micro-segmented network zones to isolate devices within smaller secure network areas, restricting the ports and services required to flow between zones
- Network Firewalling:
Firewalls are the first line of defence in a network, isolating one network from another. Tunnelling traffic between internal network zones through Firewalls, with only the necessary ports, services and protocols open between zones. Running multi-layer next-generation Firewall defences to provide application aware, layer-7 Firewalling with Deep Packet Inspection.
Running Intrusion Detection and Prevention (IDS and IPS) to inspect internal and external traffic against known hacking patterns and malicious activities forms another key defensive mechanism to enhance cyber protection. Investing in an IDS that enables you respond to attacks quickly can be far less costly than rectifying the damage from a cyberattack and dealing with the subsequent technical, reputational, and potential legal issues.
- Network Access and Authentication:
Network logon tied into Active Directory with LDAP or RADIUS to validate users before admitting them to the network. Two Factor Authentication (2FA) for local or remote VPN logon, to protect access based on a factor you have (typically one-time PIN or Smartcard) and a factor you know (password) to prevent identity and password theft. Access on a need-to-know basis – restricting user access to only the resources and network permissions required for their role is a policy that all organisations should be adopting.
- Security Information Event Management (SIEM):
Logging of security event activity from devices across the network back into a centralised engine to run real-time heuristics and analytics activity network wide. SIEM analytics generates alerts of threatening hacking activity and irregular security events moving through the network
- Endpoint Security:
Endpoint Security to deliver centralised Anti-Virus reporting and management, but also edge based Intrusion Detection and Prevention, edge-Firewalling, application controls and security information logging at the Laptop, Desktop or Mobile endpoint.
Keep Your Business Safe with Quality Network Security
Unfortunately, the majority of network security events occur because many businesses have barely covered even the fundamental of business security basics, leaving them susceptible to crippling cyberattacks.
Your business’ network security is more critical than ever. It is always worth the investment to adopt and implement best network security practices across your business to keep it, your clients, and your employees safe online.
10 Basic Network Security Steps You Need to Implement
For any business and organisation, basic network security best practices must come into play if cyber attacks are to be prevented, detected, and mitigated. Network security is not simply employing the right technology, but is a combination of essential security technology and policies designed to assess, monitor, and manage your network for all signs of security threats and unauthourised intrusion.
Know Your Network Infrastructure
Fully understanding your network infrastructure is crucial before you can even begin to secure your network against potential threats. Unless you know which hardware/software devices components make up your network, you won’t be able to protect them.
When formulating your network security strategy, you should take into account:
Hardware (routers, switches, printers, etc.)
Software (firewalls, IDS/IPS, etc.) devices, and
Digital security certificates (SSL/TLS certificates, IoT certificates, etc.).
Implement Network Segmentation Strategies –
Segmenting your network into smaller trusted zones not only makes management easier but can also help keep any malware from spreading to other parts of the network, reducing the risks and impact of a network intrusion.
An unsegmented network provides potential hackers with a larger attack surface, enabling them to move laterally through the network and gain access to business-critical data.
Back up – Have a Data Loss Prevention Strategy –
Backing up data is one of the best practices that you can implement to help mitigate the harmful effects of any successful cyberattack. With the advent of ransomware, having a full and current backup of all your data can be a lifesaver. Regardless if your organisation stores, processes, or transmits sensitive data (such as personally identifiable information [PII], payment card industry [PCI] data, client data, etc.), or not, it is mandatory to protect such data. Irrespective of regulatory requirements, it makes sense to have a regular backup plan in place in order to more quickly get your business up and running again in case of a serious breach.
Regular Cyberthreat Training for Employees –
All too often, malware threats gain access to the network via employees who’re unaware of network security best practices. Your employees are the easiest targets for attackers via social engineering techniques and phishing emails – but they can also prove to be your best defence against potential security breaches.
Providing mandatory organisation-wide cyber awareness programs on a regular basis will reinforce the importance of network security basics, IT compliance, password security, etc. It also ensures that everyone in your company remains informed about different forms of cybersecurity threats.
Conduct Regular Software Updates and Patch Management –
Updating and patching up software is crucial to preventing exploitation through any known vulnerabilities in applications that your business is using. Be sure to install every security patch and update for all your software within a tight timeframe.
Ensure You’re Deploying the Correct Technology
There are several network security solutions that you need to be deployed in order to properly secure your environment. Some of these include:
- Intrusion detection systems/intrusion prevention systems (IDS/IPS)
- Virtual private networks (VPNs)
- Unified threat management (UTM) tools
- Network monitoring tools
Choose your technologies so that the network intelligence gained from any one security device should be usable by other devices since operating in silos can have a negative impact on event correlation and analysis.
Protect Your Network Against Malware –
Phishing scams and ransomware attacks are on the rise and getting increasingly sophisticated. Installing an endpoint protection solution (which typically includes anti-malware) on all your network’s endpoints establishes a consistent, standardised, and distributed layer of security along your network perimeter.
Have (and enforce) an IT Policy –
Have a clearly defined set of IT policies empowers your employees as they carry out their every day tasks and can also hold them accountable in case of non-compliance. It should outline rules for access, operation, etc. under ordinary conditions and offers guidance on how to proceed in the event of a breach. These rules and policies should be part of your employee’s onboarding process and reviewed during regular cyber awareness trainings so that they are always top of mind.
Establish a Network Security Maintenance System –
Take the time to establish a network security maintenance system that involves processes such as:
- Performing regular backups
- Running activity reports
- Keeping software up to date
- Setting up a schedule for changing your network name and passwords
Depending on the size and complexity of your business, your network security maintenance system may involve additional or fewer steps. The general purpose is to be proactive in protecting your network and establish a process for monitoring and maintaining network security.
Monitor 3rd-party Access to your Data –
Employees working remotely, subcontractors, business partners, suppliers, and vendors – any of these may have access to your network at any given time. Such third-party access not only brings a higher risk of insider attacks but also opens multiple potential ways for malware and hackers to enter your system.
By monitoring user activity monitoring issuing one-time passwords in order to provide complete logging of all user actions allows you to more easily detect malicious activity and conduct investigations if necessary.
Syscomm for all your Cybersecurity Solutions
The threat landscape is continuously evolving and your business’ cybersecurity protection needs to be agile. Adopting a Defence in Depth approach, where multiple controls are deployed at every layer of the open system interconnection (OSI) model is the most effective posture you can take to help protect your business.
The cybersecurity best practices mentioned above will help you protect your data and your business’s reputation. However, implementing them is another challenge altogether.
Syscomm offers robust insider threat protection solutions that cover the cybersecurity practices mentioned above and so much more. Syscomm’s extensive experience also includes monitoring capabilities, response tools, and access control solutions for a range of sectors including manufacturing, retail and education.