Network Security – Where do I begin?
August 8, 2022
Click image to view gallery
It’s a safe bet that most computer networks have some basic security mechanisms in place such as firewalls or passwords on wireless networks. Unfortunately maintaining basic network security isn’t enough anymore to protect your company from potential cyberattacks. Network security can also get complex and expensive quickly. So what security mechanisms should you begin with if you haven’t already?
- Firewall – It’s important to have a firewall in place that protects your company’s network from the internet. Most importantly, your firewall should be configured in such a way that it only allows access from outside of the network to specifically authorized services that are known to be safe and needed for business, and defaults to blocking everything else from outside.
- Network Segmentation – The purpose of virtual local area networks (VLANs) for network segmentation is to help prevent the spread of malware between connected network devices on the same network. By logically separating different parts of your network (i.e. separating machinery from corporate computers, IoT devices from Computers & VOIP Phones, wireless networks from wired networks, or sensitive corporate functions like HR/Finance from other departments), you are better able to keep those groups of devices isolated which can help stop the spread of malware between groups.
- Wireless Security - Ensure all wireless networks, including networks intended for guest access and especially those used for employee or machinery access, are protected with a passphrase. If possible, utilize identity-based authentication mechanisms like RADIUS such that the wireless network verifies the employee’s identity and access rights in order to log on to the network.
- Patching – ensure all of your network infrastructure from firewalls to switches to wireless access points, controllers and servers, even audio/visual devices, are all patched with the latest available firmware. This will reduce the possibility of these devices being exploited through known vulnerabilities.
- DNS Protection – Though not absolutely required, it’s a good idea to utilize a DNS protection tool such as Cisco OpenDNS umbrella or similar in order to protect your users from having their connections or web browsers hijacked and information stolen.
Through not directly network related, be sure all of your computers and devices are protected using an endpoint detection and response (EDR) solution. More on that in our next article!