We have compiled 7 top tips to improve the business network security of any organisation. If your business has a question about these tips or requires further information, please go to our contact us page – we are always happy to help.
Use a business class hardware firewall
A firewall acts as the first line of defence for your network. Any hacker will try to use open ports in order to gain access to vulnerabilities within your network. By using a hardware firewall it is possible to only open the ports you actually use effectively locking the system and reducing the possibility of an open attack.
There are varying degrees of firewalls. The first being the firewall that protects your default gateway which is usually the firewall built into your internet router. This should be set up at the primary point where the internet access meets your business in order to prevent unwanted traffic reaching any workstations. Dell SonicWALL routers include a very sophisticated firewall designed to protect business network security.
The second level are software firewalls, these protect individual machines. These should always be configured to protect computers but never used as the primary point of protection.
Password protect your primary firewall
Most routers will have very basic initial login credentials and should always be the first thing you change when configuring network equipment. It’s easy to identify the brand of router a business is using and from there a very simple search can obtain default login username and passwords.
This is a quick fix. Log into your router/firewall as the Administrator and one of the first options you usually see will be ‘change password’.
Lock down IP addresses for greater business network security
Many small businesses use DHCP which is the simplest and automatic way to set up a network but also the easiest way for an intruder to gain access unnoticed. If your business only has a set number of people, by assigning them a specific address you can prevent other people plugging into your network.
With a router or server you will have the capability to assign an IP address to an individual machine; be it laptop desktop table or phone. The advantage this gives over a dynamic allocation is that in your router logs it will tell you exactly who and what is on your network. This is also advantageous when problems arise as you will immediately know which machine has a problem.
Use a network monitoring solution
A network monitoring system is capable of detecting and reporting failures of both devices and connections. When a failure is detected it sends alerts, by email or phone to notify system administrators.
Monitoring can be carried out by in house network administrator staff, or can also be managed by external companies where they will use remote management software to monitor company systems 24/7.
Use an Intrusion Protection System (IPS)
An IPS provides rules and policies for the network traffic. It also monitors network activity and provides network administrators with a warning system to alert them of any suspicious traffic. Depending on the rules set up this may also act as an automatic barrier as they have the capacity to drop any packets that may look suspicious.
If a packet is deemed malicious it will block any other traffic coming from that IP destination or port. This is done without any disruption to legitimate traffic coming into and being routed around the network.
This used in conjunction with a decent firewall should prevent malicious packets flowing round your network.
Use a Web Application Firewall (WAF)
Often this is a subscription based application that will protect businesses against web based threats. This used in conjunction with all usual business precautions can produce a secure business network.
A web application firewall can provide a dynamic database of known threats which means that it is constantly being updated. This gives you the peace of mind that known threats will automatically be blocked. They have web based interfaces that are easy to use and depending on which companies’ WAF you use can also provide overviews of monitoring and blocking activities.
Web application firewalls now address compliance requirements for the Payment Card Industry Standard (PCI DSS) as long as they are properly configured due to the fact that they inspect packet data.
Most business oriented routers will have the capability of creating VLANs (or Virtual LAN). This is most advantageous when you can create segments based on individual company needs. For example separating the finance department from the rest of the company can restrict the flow of sensitive traffic.
By using VLANs you are able to have complete control over which ports are used and this will prevent malicious attacks on open ports. If an end user moves physical location but remains in the same job role there is no need to reconfigure the workstation. In the other respect, should a user change job role they do not physically need to move, all that changes are the VLAN settings and resources made available to the user.