You are using an outdated browser. For a faster, safer browsing experience, upgrade for free today.

Secure the perimeter: Network Security to rival Fort Knox

If an Englishman’s home is his castle, then your organisation – with all the client data and sensitive information it handles – needs to be an absolute fortress.

Perhaps not in physical terms: unless you’re a really important or covert organisation you’re not going to need the trappings of Fort Knox to patrol the physical movement in and out your offices.

But in cyber terms, you need all the protection you can muster to patrol the traffic entering and exiting your systems, in order to defend the integrity and usability of your networks.

In this week’s blog we’re going to look at the nitty gritty of network security: what the term means, what threats you face without adequate protection, and the steps you can take to ensure you have your perimeters covered.

Forget concrete-lined granite, electric fences, land mines, and radar monitoring. Think firewalls, antimalware, secure access and administration, and constant monitoring and testing – all aiming at preventing attacks from both internal and external sources, safeguarding your valuable systems and data, and ultimately protecting your reputation.

What exactly is “network security”?

As the American SANS Institute puts it: “Network security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorised access and misuse…” As CSOonline points out, rather than endpoint security, which focuses on individual devices, network security concerns the connective tissue between devices, on which they interact and exchange data.

Basically, you’re protecting the infrastructure that links your devices by controlling what traffic enters and travels around it. This is no mean feat in today’s world, with your corporate network no doubt linked to the internet, myriad cloud services and other partner networks with all sorts of access points, making your network’s perimeter near-impossible to define – there are no entrenched electric fences here.

What every organisation needs therefore - regardless of size, industry, or complexity of IT systems - are some clear rules and policies and effective technical configurations to detect and block malicious traffic wherever it might try to break in.

Letting your guard down

A worrying 9 out of 10 IT professionals are not confident that their network is secured against attacks or breaches. So what could be the risks of not putting up adequate defences? The UK’s National Cyber Security Centre warns of several major potential consequences:

  • Compromise of systems: An attacker could undermine critical business systems, affecting your organisation’s ability to deliver essential services and resulting in severe loss of customer confidence.

  • Compromise of information: An attacker might directly access sensitive information, or intercept it whilst in transit (e.g between your devices and a cloud service).

  • Import and export of malware: Malware could be imported, compromising your systems; or, conversely, users could deliberately or accidentally release malicious content outwards with major reputational damage.

  • Denial of service: Denial of Service (DOS) attacks can hit via the internet and prevent legitimate users or customers accessing services or resources.

  • Damage or defacement: Once into your network, attackers may be able to further damage your systems and reputation through activity such as defacing your organisation's website, or posting onto your social media accounts.

Set out your sentries

So what can you feasibly do to put up strong enough defences against these scary scenarios?

  • 1. Protect your perimeter: filter and inspect all inbound and outbound traffic at network entry points – whether that’s physical ports, online connections or cloud applications – to ensure that only traffic which is required to support the business is being exchanged.

    • - Use firewalls to create a buffer zone between the internet (or other external networks) and your own systems. Set your firewall rules to deny traffic by default, then build a list of authorised protocols, ports and applications to be granted access.

    • - Deploy malware scanning from a reputable service to examine traffic both at the perimeter and on internal networks (and use a different malware solution on each for additional defence).

  • 2. Protect your internal network too: Don’t just focus on the perimeter fence, make sure the rest of your systems are functioning at Fort Knox-level too.

    • Secure wireless access: You don’t want any old person connecting to your wi-fi from the pavement outside: your wireless system should only allow known devices to connect - and be on the alert too for spoof wireless access posing as yours (security scanning tools can detect these).

    • Lock down your admin access: Make sure administrator access to any network component is properly authenticated and authorised; and always change default passwords for equipment.

    • Don’t err in your error messages: Ensure that error messages returned to internal or external systems or users do not include sensitive information that may be useful to attackers.

    • Get properly staffed: Recruit and train a crack team or individual dedicated to monitoring your network, spotting unusual behaviour and dealing with alerts. You can tell HR they’re the most important hire you’ll make this year.

    • Test it, test it, test it: Don’t just assume it’s all ticking over nicely. Conduct regular penetration tests and simulated cyber-attack exercises to ensure that your defences and responses are effective. Don’t wait for a real attack to be your first test.

Not a single attack has been attempted on the impenetrable Fort Knox (housing America’s gold reserves) since it opened in 1935. Ramp up your defences for a similar confidence that attackers will never see your network as easy pickings; leaving your systems, data and reputation intact.

Back To Blog Page