We have compiled 7 top tips to help improve your business network security.
1. Use a business class hardware firewall
A firewall acts as the first line of defense for your business network security.
Hackers will try to use open ports in order to gain access to vulnerabilities within your network.
By using a hardware firewall you only open the ports required. This effectively locks access to your network to reduce attacks.
There are layers of firewall security. The first layer being the hardware firewall that protects your gateway. This is usually the firewall that is built into your internet router.
This should be set up at the primary point where the internet meets your business so it prevents unwanted traffic.
We recommend replacing basic routers with a SonicWALL network appliance. These have a very sophisticated firewall designed to protect business network security.
The second layer are software firewalls that protect each computer, these should always be switched on.
2. Password protect your firewall
Most routers ship with basic login credentials. This should always be the first thing you change when configuring network equipment.
It is easy to identify the brand of router a business is using and from there a simple search will find its default username and password.
3. Lock down IP addresses for improved business network security
Many small businesses use DHCP which is a simple and automatic way to set up a network. It’s also the easiest way for an intruder to gain access unnoticed.
If your business only has a set number of people, assign them a specific address to prevent unauthorized devices plugging into your network.
With a router or server you have the ability to assign an IP address to individual machines.
Router logs will now tell you which devices are on your network. This is also handy from when problems arise, as you’ll immediately know which device machine has the problem.
4. Use a network monitoring solution
A network monitoring system is capable of detecting and reporting failures of both devices and connections. When a failure is detected it sends alerts, by email or phone to notify you.
Monitoring can be carried out by internal IT staff or managed by external companies where they use remote management software to monitor company systems 24/7.
5. Use an Intrusion Protection System (IPS)
An IPS provides rules and policies for network traffic.
IPS also monitors network activity and provides network administrators with a warning system that alerts suspicious traffic.
Depending on the rules set up this may also act as an automatic barrier that drops suspicious looking data packets.
If a packet is deemed malicious it will block traffic coming from that IP destination or port.
This used in conjunction with a decent firewall can help prevent malicious packets flowing around your network.
6. Use a Web Application Firewall (WAF)
This is usually a subscription based application that protects businesses against web based threats.
A web application firewall can provide a dynamic database of known threats which means that it is constantly updated.
Web application firewalls now address compliance requirements for the Payment Card Industry Standard (PCI DSS).
7. Create VLANS
Most business-class routers the capability of creating VLANs (or Virtual LAN).
VLAN’s are best when you can create segments based on individual company needs.
For example, separating the finance department from the rest of the company can restrict the flow of sensitive traffic.
By using VLANs you have complete control over which port is used, which helps prevent malicious attacks on open ports.
If a user moves physical location but remains in the same job role there is no need to reconfigure the workstation.
In the other respect, should a user change job role they do not physically need to move, all that changes is the VLAN setting.
If you are interested in business network security, please contact us for more info, we are always happy to help.