Companies today must offer optimal data access to employees, customers, and partners in order to be efficient.
This requires continual Internet access, which exposes these companies to hostile environments where threats evolve rapidly.
Add to this the fact that employees can intentionally or involuntarily threaten the network by their actions, and you have everything you need for imminent disaster.
Naturally, cybercriminals are on the watch for weaknesses in network protection devices (firewalls).
The goal of these devices, placed on the network perimeter, is to protect an organization from the constantly evolving threats that stem from Internet use.
Since a security breach can result in negative impacts such as service interruption, fraud, theft of intellectual property, or the destruction of information, companies must ensure their network perimeter is secured adequately.
The goal here is to protect the confidentiality, integrity, and availability of the internal network, as well as the information resources relying on it, and to achieve the following three objectives:
- • Protect the network itself
- • Reduce computer system and application vulnerability to external threats
- • Protect data when switching to the external network.
Here are the 5 main things you can do to minimize the risks associated with the security of your network perimeter, while maintaining optimal data accessibility.
1. Use a Unified Threat Management (UTM) firewall
Firstly, it is recommended to install an adequate firewall, preferably a new generation UTM (Unified Threat Management) firewall.
As opposed to traditional firewalls, UTM firewalls offer advanced and integrated security services, all in one console, such as:
- • Filtering of websites with malicious content.
- • Protection against Internet viruses and other malicious software making their way into the network.
- • Threat prevention technology that examines network traffic flows in order to detect Internet vulnerabilities and prevent them from entering the network.
These devices can be configured according to your company’s specific needs. The following two actions are generally applied:
- • Allow access to what is necessary and secure only.
- • Apply a continual revision process to ensure any open doors are completely closed. This is not always the case, even with a well-configured firewall.
Finally, if the company has several networks (head office, remote desktop, Cloud services, etc.), it must not forget to equip them all with firewalls, which would ideally be managed integrally.
2. Draw up a computer security charter
In addition to a firewall, consider drawing up a security charter signed by employees, if only to clarify what they may or may not do. When network rules are explicitly written down, there can be no cause for gray areas. If employees then overstep these limits, the company managers can be sure they have done so knowingly.
It is also possible to set up a system that filters website accesses, whether these websites be commercial or not. This access authorization function is optional and directly integrated in a unified firewall.
Both cases illustrate an agreement on the behavior of internal and external users. It should be put into document form and signed by all computer network users.
3. Pay special attention to VPN’s
VPN’s, virtual private networks employing data encryption, enable users who are outside the network (at home or on the road) to access their internal network via Internet.
Security must therefore be strengthened with these types of networks.By giving direct access to a network, VPN’s can override firewall controls, hence the importance that each user provide identification in order to connect to the network. Access control also requires a careful selection of those to whom access is given, which is why a laid-off employee’s network access should be quickly removed.
Although the use of a password is essential, a two-factor authentication using certificates, for example, is also highly recommended. In fact, two-thirds of security breaches result from weak passwords or password theft.
Certificates significantly increase data protection by assigning keys with codes varying from one computer to the next, therefore allowing one to know which device an employee is using. Since the user must enter a password as well as a key, this double protection greatly reduces computer hacking risks.
4. Isolate Web applications
Web applications must be isolated on their own network rather than on the internal network. To do this, one configures a demilitarized zone, or DMZ, managed by the firewall.
This way, if the server is unstable, one can log in as a user-administrator of the device and then bypass the application, without having access to the other systems. This is the best way to go for any public server.
It is also recommended to set up an application firewall, or WAF, to protect the application itself.
5. Understand the extent of computer security
The objective of information security is to offer adequate protection of digital information and assets, which will guarantee their availability, integrity, and confidentiality.
It therefore also consists of network and information system security (including wireless networks not addressed here), data protection, information classification, and the broader subject of information asset management.
This means that perimeter protection is only part of your security strategy.
Securing your network perimeter adequately is the first step to protecting your data from external threats.
In the same way that antivirus software was an important part of PC security since the first days of Internet, firewalls are pivotal to network security. Today, however, analysts agree that a multi-level defense system with new generation firewalls significantly reduces Internet attacks on an organization’s internal network.
Don’t take their word for it and contact us to check your firewall’s efficiency against today’s cyberattacks, at no cost*.
*This is a limited time offer and can be cancelled at any time.
Image credit: © Patrick P. Palej - Fotolia.com