Posted by Lomar Lilly
Network Security: The Secret is in the Layers
Finding the Sweet spot
The secret to a great lasagna is in the layers; similarly, the ‘sweet spot’ for your business network security is in its layers. In today’s economic climate, you have likely considered this because your business runs on a network that needs to be equipped with adequate protection. Unfortunately, improper network security measures have far-reaching consequences that could damage your reputation, affect finances, and inevitably end your business. Thankfully, the right approach can save your business from more ominous threats. Here are some of our top recommendations for securing your business’ network and viability.
Layering your security network
The term ‘layering of security’ is often used in reference to the defence-in-depth strategy (an approach that employs a layered defence mechanism to protect assets, information, and data). It is recommended that a business deploys the use of more than one layer - either physical, technical, or administrative. Physical security includes anything tangible used to detect unauthorised access to your business's physical areas, such as CCTVS, guards, and staff security badges. Technical security is also referred to as logical controls. It includes hardware or software mechanisms like firewalls, intrusion detection, or even access control lists. Administrative security is the softer side of the layers and includes policies, procedures, and guidelines that define your business practices and operations. One popular example of this layer is security awareness training for employees.
Top tools and techniques to secure your network
In network security, whether you have a flat network or a segmented network is of utmost importance. In a flat network, all the systems within can talk to and trust each other. In contrast, in segmented networks, you may have two computers in one segment that don’t necessarily need to trust other computers in the wider network. This prevents the propagation of malware within the network. Protip: take the extra step to pair each segment of your network with firewalls for added security measures.
In this instance, Data Privacy revolves around protocols that ensure confidentiality and prevent data tampering within a network. A prime example of these measures includes using ‘HTTPS’ throughout your network and using Secure Shell (SSH) instead of Telnet to remote into different terminal devices.
For instance, if you are logging into an intranet portal within your organisation that uses ‘HTTP’ allows an attacker to eavesdrop and easily see your username and password being sent across the network in plaintext. Using ‘HTTPS’ renders that information unreadable to the attacker, so data privacy using encryption technologies is always a plus.
This involves ensuring that when a user or service accesses your system, your network has a way to identify them and the services they are using. In the event of a network breach, your incident response should include going back to your identity management system to check the logs for who or what was accessing your servers or services. You can then verify if the access was intentional from the authorised party to determine whether credentials were compromised.
Having arbitrary identities defined within your organisation, such as “user 1” or “user 2”, provides no clear way to assess who or what is accessing your network and when. There is, therefore, no accountability in your network, and the integrity of it can be called into question. Ensure that the identity of all users, including services, are clearly defined.
Consider using tools and services such as Active Directory and RSA SecurID as a part of your identity management within your organisation. These tools ensure that users are tied to a confirmable identity, with names/usernames appearing in a log, allowing you to know when they use your network.
Being proactive helps you identify suspicious activities and areas of weakness within your organisation so you can make the necessary adjustments in anticipation of a real security event. You can seek consultant services like Symptai Consulting Ltd to assess your network through security audits, vulnerability assessments, or penetration testing engagements to identify weak areas within your network. Additionally, you could invest in a Security Information and Event Management System (SIEM). SIEM tools bring Security Information Management (SIM) and Security Event Management (SEM) together to provide a strong facade for your systems. SIEM gathers security related data from host systems and applications to network and security devices such as firewalls and antivirus filters and analyses them, providing reports and alerts. Your options can be broken down further where instead of a standalone SIEM solution, you can invest in alternatives that provide continuous security monitoring in the form of intrusion detection and prevention systems.
These are written documents that bind the security practices and guidelines of your organisation. An effective network security policy should have sections that speak to data security, physical security, network, and hardware security. It should also detail how to enforce the different mechanisms employed within the organisation and outline steps individuals should take in case of a breach. This is paramount; you want it to be clear to your employees and external parties from the start what the secure operations of the organisation are and who to contact in case of a breach.
Determine your risk appetite, what is critical to your business, and how much you need to protect your operations and customers. Once you have done this assessment, you can create a structure of what network security measures you should be taking. So...are you ready to start layering up your security network? Building up the strongest defence can be easy and efficient with our expert guidance. One of our Security Consultants would love to sit with you to discuss the best solutions for your business.
Schedule a virtual appointment with one of our Security Consultants today to learn more.
Lomar Lilly is an Information Security Consultant who is a certified CompTIA Security Analytics and Secure Infrastructure professional. He is passionate about the field of cybersecurity and provides support on multiple IT Security augmentation projects.