it infrastructure services
April 2017

3 Things You Can Do to Ensure Infrastructure Security

No matter how quickly IT security practices progress, security threats often seem to outpace them. Threats are becoming more technically sophisticated and harder to detect. Not only do security attacks result in economic consequences, but they also impact the reliability of critical business infrastructure.

As workloads move into the cloud, businesses lose control over who can access the computer systems those workloads are running on. They may no longer be able to see what resources have been accessed when they were accessed, and from where. BYOD programs compound the problem by introducing numerous additional devices into the mix.

With everything that could go wrong, it’s nice to know you can take practical steps towards improved infrastructure security. Implement the three security steps below, and gain at least a little bit more peace of mind.

1. Avoid over-complication

Taking a holistic approach to network infrastructure can save money and help your network remain sustainable for the long run. Wherever you can, avoid adding complexity to your infrastructure; after all, security solutions are complicated enough as it is. Focus on network basics, like switches, centralised authentication, firewalls and UTM devices, patching and reporting, and policy management. Once you start layering disparate management, and reporting and authentication for LAN access, you will quickly have a mess on your hands.

2. Support security layers

Whatever layers you do have must be supported by your infrastructure; otherwise, you will be building your network on a wobbly foundation. Most businesses don’t have the luxury of redesigning the network every couple of years. Even when the hardware is upgraded, the underlying infrastructure design probably hasn’t changed very much. Back when these networks were originally provisioned, we hadn’t planned on bulk wireless authentication or port-based security. If you layer LAN-enforced security such as firewalls, IDS/IPS, zoning, or wireless on top of a poorly designed network, you will end up with poor security, too.

3. Review security policies for holes

Is your network house completely secure, or have you locked the windows while leaving the front door wide open? Check thoroughly for leaks, both big and small. Searching for them will raise questions: Maybe you enabled SSH, but did you remember to lock down the web access? Even if you recently provisioned secure wireless, do you still have other devices using legacy WEP keys? Check to see that your firewall is implementing policies across every possible path out of your network, and make it a goal to identify the weakest link in your network.

How secure is your company’s network? Protecting your information assets is one of the most important steps you can take toward long-term stability. Smart companies take a multifaceted approach to IT security, building layers of defence between themselves and hackers.

Here are four steps you can take to safeguard your company’s most important assets.

Network firewall

The most basic line of defence against network intruders is the firewall. Consumer-grade routers use Network Address Translation (NAT) to address the problem of limited IPv4 routable addresses. Companies have several options for implementing firewalls.

DMZs (demilitarised zones) are a popular choice these days. In this setup, Internet-facing servers are placed in the DMZ so that they are encumbered by fewer restrictions and less monitoring than the internal corporate network.

At a minimum, an effective firewall should offer packet filter technology, which allows or denies data packets based on established rules that relate to the type of data packet and its source and destination address.

Malware detection

The next line of defence to check off your list should be a solid program for malware detection. Performing a malware scan on client devices relies on the processing capabilities of individual devices to check for threats. But, business-centric versions feature some form of central management used to push out new definition updates and implement security policies.

Most malware problems result from user action, so the typical anti-malware package has evolved into comprehensive suites that offer protection against multiple threat vectors. These packages may include a component to scrutinise a URL link prior to launching it or a browser plug-in that checks file attachments prior to opening them.

Virtual Private Network

In today’s mobile world, employees need to access company resources from remote locations that may not be secure (for example, public Wi-Fi hotspots). These workers can benefit from a virtual private network (VPN) connection to protect their network access. VPNs channel all network traffic through an encrypted tunnel back to the safe corporate network.

However, a VPN can be complex to deploy, and it is costly to support due to the overheads of processing and bandwidth. And, stolen or lost company laptops with preconfigured VPN settings can serve as potential gateways for intruders.

IDS and IPS

Finally, a thorough security strategy requires both an intrusion detection system (IDS) and an intrusion prevention system (IPS). An IDS involves monitoring traffic for suspicious activities that show that the company network has been compromised. For example, an IDS may detect port scans originating from within the network of multiple failed attempts to log into a server.

An IPS are typically deployed in-line to actively prevent or block intrusions as they are detected. For example, a specific IP address can be automatically blocked, with an alarm sent to the administrator when an attempt is made.

These are just some of the steps you can take to safeguard your company’s network. Other security options for businesses exist, but the previous four measures are a good starting point for keeping your network secure.

To find out about how Edge IT can help your IT infrastructure stay secure, get a quote today.