Network Security - The 10-point plan for your IT

The network is the backbone of your IT infrastructure. It is as important as it is vulnerable. The problem is that any vulnerable element can become a gateway for malware. Even if you have a good security plan in place for your network, even one overlooked vulnerability can put your entire IT at risk. Get your network security audited before cybercriminals do. The specialists at Adey Meselesh have developed a holistic 10-point plan for this purpose that comprehensively covers the biggest risk factors. It not only identifies problems, but also fixes them right away. Where possible, open source tools or on-board tools of the operating systems used are used. This avoids unnecessary running costs.

1. it starts with a test: The Network Security Assessment

The auditing of your network should be planned in advance and set down in writing. No network-enabled components should be forgotten during the Network Security Assessment, for example printers. IoT hardware such as IP cameras are also popular targets for hackers. In addition to the technical condition of your IT infrastructure, work processes should also be put to the test. This includes the handling of sensitive information such as passwords and the disclosure of security-relevant data. The actual acid test is penetration testing for the previously defined targets. At least as important is the subsequent careful processing and analysis of the results.

2 For more security: Using Active Directory sensibly

Active Directory (AD for short) allows authorization and authentication to be controlled centrally. We recommend including all computers within the network in the AD authorization concept. This allows access rights to be controlled centrally on a fine-grained basis. Each user receives only the absolutely necessary privileges. A backup strategy for user data can and should also be implemented in this course. Group policies ensure that security-relevant specifications, such as a predefined complexity of passwords, are mandatory for all users.

3. you can always go a little harder: secure servers and workstations

Hardening systems deals with reducing the attack surface. Operating systems and especially server systems are mostly universally preconfigured. Among other things, this serves the purpose of user-friendliness. But every service, every unnecessarily installed software and every open port on a system are potential targets for cybercriminals. The required software is also subjected to a critical eye. For programs that are repeatedly vulnerable, alternatives can usually be found that promise more security without sacrificing comfort. Other standard measures include enabling encryption, avoiding default passwords, enabling automatic updates, and taking advantage of security features such as Defender application control in Windows.

4. Patchwork not desirable: patch management

Security-relevant errors in software products from almost all manufacturers are becoming known again and again. This circumstance is ultimately unavoidable and does not fundamentally argue against the use of a particular product. What is important is how a manufacturer deals with security vulnerabilities that have become known. For example, informing customers in good time and providing security patches is an indicator of a responsible approach to security. Accordingly, it is part of the consideration of network security that available security updates are localized and applied. In addition, documentation must be provided so that the patch level of all components in the system can be tracked.

5 Active protection: Endpoint protection

Despite regular recommendations to the contrary, dedicated virus protection within networks makes sense. In the business environment, the regular exchange of files, for example as attachments to e-mail messages, is usually unavoidable. Not subjecting them to a virus scan with the most up-to-date signatures possible before opening them can only be described as negligent. Professional cloud-based security suites such as Endpoint Protection and its successor Endpoint Security from market leader Symantec specialize in securing all end devices in the network. This includes mobile devices and IoT hardware. They also offer other useful functions. For example, intrusion detection, ransomware protection and securing the Active Directory. Compared to free solutions, a solution such as Symantec Endpoint Protection has advantages in terms of up-to-date virus signatures and behavior-based detection of malware.

6. you can't do without it: the cloud backup

The only thing that really protects against data loss is a backup! However, it is important that all important data is covered by the backup, that the backup takes place regularly and that the backup is stored in a safe place. Only automated processes are suitable. Manual backups can be forgotten or performed incorrectly. Cloud storage is a good choice for decentralized storage. Providers often already ensure that data is stored redundantly at different locations. However, special attention must be paid to access protection and the location of the cloud. Otherwise, there is a risk of legal conflicts with regulations such as the General Data Protection Regulation (GDPR).

7 Cloud encryption

Encryption must nowadays - despite increasing computing power - be regarded as an elementary component of all secure data transfers and data storage. Assuming the use of secure encryption algorithms, a correct implementation of the technique and complex authentication features, encryption is usually unbreakable. This means that a properly secured cloud storage solution is the first choice for storing data such as that of a backup. But care should also be taken to use encryption for other cloud-based services.

8. secure communication: company-owned email addresses

Using a company-owned domain name in employee email addresses is not only a sign of professionalism. It also ensures that phishing attempts or social hacking attacks are made more difficult. If you have control over your mail server, mechanisms such as spam filters, transport encryption can be applied consistently. End-to-end encryption with PGP or S/MIME can also be implemented in this way.

9. business network gatekeeper: the firewall

Actually, the firewall is part of the basic equipment of every commercially available PC or router. In contrast to a personal firewall for private use, professional solutions have to deal with much more desired or necessary incoming network traffic. A good alternative to the usually costly hardware firewall solutions is the open source software pfSense. The PF stands as an abbreviation for packet filter. The pfSense software can be operated on different platforms. Both dedicated hardware and virtual or cloud-based solutions can be implemented. They all have one thing in common: apart from the administration effort and possible server rentals, no further costs are incurred.

10 SIEM: Network security monitoring

SIEM stands for Security Information and Event Management. A corresponding system logically has the task of processing security information and incidents. Our experts at Adey Meselesh rely on Security Onion, a flexible open source tool. Security Onion can be used on local hardware, in virtual machines and also in the cloud. The software is able to monitor logs and output from intrusion detection sensors on the network. Of course, reporting of detected irregularities is also part of the functional scope.

No time to lose - the topic of IT security is more topical than ever beforebold text

The number of cyber attacks on companies has been increasing for years. In parallel, the impact and damage levels, for example through attacks with encryption Trojans, are increasing. Malware used for attacks is sold tailor-made on the Internet's black market, the so-called darknet. As the person responsible for a company that depends on its IT infrastructure, we will be happy to show you our practical options for improving protection against attacks. Even our Network Security Assessment cannot promise one hundred percent protection. But it helps against many common attacks and, in an emergency, ensures that you can quickly access your data again.