Network security is a huge concern for most small business owners, and rightly so. Keeping your data secure is incredibly important, as the success of your business hinges on its integrity. By following the tips below, you’ll be able to better protect your network and data from outside intruders.
1. Use A Firewall
When an attacker is searching for a network to hack into, the first thing they look for are open ports. Ports are the mechanisms by which networks open up and connect with the Internet. When a port is open, attackers can exploit it to gain access to your network.
A firewall locks down ports that don’t need to be open, cutting down the number of opportunities a hacker would otherwise have. You can think of a firewall as your network’s first line of defense. It sets the rules for when a port should be open or closed. Ports should only be open when you need them to run a certain service.
If you’re using a router behind your internet service provider or modem, then you likely have a firewall. But to make sure, you can log into your router and see if there are any settings for Firewall or Security. To do this, check your router’s manual for instructions.
Also, don’t mistake a firewall application as giving you the same protection as the firewalls that are built into most routers. You need to have one that works with your network’s connectivity so it can filter out bad traffic before it can reach your computers and other network assets.
2. Change Your Firewall’s Default Password
It’s not enough to simply have a firewall enabled. You also have to change the default password to something secure. Many seasoned hackers can easily identify the brand or model number of the router on your network. With this information, they can quickly look up the default username and password and gain access to your network.
So take the time to make this easy fix. You can usually change the username and password by logging into the router and going to the Administration menu.
3. Update Your Router’s Firmware
Firmware updates are needed to fix bugs and maintain security. Most routers have a dialogue box that will pop up when a new firmware update is available. If yours does not have automatic notifications, you can go to the vendor’s website to make sure you have the latest version.
4. Block Pings
Most routers include settings that help to determine how visible your router is to the outside world. One method that many attackers use is called pinging. Put simply, a ping is a network request to see if something happens. If a hacker gets a response, it means that there may be something they can exploit to gain access to your network.
This can easily be avoided by telling your router not to respond to network pings. These settings can usually be found in the Administration menu.
5. Scan Your Network Regularly
One of the best ways to find possible security breaches is to do a vulnerability assessment. By doing this, you’ll see what ports are open that shouldn’t be and be able to go into your firewall settings and make the necessary changes.
6. Lock Down IP Addresses
Most routers automatically allocate IP addresses to computers that connect to the network using something called DHCP. DHCP allows users to easily connect to your network.
While this can be convenient if you have a lot of guests plugging into your network, it does make you more vulnerable to outside attackers. However, if you have a set number of users connecting to your network on a regular basis, you might want to consider locking down IP addresses.
You can usually do this by going to your router’s admin menu and specifying IP addresses for DHCP users. You’ll also need the MAC address to which you can assign an IP. Here’s how you find the MAC address on Windows and on Mac.
A big benefit of assigning IP addresses is that when you check the router logs, you’ll be able to match the IP to any given device. With DHCP, the same device could have many different IPs over a certain period of time. By knowing the device on your network, you’ll be able to find exactly where problems are coming from if they do arise.
7. Use VLANs
VLANs or virtual LANs allow you to segment your network based on needs and risks as well as quality of service requirements. What this essentially does is give people on your network only the assets they need to do their job. VLANs give you the ability to segment your network however you want.
For instance, you could segment it by department, or you could set up one VLAN for your employees and another for guests or contract workers. Part of reducing risk is about providing access to people who are authorized and restricting access to those who aren’t.
8. Get An IPS
Intrusion Prevention System (IPS) technology can play a key role in network security. An IPS will monitor the traffic flow for anomalies that could indicate malicious activity. IPS technology can sometimes be tied together on a router as part of its Unified Threat Management (UTM).
9. Get A WAF
Using a Web Application Firewall (WAF) protects against attacks that specifically target applications. If you don’t host applications, then WAF won’t be of much use to you. If you do, however, it’s an essential security tool.
10. Use A VPN
A Virtual Private Network (VPN) lets your remote employees log into your network through an encrypted tunnel. This tunnel shields your remote workers with the same firewall, IPS, and WAF you have set up at your office. A VPN also protects your network by not letting in users who are coming from risky mobile environments.
Protect Your Network
By following these 10 tips, your network will be better protected from outside threats. Do keep in mind that outside threats are not the only ones you need to worry about. To learn how PerformanceIT can help your business achieve optimum data and network security, view our Network Security page or give us a call at 678-323-1390.