Already having known what network is, we aim to take this time out to understand why it is important to secure it. For the purpose of simplicity, let's take the example of a pipeline system meant to distribute water to a particular community.
A robust system, built with tons worth of planning, design and ingenuity only to be topped off by toil loads of labor over a period of years. What, do you believe, does it take to bring this entire system to its knees? A skilled saboteur and a drop of strong poison / bio-agent, and what we witness next is, years of toil comes to a screeching halt.
Your office Wi-Fi/LAN network is something similar, the situation being all the more acute if you happen to be working in / running a co-working space or an enterprise. Yes, cause, in this case, your community isn't even gated, you don't know who your neighbor is, or in case you are the society manager, you don't quite know whom you have rented out a space to, what his / her intentions are.
Before we get onto the network security measures, we need to first identify the threats we will be dealing with.
The most common network security threats include:
Are pieces of software, designed to be spread from one computer to another, with the intent to infect your computer and other computers on your contact list by using systems on your network.
2. Trojan Horse
Is a malicious bit of attacking code that tricks users into running it willingly, by appearing as a legitimate software. Once inside your computer, a Trojan horse can record your passwords by logging keystrokes, hijack your webcam, and steal any sensitive data you may have on your computer.
3. DOS (Denial of Service) attack
Is performed by flooding a system with packets and making it impossible for legitimate users to access its content. Whereas, a DDoS or (Distributed Denial-of-Service) attack, is similar to DoS, but is more forceful and difficult to overcome since it is launched from several computers.
Is a method of counterfeit with the goal of obtaining sensitive data such as passwords, usernames, credit card numbers, etc. The attacks often come in the form of instant messages or phishing emails designed to appear legitimate.
5. Software Vulnerabilities
Software not timely updated have its own share of issues. They can eventually slow your entire office network down to the point where you can’t get work done as well as causing your site to crash.
6. Human Error
Even the most trustworthy employees can unintentionally pose a threat to your network security due to a lack of education about best security practices, putting your company in a vulnerable position.
7. SQL Injection Attacks
These attacks are designed to target security vulnerabilities in the software of data-driven applications. They use malicious code to obtain private data, alter or even destroy that data and can go as far as to disrupt transactions on websites.
8. Man-in-the-middle (MITM) attacks
Person A sends their public key to person B, but the attacker intercepts it and sends a forged message to person B, pretending to be A, but instead the message contains the attacker's public key. The attacker can use this to gain access to the network. DNS Spoofing, HTTPS Spoofing, IP Spoofing, ARP Spoofing, SSL Hijacking, and Wi-Fi Hacking are some common types of MITM attacks.
To be honest, these are just some broad categorizations and a professional attacker may deploy any of these in far more sophisticated form, or maybe, even multiple such methods simultaneously.
How do I deal with these issues ??
It is a difficult task to keep track of all the network security threats that are out there, and the new ones that just keep emerging. There is no way to be completely sure that a system is impenetrable by cybersecurity threats. We need to ensure that our systems are as secure as possible. Here are a few security measures every co-working or enterprise space should be equipped with:
1. Antivirus Software
Most basic security measure that mostly prevents data at “rest”, that is, files that exist on your local hard drive and are not being uploaded or downloaded at that instance.
Windows Defender is a free antivirus software that comes with the Windows Operating System and can provide a low to intermediate level of protection from viruses and trojans. There also exist paid antivirus software like Norton 360, Kaspersky, Bit-defender, etc. that can provide intermediate to high level of protection with additional features like spam protection, anti-phishing modules, browser protection etc.
2. Access Control
Attacks like DDOS, MITM and SQLI discussed above can be mitigated by bolstering access control. Access control is an important part of security, since the lack of proper access control leaves your data and systems susceptible to unauthorized access. It is always advisable to create a strong access control policy, that is, invest in a good network security measure for your office. As a rule of thumb:
- Having a good network management tool can also help with overall security since it limits the number of people who can access your network.
- The next thing we need to make sure here is that only the important people of your organization have access to critical data.
3. Regular Software Update and Standardization
Take measures to standardize software and in any case, make sure the software remains well maintained and is regularly updated. When a new version of software is released, the version usually includes fixes for security vulnerabilities.
Standardization, apart from providing a sense of uniformity and ease of maintenance, is one of the best protection against phishing and trojan attacks.
Not knowing what software is on your network is a huge security vulnerability. Make sure that all computers use the same operating system, browser and other professional tools.
4. Install a Firewall
Hardware firewall, although costly, is the first line of defense against most of the intrusions. The functioning of a firewall can be equated to a security check post.
It monitors all the inbound and outbound traffic for inconsistencies and malicious software, allowing only healthy pieces of information to pass through.
5. Regular Backups
Make sure your data is backed up periodically, either to an external hard drive or the cloud itself, or schedule automated backups to ensure that your information is stored safely.
In case there is an attack that you cannot otherwise ward off, these backups come in handy and you are at ease at least you can rest sure your stuff is safe.
6. Network Segmentation
Network segmentation is done by dividing the network into many smaller parts, access to each of which can then be separately controlled.
Segmentation can increase network performance as well and as some net technicians put it, it can help in diagnosing certain problems as well.
7. Use IDS/IPS
IDS or Intrusion Detection System scans all the incoming traffic and maps its entities with an already available database, alerting the security team when something malicious comes up.
IPS or Intrusion Prevention System on the other hand acts similar to a firewall and blocks incoming threats.
8. Encrypt Important Data
Encryption safeguards data by altering the information saved on disk into unreadable code. In order to use these files as they were, they need to be decrypted, a process that requires a key and is highly specific to the method of encryption.
This way, even if the data gets stolen, it would be worthless to the attacker.
9. Use VPN
Use a virtual private network (VPN) to protect your privacy.
VPN creates a virtual impregnable tunnel between your device and the server, protecting you from attacks all along your journey.
These are a few of the critical security measures, which if taken can help safeguard your network against most of the prevalent threats. The safety measures, just like the threats themselves, have to be taken seriously and can be segmented into equivalent levels of sophistication. Of course they do cost a considerable amount to be set up, but they are eventually going to pay for themselves.
Seems complicated / tedious / out of budget? Let us take care of the same. Visit www.bhaifi.com or write to us on sales[at]bhaifi.com for an affordable human-less security solution for your budding enterprise.