Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
What it takes to convince leadership that migrating to the cloud is the right move.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
Table of content
Many businesses struggle with network security implementation. In my previous article, How to Implement Network Security (Part 1), I spoke about the benefits of Network Segmentation as a tool to help improve the security of your organization, however as mentioned this method can require a high level of effort to properly implement. Also simply separating your networks isn’t a complete defense against the most common threats to your organization’s network; As with all security controls the best defense is a layered defense that incorporates multiple Physical, Technical, and Administrative Controls (also known as defense in depth). Tim previously wrote about how User Education (an Administrative Control) can be an effective countermeasure against Business Email Compromise (BEC) Attacks in his article, Business Email Compromise: A Growing Threat.
Just because someone can physically enter your building doesn’t mean that you allow them to enter every room. However, without proper network security implementation, physical (or remote) access to your network may allow a bad actor to gain access to your entire network, including your most sensitive information. This is why you already require employees to sign-in to their computers. Thankfully, with the implementation of some built-in features of Microsoft Windows Server, most Small to medium businesses can effectively provide an additional level of authorization that can greatly reduce the threat that is largely transparent to your employees.
RADIUS (Remote Authentication Dial-In User Service) is a protocol that can be applied to your wireless network to replace a pre-shared key (PSK) with the username and password that you are already using to log in to your computer. Most business-grade wireless access points like Meraki, Dell Rukus, or Ubiquiti support RADIUS out of the box, and have done so for years.
802.1X is a networking standard for Network Access Control that can be configured to apply the same benefits of RADIUS as described above to your wired devices. Only devices that have authenticated against the RADIUS server will be provided access to the network, all other devices will not be allowed to communicate.
Both of these technologies require the configuration of a feature that is built into the Microsoft Windows server that you likely already have in your environment, it’s simply a matter of leveraging your existing resources.
Most Operating Systems (Including Microsoft Windows Server and Windows 10) ship with a software firewall, this application acts much in the same way that the hardware UTM Firewall you already have in place between the internet and your internal network. While this application is very powerful, it is an often overlooked component of your overall network security toolset. Many organizations opt to simply disable this feature instead of dedicating the time needed to fully configure this firewall for the needs of the devices on the network, potentially degrading the overall security of the systems and networks within the organization.The built-in Windows Firewall can be configured to only allow access to sensitive resources (such as a database server) from “known-good” devices (for example, Your Servers and necessary Workstations) and prevent non-essential services from being accessed over the network.
Configuring a firewall during network security implementation requires a level of effort to identify the resources that are running on each device, as well as the business units that require access to these resources. However, by only allowing the minimum amount of access required you can reduce the potential for inappropriate or malicious access to your systems.
The methods described above do not explicitly require the use of Network Segmentation and can be implemented without segmentation in place while still providing an increase to security. They can also be used in concert with segmentation to improve efficacy. If you already have some level of network segmentation you may opt to additionally segment your vLANs based on department or organizational unit, this can be an effective middle ground between “role-based” and “classification based” network segmentation.
An example of this would be to provide a separate VLAN for your most critical group, for example, your finance department, and implement software firewalls to effectively isolate this group from the rest of the network. This method of network security implementation has the potential to protect these sensitive workstations from various types of threats, including ransomware – if your receptionist opens a malicious file that contains a ransomware payload proper segmentation may protect the finance department if your endpoint security were to fail.
As mentioned, in-depth defense requires the use of Physical, Technical, and Administrative controls used in concert to create an effective security program. As you implement new controls, such as 802.1X to effectively lock-out open network ports to unauthorized users, you should be sure to update or create corresponding corporate policies that identify the new control, detail how this should be used (for example Non-Employees are not permitted to have physical access to the LAN without clearance by the IT department), and detail the potential repercussions for a failure to comply with the policy (generally a dedicated sanction policy).It is important to understand that policies must be developed based on your organization’s goals and needs. There is no “shortcut” or “template” that can provide meaningful administrative control for your organization.
Network security implementation can be a complex but highly effective tool to protect yourself from not only insider threats but also as another layer of defense to compliment your endpoint security. As a bridge between your users and your sensitive data securing the Network is essential to securing your data. While this can require some effort and planning to properly implement it is not out of reach for any organization.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.