Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
What it takes to convince leadership that migrating to the cloud is the right move.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Datarprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
Table of content
Wondering how to implement network security for your business? In a previous article about IT perimeter defense security, we outlined the importance of keeping bad actors outside of your network, while touching on the fact that not all bad actors reside outside of your organization’s walls. In another fantastic article about insider threats, we discussed how internal risks are a concern to all organizations. Often overlooked is the security of the backbone to your organization: The Network.
You likely have one or more of these technical solutions in place to help notify you, or act against, common threats from the outside:
For many small to medium businesses these features are incorporated into appliances or other platforms, Microsoft Office365 can be leveraged to provide your organization with both Email Filtering and DLP. Your Unified Threat Management (UTM) Firewall can also be leveraged to provide IDS, IPS, and Content Filtering. While these technologies can help prevent perimeter threats, they rarely have any impact on the inside of your network, so what tools can small to medium businesses use to protect their sensitive data within the confines of their local network? Are any of the equipment or systems that are already in place be leveraged to provide this network security implementation functionality?
Often “The Network” is seen as an abstract ethereal being (after all, it’s often represented as a cloud on network diagrams) however “The Network” is no more abstract than “The Office”. You likely already track visitors, have secure areas, not all employees are permitted, and may even use RFID badges for access. If so, you are effectively segmenting your office. Now, let’s discuss how to implement network security further using segmentation.
At a high level, your network can be segmented by data classification (restricting access based on a need to know) or by role/function (restricting access based on the device, person, or organizational unit). For many small to medium businesses, it can be burdensome to classify all data residing on the network because frankly, it can be difficult to simply identify all of your data (for example: do you know what kind of data is stored on each employee’s workstations?). Because of this, I’ll focus on attempting to segment a typical small to medium business network based on role, the challenges and intricacies of data classification warrant another series of articles and is a prerequisite to segment your network by classification.
At a minimum, the average small to medium business should have a breakdown similar to this:
Likely, you are already segmenting your Guest Wireless network from your servers, after all, third parties should never be able to communicate with your servers without supervision. However corporate wireless devices are often treated the same as wired devices, while this can make it easy for you to use your laptop wireless in a conference room it also makes it easy for an employee to connect their smartphone (that likely isn’t fully patched and may contain malicious applications) to the network they know. Similarly, your Servers and Workstations have different network access requirements, your employees
Often overlooked when planning for network Segmentation are Voice and IoT devices, in today’s information age we often fail to recognize that the phone on your desk, your security cameras, and even that smart speaker are fundamentally no different than the device you’re using to read this article. Each of these devices runs its operating system, complete with its applications and security vulnerabilities. Because these devices are often neglected when applying updates (and manufacturers tend to take much longer to address security vulnerabilities in these devices) it is crucial to ensure that these devices are not permitted to communicate with sensitive systems that are not required for the functionality of these devices.
Lastly, your servers and network equipment likely contain dedicated connections that allow IT administrators to securely configure and manage these devices, while these devices may also suffer from the same risks associated with Voice and IoT devices it’s also important to make every effort to only allow authorized parties to access these services. This can be as simple as instructing the firewall to only allow administrative connections from dedicated computers but is often more effective to create a dedicated network used only for the management of systems.
Now that you know more about how to implement network security, how do you separate these networks? Operating six unique networks must surely require six times the equipment and significantly multiply the complexity of the server rack, right? Most Small to medium businesses likely already have the necessary equipment to facilitate network segmentation and are already leveraging similar technologies already: Virtualization.
Virtual Local Area Networks (VLANs) are logically separate networks that operate on the same physical hardware in much the same way the server virtualization using VMWare ESXi or Microsoft Hyper-V can be used to logically separate operating systems and servers on the same physical hardware. This can facilitate allowing guests to use your existing wireless infrastructure securely as previously mentioned. Using VLANs you can provide additional barriers between resources within the organization and crucially restrict access between these networks and provide additional data for any Security Monitoring solution. At a high level, you assign VLANs to physical connections, and these connections can be assigned multiple VLANs, this corresponds to the network port on the wall and thus the device plugged into it.
For network segmentation management, you may opt to restrict access in the following manner:
We hope this helps provide you with a better understanding of how to implement network security. Your specific implementation does need to be carefully crafted to your needs to ensure your organization is still able to function, and this process may require updates to your hardware. But what if you’d like to implement less drastic controls, or further enhance your overall network security after you’ve segmented your network? Learn more in our article to follow: Network Security Implementation (Part II).
If you’re looking for experts that know how to implement network security, Dataprise is here to assist. Our managed network services and onsite network support helps organizations large and small manage their infrastructure and harden security.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.