Network Infrastructure Security
When a guest plugs their computer into a phone jack while waiting in your lobby, they’re in your network. When Bob from accounting plugs his home laptop into his printer’s network connection, that machine is in your network. When you give wireless access to a vendor and he discovers next week he can get a signal from the restaurant across the street, he’s in your network.
Who is in your network right now?
While Internet Edge Security protects you from the outside world, Network Infrastructure Security protects you from within. You need best practices in place to get rid of unnecessary services, implement device hardening, make sure you know who’s connecting to your network and construct proper network segmentation to dictate what your users can do so you ensure your infrastructure security.
Network Access Control
The fundamental aspect of Network Infrastructure Security is making sure you have firm rules in place. If a user has wired access, you need to know who they are and set rules for where they’re allowed. For wireless access, you need your SSIDs to have clearly defined purposes without proliferation of pre-shared keys. Your guests need to be treated differently from your employees. With BYOD, your system needs to differentiate devices you trust from those you don’t. And for your network device administration control, your routers and switches need to be managed so user privileges on the network are limited to their actual needs.
It’s a technical implementation challenge for your IT department, but our analysts provide the guide you need to make sure your system architecture is built for defense.
Any type of services on a router or switch can act as access to an intruder, and open a can of worms you don’t want. Disabling Telnet and other clear-text protocols in favor of SSH and other encrypted protocols for device administration give you a secure, encrypted connection. We go through every individual device, scan for open ports, assess for vulnerabilities and ensure each machine has the least amount of privilege necessary so no one can take advantage of unmonitored access and exploit it as a weakness.
Gone are the days of copper phone lines running to your phones. Now your VoIP system is routed on the same network as your other systems and those calls can be captured for later playback. It’s a great advancement in technology, but you must take the final step: encrypting those calls and making sure the audio cannot be heard by eavesdroppers on your network. The last thing you want is an enemy gaining access to your transcribed calls – you don’t want anyone reading your private communication.
East/West Firewall and IPS
The only people who need access to accounting is accounting. Same goes for security or building control. Siloing your organization according to the principle of least privilege keeps everyone in their own workspace. Meanwhile, IPS (Intrusion Prevention Systems) monitors for certain signatures seeking ports they shouldn’t have access to, and analyzing for malicious access on ports that should be open. We make sure everyone stays in their lane and shut down anyone trying to gain access they shouldn’t have.
We used to make the joke that wireless was the equivalent of throwing an Ethernet cable out your window into a parking lot. If someone has a RF signal in your environment, you need solutions in place to make sure they do not have unrestricted access. We utilize best of breed cryptographic algorithms to create a shared secret between two parties using a secure channel. If your guest doesn’t know the pre-shared key, they can’t get into your system.
Mobile Device Management
Mobile devices represent dangerous threats to your network. If a mobile device is lost or stolen, it remains a trusted device in your network and can be used for an attack. MDM software allows administrators to oversee mobile devices as easily as desktop computers, roll out new updates over the air, and can add or remove devices from the system as necessary to ensure optimum network efficiency and security.
Company-issued machines are one thing, but what do you do about all the devices your employees are bringing from home? Give them their own BYOD network. The non-corporate device becomes a trusted user with required login credentials and, most importantly, a certificate and compliance check that ensures no malware leaks into your system. The user gets access to the system, but only to the systems and applications they need so they remain a trusted user with restricted access.
Our 35-year background in IT gives us the seasoned experience of knowing which services are most useful for our clients. We have a comprehensive knowledge base and extensive resources for solving the tough challenges so we can move fast and effectively as your partner. Learn More >