Taking preventative measures to protect your underlying networking infrastructure from modification, unauthorized access, misuse, malfunction, or improper data discovery is a challenge. And, now, our government has told your ISP that it's okay to sell your information to as many customers as they want. More than ever before, a secure computing environment is critical to your businesses future and your companies relationship with its clients.
Is it a good idea to give your Internet Service Provider access to the networks behind your firewall? For years Carriers have offered low priced Wi-Fi and stripped down Firewalls as a service to lock customers into long-term relationships. When we meet with new clients, they are quick to tell us how they don't need to worry about network security. Their ISP installed a firewall when they signed their last contract. We then ask "Who pays the fine for a data breach at this location?" The answer is always "I'm not sure." Then we head off to read contracts that always have the same indemnification clause protecting the ISP. Our next question is always "When was the last time you had a Table Top Exercise?" The answer is normally "What's a Table Top Exercise?"
Like most aspects of business, responsibility for your networks security lands squarely on the desk of the executive in charge. Building a relationship with law enforcement, attorney's and technologists is the first stage of properly securing your network.
Network security is much more than boxes with blinking lights. It involves a multifaceted team of individuals each bringing their specialized knowledge to help protect your company and its reputation.
Companies need to penetration test their networks whenever IT staff members make system changes. All ports, services, and connected devices communicating with your network need to tested for configuration errors after every upgrade, update, and new addition. Testing is especially critical for egress firewall rules in which compromised entities allow all ports to communicate with any IP address on the Internet. Hackers leverage this configuration to send data to their systems.
It's just as important to restrict internal access to your networks. Public conference rooms, Wi-Fi networks, and other knowledge worker access locations are common avenues for malicious actors to gain access to your data. The most common method of securing access in these areas is with port-level user authentication that restricts access to the network at the switch. 802.1x user authentication is the most common way to secure a switch port from unauthorized access. Clients are prompted to enter their domain credentials before connecting to your network. Port level restrictions will help you limit unauthorized network traffic from individuals inside your organization.
After securing your physical layer, it's important to protect your organization from data exfiltration. Leakage prevention/detection tools should be deployed to detect and help prevent data loss. Social engineering is the easiest way for someone to gain access to your systems. Email filters can be added to prevent unintentional loss through well-meaning employees trying to help people.
It’s important for network administrators to implement tools to detect anomalous network traffic and abnormal behavior by legitimate users with compromised credentials. Detecting anomalies will require the use of higher end hardware and software. Enterprise size organizations can use Traffic Anomaly Detector Module in their Catalyst switches. Smaller companies can use Cisco Meraki MX devices.
Observe IT is another option. Observe IT provides visibility into your user’s activity’s on company computers. It creates fully-indexed and searchable video logs of user’s sessions and analyzes behavior to detect out-of-policy behaviors with real-time analytics and alerts.
A secure computing environment is critical to your businesses future and your businesses reputation. Contact GPL Integrated IT for help securing your organization.
Point of Sale Security Best Practices
Targeted Destructive Malware, Server Message Block (SMB) Worms, and Other Cyber Exploitations are Becoming More Advanced and More Destructive Everyday. What Should Business Owners do to Protect Themselves?
Internet Crime Complaint Center
Since 2000, the IC3 has received complaints crossing the spectrum of cyber crime matters, to include online fraud in its many forms including Intellectual Property Rights (IPR) matters, Computer Intrusions (hacking), Economic Espionage (Theft of Trade Secrets), Online Extortion, International Money Laundering, Identity Theft, and a growing list of Internet facilitated crimes.
Earning the credentials to be accepted into underground communities
The National Counterintelligence and Security Center (NCSC) is led and staffed by a cadre of professionals with decades of national security and law enforcement expertise and varied analytic, investigative and policymaking backgrounds. Working with partners across the Executive Branch Departments and Agencies and the private sector, NCSC provides expertise in several mission areas including insider threat, supply chain risk management, and personnel security.
US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.
The National Cyber-Forensics & Training Alliance (NCFTA) is a non-profit corporation founded in 2002, focused on identifying, mitigating, and neutralizing cyber crime threats globally. The NCFTA operates by conducting real time information sharing and analysis with Subject Matter Experts (SME) in the public, private, and academic sectors.