Ubiquitous wireless connectivity, mobile devices, and the Internet of Things (IoT) mean network security is no longer about protecting the perimeter—because there is no perimeter.
The nature of today’s LANs and WANs has created more variables for network security than ever before, forcing us to consider them not only when first establishing our connected IT environments, but on an ongoing basis. While many best practices continue to hold true despite the evolution of networking, the lack of perimeter, the IoT, and the pressures of BYOD have added new items to your security checklist.
So, maybe you’ve already established a management policy for IT endpoints, technical training for staff and outsourced security evaluations and processes where appropriate. That’s a great start, but it’s the little things that often lead to big security holes. Regardless of the size of your organization or number of IT resources, the threats are the same and, ultimately, so is the checklist.
What’s in a name?
Whether you have a couple of wireless routers or dozens spread across multiple locations, they’re all given a default wireless network name—their service set identifier (SSID)—that’s broadcast for easy identification and connection by users. Essentially, it’s a neon sign advertising your wireless network. While many home users and small businesses simply use the factory-set default wireless network name, others may link names to departments or office locations. Some even get creative or clever with their wireless network’s name—ever come across “The Promised LAN”? “BatLAN,” anyone?
For those with a security mindset, there are good names and bad names for wireless networks—especially if you only want authorized users to find them. Common names are considered just as bad sticking with the default. If your name lands itself on the Top 1,000 Most Common SSIDs, there’s a good chance a hacker already has the pre-built password-cracking Rainbow Tables needed to sneak into your wireless network.
Creating a network name should be approached the same way passwords are created. Essentially, you should avoid creating one that’ll actually help a hacker guess your network password. Looking at the wireless network name as if it were a password makes for better network security—the more unique, the better. For ultimate security, hide your SSID so only the users who know the actual wireless network name can search it out. If you want to make it even harder for your devices and networks to be breached, use rotating passwords and SSIDs.
Secure and scan all access and end points
It may seem like obvious advice, but all wireless access points should be encrypted. A surprisingly large number of wireless networks are left wide open, making them easy avenues for threat actors to gather your sensitive information, or use unprotected access points as a launch pad to hack more secure systems.
But even if you do lock down your access and endpoints, it’s probably just a matter of time before someone or something sneaks past your safeguards. Regularly monitor all of your endpoints for malicious code. Multifunction printers and copiers, for example, are great for optimizing workflow and document management when they’re properly deployed, but they add another point of entry for cyberthreats to your fleet of desktops and laptops that’ll need to be monitored in real time.
Limit access and control
This is one of the rare cases in life where exclusivity is highly encouraged without being problematic. Not everyone needs access to the same resources or devices, whether it’s general users or IT staff. From a security standpoint, it’s great to give convenient access to multifunction printers and copiers via the network. But it makes better sense to give specific users access to a specific printer in their work area, rather than connecting them to every device in the organization. If one endpoint is compromised, segmented access will limit the impact of a breach.
Not all data has to be available to the same users on the same network. When you understand how information flows through the organization, who can access or manipulate it and how it can be transformed, you can make sure your network security strategy is top-notch.
Not all employees are equal, and that includes visitors. While many guests expect wireless access for their mobile devices during their visit, they certainly don’t need the same level of access your staff does, so be sure to segment and secure your wireless network appropriately. But the same logic applies to administrators: Limiting who can assign access to the network and who can manage endpoints improves control, which tightens network security.
Wireless connectivity makes people more productive, so there’s always a balance between making it easy to access the information and IT infrastructure they need while keeping the organization’s mission critical information safe. The best network security is security that’s baked into the culture of the company and supported by well-thought-out policies and robust technology.