Sergey Nivens - Fotolia
Network security has become a top priority as reports of potentially devastating breaches make headlines and enter boardroom conversations. The theft or manipulation of data can be costly and have long-term negative ramifications on a business and its leadership. Having effective network security protections is essential to stave off threats.
Complex, highly distributed enterprise and virtualized networks require a rigorous and consistent security strategy. How can IT groups improve network security and reduce risk? The following five best practices can address security weaknesses and get ahead of internal and external threats.
Step 1: Identify connectivity susceptibilities
Before IT can draw up a plan, the organization needs complete clarity on the infrastructure. This step starts with an end-to-end review of the network, including model information and configuration data on routers, switches, firewalls and cabling -- as well as all the computers, servers and peripheral devices connected to them.
With a topographic outline of the network infrastructure, IT can visualize potential vulnerabilities in how devices are linked. The configuration data can also shed light on other potential areas of exposure, such as devices that still have manufacturer-issued passwords or out-of-date software.
IT also needs to run vulnerability assessments on a consistent basis. Often, these audits align with compliance dates rather than using them as a proactive practice.
Step 2: Review policies and educate end users
The best designed security policies are useless if they are confined to a static document and not communicated to relevant staff and instituted. IT should review existing policies and make updates where changes in technology, topology or staff require it.
On a frequent basis, communicate policy information to staff. Ongoing end-user education on topics such as identifying phishing emails is also an important element to improve network security.
Step 3: Fortify access points
A network audit can spotlight issues such as a router configuration that lets traffic from virtually any source access enterprise resources. To impede threats, IT needs to protect entry points into the network.
In some cases, IT may have to set a policy that restricts the use of external devices that can be used to steal data or contaminate a device with malware. Some organizations require third-party partners and their employees to access their network through a secure virtual private network. Additionally, organizations can use virtual LANs to segment traffic.
Step 4: Filter Media Access Control addresses
While not entirely full-proof, Media Access Control (MAC) address filtering can be a good first defense against unauthorized access by providing a mechanism to authenticate devices accessing the network. IT can set an authorized MAC address list, enabling the router to deflect traffic from addresses not on a whitelist.
Step 5: Fill in the gaps with internal and external support
The lack of IT security resources is one of the most frequently cited obstacles of an effective network security strategy. Consider supplementing internal staff with third-party support on a selective basis. Today, more network security software is delivered through the as-a-service model, making it potentially more economical and practical for businesses on tight budgets.
IT staff can also look to end users for additional support, particularly with respect to policies and best practices. Simply put, engage end users in policy education. Users with the aptitude and interest can be an important resource to improve network security by communicating best practices to their colleagues.