Some of the largest recorded cybersecurity breaches affected organizations with a surprising thing in common: their router and network firewall security were fully compliant with industry and government standards. On paper, they should have been safe.
So why weren’t they?
One of the fundamental truths of bureaucracy is that the larger an organization gets, the more slowly it moves. It’s true of government and military bodies and it applies to the private sector as well. Smaller groups and individuals can create new threats far more adeptly than the organizations that certify solutions, so it’s critical to stay ahead of bad actors.
Be secure, and compliance will fall into place. Just be compliant, and you’re only secure against yesterday’s threats. Securing your network and data means securing your network firewalls and routers. In this post, we’ll take a look at some strategies that can help reduce your IT network and information security risks.
Workstations, laptops, smartphones, servers, and even the cables your data moves through are all potential vectors for a network intrusion. Physical devices must be protected to maintain strong router and network firewall security. There are a few things you can do to ensure your network is as safe as possible:
Create Use Policies
Work with your team or outside experts to establish policies that define acceptable technologies and where in your infrastructure they can exist
Create a program that documents access and actions so you can:
- assess ongoing incidents
- anticipate future problems
- investigate incident causes and responses
Regularly review device configurations and update software for wireless access points, firewalls, switches, and routers
Restrict permissions for key parts of your network to those who:
- need the access to perform their job
- have appropriate skills
- are sufficiently reliable
Monitor Access Points
Keep tabs on who is accessing your system remotely and from where
Tips for Success:
- A change to your network could mean a physical change like adding a new device, or a software-related change like a firmware or anti-virus update.
- Your device manager can be from any level of the organization, but they need to be empowered to enforce your policies in order to be effective.
Your operating systems should be continually updated to leverage the power of new technologies, fix bugs, and address security vulnerabilities discovered over the course of their lifecycle (often because those vulnerabilities were exploited).
If your OS isn’t managed correctly, it can open you up to a breach. Make sure you:
- Remove all unnecessary programs
- Regularly download and install service packs
- Ensure your OS is regularly patched
- Define access and password rules for all users
Apply the Principle of Least Privilege
The principle of least privilege suggests that anyone who requires access to a system be given only the lowest level of permissions possible to perform their task — and for the shortest possible duration. Keep access to a minimum to reduce the risk of malicious or accidental damages.
“Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.”
— Jerome Saltzer, Communications of the ACM
Maintain Detailed Hardening Standards
Hardening standards are used to set baseline standards for your system. No matter what your organization’s size, it’s critical to maintain a detailed set of hardening standards. Luckily, this is an area where you won’t have to reinvent the wheel. Numerous standards — like SANS, NSA, or NIST — already exist to help you protect yourself.
Remember, being compliant isn’t always the same as being secure. The fact that something is beyond standards doesn’t mean it’s not worth considering. If you aren’t sure, an outside expert can help you determine your best course of action.
Log Configuration Changes
In the last section, we talked about the value of using a control program to guard physical infrastructure. It’s also essential to keep a record of who makes changes to your systems. This frequently missed step can be useful when determining whether an event is the result of a security incident, human error, or authorized action.
Change Default Settings
We all do it. We change the settings we want to change and leave others the way they came — especially if we aren’t sure what they do. Unfortunately, your systems have a lot of settings that affect sub-systems in ways you wouldn’t expect. Leaving network settings in their default state gives potential intruders a door for which they may already have the key. Every setting you change makes things harder for them and makes you safer.
Encrypt. Encrypt. Encrypt.
Encryption makes it far more difficult for cybercriminals to use any data they successfully intercept, but a lot of encryption protocols have already been broken to the point of obsolescence. Stay current using these best practices:
- Disable web-based management (if you aren’t using it)
- Verify that your certificates are strong and accepted
- Disable Telnet and clear text protocols
- Use the latest SSH whenever possible
- Establish a VPN
Tips: Check with your network administrator to determine whether your current encryption protocols meet your needs and schedule regular security reviews. It’s better to be too secure than to lose important assets or time.
Be sure to include networking devices’ software in your updating schedule. It isn’t always necessary to install a new version when your OS updates, but it’s important to protect against the most current threats, making regular patching a key part of your defense against intrusion.
Other steps you can take to protect from intrusions include:
Remote Console Timeouts
Timeouts of 15 minutes or less can protect you from malicious acts when users are away from devices.
Network Time Protocol synchronizes computers to UTC and utilizes algorithms to properly coordinate time between hosting time servers so you know when your system is accessed.
Disable Unused Interfaces
Disabling unused interfaces can help prevent intruders from using old forms or APIs to access your network.
Ensure that system downloads or updates are not corrupted or malicious.
Restrict Inbound/Outbound ICMP
Limit unauthorized network infrastructure exposure while still reaping the benefits of network monitoring.
Enable Anti-Spoofing Rules
Prevent bad actors from fooling your system into believing they’re within your trusted network.
Traffic rules dictate what’s allowed to pass in and out of your network. They’re an instrumental part of your router and network firewall security strategy. Let’s take a look at some steps you can take to reduce the risk of data and other assets being lost or accessed via your network.
Use Approved Ports and Services
Ensure no one can find unprotected points of access directly or via unreliable software. Work with your network administrators to maintain a list of approved ports and services.
Limit types of data that enter and exit your network by specific means. Work with your network administrator to create policies for information traveling in or out.
Avoid “Any”-Based Rules
Rules based on “any” (an easily circumvented coding catch-all) can’t shape traffic securely. Assess specific risks most relevant to your organization and ensure they’re covered effectively.
Is Your Network Firewall Security Really Secure?
The more sensitive the assets you need to protect, the more secure you must make them. It seems like a simplification, but if you’re housing sensitive data, you should go above and beyond to protect your business and all relevant stakeholders.
If you have questions about network firewall or router security, contact AIS Network’s experts today. We’re here to help protect your business-critical infrastructure.