Security in network management

The protective dome for your IT infrastructure:
Higher network security with the LMC.

On the safer side

A fascinating look into the engine room of security from the LANCOM Management Cloud

Inconspicuous and undemanding on the inside, tough and relentless on the outside: The nice thing about the security concept of the LANCOM Management Cloud is: Even if you do nothing, the most important thing has already been done to protect your IT infrastructure against damage.

Well, doing nothing is not entirely correct, because the LANCOM cloud-managed security concept does require the permissions to go active on the relevant network, and three clicks is all it takes.

Three clicks to cloud-managed security

Under the "Security" tab, the triumvirate of the "Allow traffic from this network to the Internet", "Anti-Virus" and "SSL Inspection" switches is activated. The story could end there. If only it weren't so exciting to consider the impressive defense machinery that comes to life with this seemingly harmless sequence of clicks.

The hard way: Controlled admission with special treatment

The basic philosophy of “Unified Threat Management (UTM)”: Viruses, malware, attacks – anything that remotely smells of a threat cannot set foot on company premises, but is rigorously blocked wherever the company IT has contact to the world outside, the Internet.

Bouncer for the IT network

The LANCOM firewalls or the routers with integrated security functions act like unrelenting bouncers. You could imagine it were the entrance to the toughest disco in the world: Anyone wanting to get in is frisked, facial recognition and fingerprints are compared to an up-to-date database of criminals with billions of entries and, if there is any doubt, they are taken to a secure room where they are tested for potential aggression. Only then is the decision made: Guest or threat.

Secure Web Gateway

The secure web gateway that is the firewall ignores the header of the data packets, which, like a label on a delivery package, contains information about the sender and recipient and which provides administrative and control data. Nor does it act like a customs officer, who randomly opens suspicious packages and checks their contents. Instead, each individual data packet is thoroughly screened and examined for potential risks.

The technical requirement for this strict door policy is the ability of the firewall to identify itself to the sender as the recipient of the data packets, which it basically is not. All it does is channel the data traffic to the true recipients, i.e. the PCs in the employees' offices.

Total screening: Data packets and X-rays

This masquerade for a good cause involves a security certificate shared by the firewall and the client PCs, so providing the necessary permissions. This is the only way that the firewall can decode the SSL-encrypted data packets, inspect them and, after checking them, encrypt them again and send them on to the client PCs. In the wilds of the Internet, cyber criminals use similar technical configurations and, without the knowledge of the targeted PCs, they launch what are known as "man-in-the-middle attacks".

Deep Packet Inspection

In its more favorable form, this concept implements what we refer to as deep packet inspection: The data is compared with cloud-based, bang up-to-date virus signatures. As a preventative mechanism against as yet unknown virus groups, so-called heuristic analyzes are used to examine the data packets for suspicious patterns and characteristics.

Intrusion Detection / Prevention & Sandboxing

If suspicions remain, the data packets are uploaded to a protective portion of the cloud called a sandbox, where packets can be opened and their behavior examined without fear of damage. Incoming e-mails and their attachments are handled the same way. This rampart uses the best available tools to block and eliminate viruses, malware, Trojans, spam, and phishing attempts.

Also part of the security concept is the intrusion detection and prevention, which combats a wide variety of network attack variants.

Concerted action: Security through an all-round program

This core of LANCOM network security is embedded in a whole series of conditions that are typical to cloud networks and specific to LANCOM solutions, which combine to form a holistic security concept:

VLANs

Dividing the networks into VLANs creates security boundaries and also enables individual security settings according to the requirements of the particular departments or user groups.

Automation

The automatic transmission of network settings to the network components prevents the incorrect settings from manual interventions, which dramatically increases the security – and also the reliability – of the company's IT.

Updates & Patches

Another huge step towards security through prevention is the automated deployment of software updates and patches to all components in the cloud network. Security loopholes resulting from late manual updates are now a thing of the past.

24/7 Monitoring

Meaningful, individually configurable dashboards provide round-the-clock monitoring of the security situation at the company.

Auto-VPN

Auto-VPN ensures that all data traffic between the sites are securely encrypted with just one click. And two additional clicks are all it takes to generate and exchange new VPN keys.

Passwort generator

A single click activates the automatic password generator, which instantly replaces the main passwords.

Customized security for every case

In terms of prevention, IT managers can still use small manual interventions to customize the protection concept and meet user requirements and restrictions. The aim here is to avoid putting defense-system capabilities to the test in the first place, and to close out possible sources of danger such as vulnerable services and content that are anyway not necessary for professional contexts:

Application Management

This feature allows individual applications or entire groups of applications to be blocked for specific networks with just a few mouse clicks: Do the colleagues in HR really need access to social media? LinkedIn for sure, but Facebook? Maybe not. Peer-to-peer networks can be excluded, be it a file sharer like BitTorrent or Mojo. On the other hand, Facebook may be of vital importance to the marketing department, although they do not need access to Amazon, for example.

Incidentally, blocking services is not the only option here. In the interest of better performance, firewalls can “wave through” some services unchecked: Office 365 presents no risk, and neither do trusted video conferencing systems such as “GoTo”.

Content Filter

Risks are presented not only by services, but by websites too. Merely visiting a page can land you a "drive-by" attack from a Trojan or other malware, without even clicking on anything.

Entire product categories such as pornography, games or drugs are easily blocked with just one click. By the same principle, even entire category groups such as spam or malware can also be shut out. Those who particularly value the protection of minors will also be pleased with the integrated official domain list with content harmful to minors from the "Bundesprüfstelle für jugendgefährdende Medien" (German Federal Review Board, BPjM), which is constantly updated.

Control is good, trust is important

Multi-layered security architecture like this guarantees the highest level of security – security through control. But: Control isn't everything. There is one more decisive aspect: Trust. And LANCOM stands for that trust. As a subsidiary of the renowned test & measurement specialists Rohde & Schwarz, we have been active in the market for over 20 years. We develop in Germany, assemble in Germany, and host in Germany. Your data in the cloud never crosses the borders of the Federal Republic of Germany and is therefore at all times subject to European and German data protection regulations (GDPR). Highly professional data centers ensure optimal security in terms of data protection and digital sovereignty.

And all of this makes us unique in the cloud-based network management market, and this is how we aim to win your trust.

Everything about network security

There is so much more to know about network security. For example, how to build a secure network at its core, choose the right firewall, and increase network security quickly and efficiently. Or maybe you're interested in which network threats and protection mechanisms exist, which immediate measures secure your existing devices in the shortest possible time, how Unified Threat Management works in detail or how you can eliminate yourself as a possible security risk.

You're welcome to read all about it in our network security theme pages.

To the network security theme pages

Better safe than sorry.

And if you want to be absolutely sure whether the LANCOM Management Cloud is also something for you: Simply log into the test system and put the security functions through their paces!

Request "live view access

More about


We answer your questions

Your direct line to us

Most questions can be resolved best in direct contact.

We look forward to answering your questions and requests by phone or via the contact form.

Inside Sales International Team
+49 (0)2405 49936 122