Network security steps

Rapid reactions for greater network security.
Simply secure device settings.

Step by step towards greater network security

Reports of successful, devastating hacker attacks on companies of all types and sizes have unfortunately become a daily reality. In what is other­wise a positive increase in the digitalization of work processes, the issue of network security becomes an even greater challenge. Even if you have not yet invested in a professional security infrastructure, for example with a UTM firewall, you can protect your facility and your work processes from cyber attacks with just a few steps, even with your existing network equipment. Find out which device settings you can use to quickly and easily provide more network security.

 

Current network security according to NIS2 specifications

Network security is constantly evolving and must meet new challenges. The EU directive NIS2 on network and information security now responds to this requirement and defines clear specifications and sanctions to increase cyber security in EU companies. Are you affected? And if so, what does that mean? Make the NIS2 check and inform yourself on our topic page:
 

All about NIS2

What can you do right now?

Have you done all you can to arm yourself against the steady increase in cybercrime? Is it your job to ensure the best possible protection of your company against IT attacks, without making new investments? Regardless of whether you are an IT admin, a network technician, a security-conscious reseller partner, or whether you are just curious about how to protect your network from hackers, quickly and effectively – these days, no industry or size of company is spared from cyberattacks. And yet even without a budget for new cybersecurity equipment, you can take effective measures against data theft and ransom demands. The following tips help you to use your existing resources and equipment to ensure an effective level of network security. 

Download checklist (PDF)

Routers and firewalls

Router and firewall settings that increase your network security:

  • Allow only encrypted Internet protocols like HTTPS or SSH, and deactivate unnecessary or unencrypted Internet protocols like HTTP or telnet
  • Block any external access to your devices and always use a VPN connection, even when configuring remote routers/firewalls
  • Close unused ports in the router/firewall
  • Block all Internet-based access to any end devices that are directly connected to the router (e.g. printer) and close insecure entry points
  • Follow the latest security recommendations and use IKEv2 as the VPN protocol with at least AES-GCM and SHA-256 for encryption (now out of date and therefore insecure: Protocols like PPTP or algorithms like MD-5 or SHA-1)

Switches

How switches secure your network:

  • Deactivate any unencrypted and unused Ethernet ports
  • Use VLANs to segment networks for different applications or departments: Use different VLANs to keep any configuration ports in the management VLAN isolated from the end-user networks and endpoints
  • Check Ethernet-port endpoint connections and close any open ports
  • Introduce port authentication via IEEE 802.1X certificates or MAC-address authentication to monitor and control port usage
  • Switch off unnecessary and insecure remote configuration channels

Access points

How access points help to secure company networks:

  • Use the latest encryption standard WPA3
  • Reduce the transmission power of the access points to a minimum: Prevent your network from being received outside your own premises
  • Separate the Wi-Fi into different SSIDs for specific user groups
  • PPSK / LEPS: Private pre-shared keys (PPSK) for users or LEPS with LANCOM devices allow you to restrict and better monitor endpoint authorizations or remove individual employee keys from the database when employees leave the company

IT security

Help your personnel to a better general awareness of IT security at work:

  • Offer regular training courses for employees, e.g. on secure passwords or how to deal with phishing mails
  • Prevent the use of unauthorized USB sticks and other private data media from connecting to the company network
  • Keep everything up to date and regularly install the latest security updates for software and devices
  • Organize daily data backups
  • Use a customized, professional UTM (Unified Threat Management) firewall
  • Work with IT administrators and specialist resellers to develop an overall cybersecurity concept and eliminate any vulnerabilities

Cyber Security reimagined

„Cyberattacks are omnipresent and constitute a huge threat to the entire economy, regardless of size or industry. The rapid increase in mobile work and cloud services is also making companies even more vulnerable to cyberattacks. While greater flexibility is achieved through remote work and cloud services, the new structures, at the same time, create new attack vectors for cybercriminals which should sound the alarm bells with IT security experts.“  – techconsult study from 2022

 

Get the complete study for free

How can you recognize a 'secure device'?

From now on, you can check how secure network components are when you buy them: With the IT Security Label of the German Federal Office for Information Security (BSI) as a QR code on the product packaging, you can call up all the important security information of the product on the BSI platform. Only those products that guarantee to meet the security requirements of the BSI are awarded the label. Many LANCOM routers are already part of this new standard of consumer protection and transparency.

More about the BSI IT Security Label

How to secure your network

As an IT admin, being responsible for network security is a considerable burden. We will not leave you alone with this: Cloud-managed LANCOM products reduce the likelihood of human error and provide the best possible network security, everywhere and at all times. Even after you invest in a professional desktop or rack LANCOM R&S®Unified Firewall, we offer ongoing guidance with user-friendly tutorials, features, service, support, and training courses. All this helps you on your way to a level of security that lets you sleep soundly at night even when you hear about successful hacker attacks on other companies.


Downloads


Your network security counts

Learn more about secure networks on our themed web pages.


We answer your questions

Your direct line to us

Most questions can be resolved best in direct contact.

We look forward to answering your questions and requests by phone or via the contact form.

Inside Sales International Team
+49 (0)2405 49936 122