Reports of successful, devastating hacker attacks on companies of all types and sizes have unfortunately become a daily reality. In what is otherwise a positive increase in the digitalization of work processes, the issue of network security becomes an even greater challenge. Even if you have not yet invested in a professional security infrastructure, for example with a UTM firewall, you can protect your facility and your work processes from cyber attacks with just a few steps, even with your existing network equipment. Find out which device settings you can use to quickly and easily provide more network security.
Have you done all you can to arm yourself against the steady increase in cybercrime? Is it your job to ensure the best possible protection of your company against IT attacks, without making new investments? Regardless of whether you are an IT admin, a network technician, a security-conscious reseller partner, or whether you are just curious about how to protect your network from hackers, quickly and effectively – these days, no industry or size of company is spared from cyberattacks. And yet even without a budget for new cybersecurity equipment, you can take effective measures against data theft and ransom demands. The following tips help you to use your existing resources and equipment to ensure an effective level of network security.
Routers and firewalls
Router and firewall settings that increase your network security:
- Allow only encrypted Internet protocols like HTTPS or SSH, and deactivate unnecessary or unencrypted Internet protocols like HTTP or telnet
- Block any external access to your devices and always use a VPN connection, even when configuring remote routers/firewalls
- Close unused ports in the router/firewall
- Block all Internet-based access to any end devices that are directly connected to the router (e.g. printer) and close insecure entry points
- Follow the latest security recommendations and use IKEv2 as the VPN protocol with at least AES-GCM and SHA-256 for encryption (now out of date and therefore insecure: Protocols like PPTP or algorithms like MD-5 or SHA-1)
How switches secure your network:
- Deactivate any unencrypted and unused Ethernet ports
- Use VLANs to segment networks for different applications or departments: Use different VLANs to keep any configuration ports in the management VLAN isolated from the end-user networks and endpoints
- Check Ethernet-port endpoint connections and close any open ports
- Introduce port authentication via IEEE 802.1X certificates or MAC-address authentication to monitor and control port usage
- Switch off unnecessary and insecure remote configuration channels
How access points help to secure company networks:
- Use the latest encryption standard WPA3
- Reduce the transmission power of the access points to a minimum: Prevent your network from being received outside your own premises
- Separate the Wi-Fi into different SSIDs for specific user groups
- PPSK / LEPS: Private pre-shared keys (PPSK) for users or LEPS with LANCOM devices allow you to restrict and better monitor endpoint authorizations or remove individual employee keys from the database when employees leave the company
Help your personnel to a better general awareness of IT security at work:
- Offer regular training courses for employees, e.g. on secure passwords or how to deal with phishing mails
- Prevent the use of unauthorized USB sticks and other private data media from connecting to the company network
- Keep everything up to date and regularly install the latest security updates for software and devices
- Organize daily data backups
- Use a customized, professional UTM (Unified Threat Management) firewall
- Work with IT administrators and specialist resellers to develop an overall cybersecurity concept and eliminate any vulnerabilities
„Cyberattacks are omnipresent and constitute a huge threat to the entire economy, regardless of size or industry. The rapid increase in mobile work and cloud services is also making companies even more vulnerable to cyberattacks. While greater flexibility is achieved through remote work and cloud services, the new structures, at the same time, create new attack vectors for cybercriminals which should sound the alarm bells with IT security experts.“ – techconsult study from 2022
From now on, you can check how secure network components are when you buy them: With the IT Security Label of the German Federal Office for Information Security (BSI) as a QR code on the product packaging, you can call up all the important security information of the product on the BSI platform. Only those products that guarantee to meet the security requirements of the BSI are awarded the label. Many LANCOM routers are already part of this new standard of consumer protection and transparency.
As an IT admin, being responsible for network security is a considerable burden. We will not leave you alone with this: Cloud-managed LANCOM products reduce the likelihood of human error and provide the best possible network security, everywhere and at all times. Even after you invest in a professional desktop or rack LANCOM R&S®Unified Firewall, we offer ongoing guidance with user-friendly tutorials, features, service, support, and training courses. All this helps you on your way to a level of security that lets you sleep soundly at night even when you hear about successful hacker attacks on other companies.