Step by step towards greater network security

    Reports of successful, devastating hacker attacks on companies of all types and sizes have unfortunately become a daily reality. In what is other­wise a positive increase in the digitalization of work processes, the issue of network security becomes an even greater challenge. Even if you have not yet invested in a professional security infrastructure, for example with a UTM firewall, you can protect your facility and your work processes from cyber attacks with just a few steps, even with your existing network equipment. Find out which device settings you can use to quickly and easily provide more network security.

    What can you do right now?

    Have you done all you can to arm yourself against the steady increase in cybercrime? Is it your job to ensure the best possible protection of your company against IT attacks, without making new investments? Regardless of whether you are an IT admin, a network technician, a security-conscious reseller partner, or whether you are just curious about how to protect your network from hackers, quickly and effectively – these days, no industry or size of company is spared from cyberattacks. And yet even without a budget for new cybersecurity equipment, you can take effective measures against data theft and ransom demands. The following tips help you to use your existing resources and equipment to ensure an effective level of network security.

    Routers and firewalls

    Router and firewall settings that increase your network security:

    • Allow only encrypted Internet protocols like HTTPS or SSH, and deactivate unnecessary or unencrypted Internet protocols like HTTP or telnet
    • Block any external access to your devices and always use a VPN connection, even when configuring remote routers/firewalls
    • Close unused ports in the router/firewall
    • Block all Internet-based access to any end devices that are directly connected to the router (e.g. printer) and close insecure entry points
    • Follow the latest security recommendations and use IKEv2 as the VPN protocol with at least AES-GCM and SHA-256 for encryption (now out of date and therefore insecure: Protocols like PPTP or algorithms like MD-5 or SHA-1)
    Firewall settings
    Wired switches in a rack with reference to BSI certification

    Switches

    How switches secure your network:

    • Deactivate any unencrypted and unused Ethernet ports
    • Use VLANs to segment networks for different applications or departments: Use different VLANs to keep any configuration ports in the management VLAN isolated from the end-user networks and endpoints
    • Check Ethernet-port endpoint connections and close any open ports
    • Introduce port authentication via IEEE 802.1X certificates or MAC-address authentication to monitor and control port usage
    • Switch off unnecessary and insecure remote configuration channels

    Access points

    How access points help to secure company networks:

    • Use the latest encryption standard WPA3
    • Reduce the transmission power of the access points to a minimum: Prevent your network from being received outside your own premises
    • Separate the Wi-Fi into different SSIDs for specific user groups
    • PPSK / LEPS: Private pre-shared keys (PPSK) for users or LEPS with LANCOM devices allow you to restrict and better monitor endpoint authorizations or remove individual employee keys from the database when employees leave the company
    People change security settings
    Person explains something to a group on a white boar

    IT security

    Help your personnel to a better general awareness of IT security at work:

    • Offer regular training courses for employees, e.g. on secure passwords or how to deal with phishing mails
    • Prevent the use of unauthorized USB sticks and other private data media from connecting to the company network
    • Keep everything up to date and regularly install the latest security updates for software and devices
    • Organize daily data backups
    • Use a customized, professional UTM (Unified Threat Management) firewall
    • Work with IT administrators and specialist resellers to develop an overall cybersecurity concept and eliminate any vulnerabilities

    How to secure your network

    As an IT admin, being responsible for network security is a considerable burden. We will not leave you alone with this: Cloud-managed LANCOM products reduce the likelihood of human error and provide the best possible network security, everywhere and at all times. Even after you invest in a professional LANCOM R&S®Unified Firewall, we offer ongoing guidance with user-friendly tutorials, features, service, support, and training courses. All this helps you on your way to a level of security that lets you sleep soundly at night even when you hear about successful hacker attacks on other companies.

    Collage of LANCOM R&S®Unified Firewall products
    photo of Robert Beckmann

    Inquiry

    You have questions about our products or solutions, or are you looking for a LANCOM sales partner? Then let us know your wishes via contact form or feel free to contact us by phone.

    Inside Sales International Team

    Phone: +49 (0)2405 49936 122