Network security is the provision of measures and solutions to prevent and monitor unauthorized access, abuse and attempted modification of your computer network and network-accessible resources.
At its most basic, network security starts with the authentication of users, usually with a username and password. Protection can be increased by adding a security token or certificate to the authentication process, and thereafter a fingerprint or retinal scan in appropriate circumstances. After authentication, your firewall acts as a further protective layer, by allowing selective access to services dependant on a user’s credentials. While firewalls can and do effectively prevent unauthorized access, they are no longer sufficiently effective against harmful content. Today, your network is also vulnerable to worms, trojans and other malware that require additional anti-virus software and intrusion-prevention systems to prevent and destroy these malicious attacks. Advanced intrusion-detection systems monitor the network for anomalies. Any unexpected or suspicious content or behavior is effectively blocked and your data and resources remain protected.
Sadly, it is an unpleasant fact today that sophisticated means of communication attract sophisticated levels of attack. The cunning and craft of malevolent individuals seems to know no bounds, but we make it our business to stay on top of it all and ensure that your data protection exceeds the skill of those intent on breaching it.
The potential data vulnerabilities are far too numerous to mention and can come from both external and internal sources. In addition to detecting and destroying malware, our processes protect your data on all conceivable levels by, for example:
Monitoring abnormal employee activity and logging it for later audit and analysis.
Securing communications between hosts over a network, by encryption through VPN tunnels to maintain privacy.
All of our clients receive personal network security policies, tailored to their specific needs. Generally, we recommend a minimum three-tier data protection plan, consisting of:
Entry-point data protection
The entry point is where your internal network first encounters external networks. Be it through a browser, a VPN (Virtual Private Network) the internet and any other WAN (Wide Area Network), it is at this point that your organisation is most susceptible to malware threats and external attacks. A resilient firewall or Unified Threat Management System keeps you protected. We recommend Cyberoam UTM (link) and Cisco products as our experience has proven them far superior to their competitors.
End-point data protection
An end-point is any user device capable of storing electronic data that has been authenticated on the network. These include a pc, notebook, smart hand-held device, cell phone, memory stick, CD and DVD. Unfortunately, they are susceptible to content and malware from many sources in addition to the internet. For example, they can easily be infected by the insertion of USB memory sticks and similar devices, even when not connected to the network. Powerful anti-virus and internet security software is vital to protect both these devices and your network. We recommend Sophos and Trend micro suites to protect end-point connections and their users. Additionally, Cyberoam End-point Protection can provide a further layer of protection by encrypting data, and controlling applications and attached devices.
Awareness of the perils of modern communications goes a long way in protecting both your network and your users. Phishing emails, dangerous mobile applications and attacks through social media are only a few examples of potential vulnerabilities, and new inventions turn up daily. We keep you updated about the latest malware and provide advice on issues such as setting strong passwords and the need to change them regularly.
Talk to Aalto to ensure a secure company network.