These days, more and more businesses are doing more and more things on the internet. Phones, video surveillance cameras, and other devices have become almost as popular as the computers sitting on every employee’s desk. But if you have all of these devices all sharing the same internal network, you might be endangering your ability to conduct business, your online security and the physical security of your entire facility.
There are many reasons for this, one of which is related to how we’ll be able to monitor the network effectively. Each of the additional devices on the network creates its own traffic over the network. Security cameras create a particularly large amount of data, given their need to always be on and sending data for storage. Similarly, VOIP phone systems create a tremendous amount of traffic because there are often so many devices, each with phone calls starting and stopping continually throughout the day. And the same is true for mobile devices and any other web-enabled devices on your network.
As a result, if there is an issue such as a breach, virus, Trojans, or other behavior on the network that jeopardizes your business, finding and analyzing that traffic is even more difficult. Think “needles in very large haystacks.” Our tools will still help us to find the offending traffic, but the more traffic over a network, the smaller that needle seems to be.
An additional threat of network-enabled devices is that many of them “phone home,” looking for software or firmware updates, and then automatically install them. If that device installs software that is infected with malware, it could infect your whole network. Similarly, if the device was manufactured by a less-than-reputable manufacturer, it could be sharing information about your network or data with people who have no business knowing it.
When video cameras, phones, medical equipment and other devices are added to your network, often the vendor will do the installation. Unfortunately, most vendors are more concerned about making their equipment work in the quickest and easiest way possible than they are about your overall business welfare. As a result, they often change firewall and other security settings -- specifically by opening more ports and protocols than are truly necessary -- in order to allow their device’s traffic in and out of the network, without regard for leaving open ports and other opportunities for breaches.
If this new equipment is on the same network as your primary business workstations and servers, they have increased the chance you will be breached.
The popularity of WiFi causes many companies to provide it as a service to both employees and visitors to their offices. As a result, many IT individuals, departments and outsourced providers will add WiFi access points to office computer networks, increasing traffic and decreasing the security on the network.
WiFi devices of employees are often allowed onto these networks without the same level of security that IT providers would install onto desktops and laptops. As a result, WiFi users (including guests) may join the network after already having their devices infected by a virus or Trojan, essentially creating an open door for malware to infect your business.
The Solution: Separate Networks For Separate Tasks
Whenever we begin working with a new client, we analyze the network for exactly these issues and many others that can lead to security problems. Our primary goal is to isolate and protect the primary business computing resources -- workstations and servers -- from all of the other traffic that might be present on the network. Here is how we do that:
- Primary Business Network -- We start by creating separate virtual networks on the company’s firewalls, and then connect the primary business resources to this first virtual network. We lock down this network, only opening the necessary ports and protocols for this network.
- WiFi Networks -- We then separate out the WiFi networks -- one for employees and a separate one for guests -- in much the same way. Guests are denied access to the primary business resources, while employees may be granted access, limited to the role of the employee or device.
- Other Devices -- Similarly, we put VOIP phones and IP Cameras, as well as other specialized devices (such as medical equipment) on their own virtual networks as well. And because the needs of these devices are each unique and specific, we can lock down ports and protocols extremely tightly.
These Virtual Network configurations prevent a wide variety of hacks, such as a breach of a company laptop through ports opened up for the security cameras, or hacks of your VOIP phones through a virus brought in through a visiting wireless device.
And these configurations also greatly simplify the detection, analysis and prevention of hacks on any of the virtual networks because there will be far less traffic on any one of the networks. The haystacks become smaller, and the needles become far easier to find and remove.
Worried About Your Own Network Security?
If you do not know for certain that your own network is configured with separate virtual networks for all your devices, there’s a very good chance it wasn’t set up this way. And if that’s the case, your business may be exposed to more threats than you had imagined. It’s better to know than not know, so let’s find out for sure. Digital Uppercut’s team of Cyber Security Experts can visit your office, create a preliminary network security analysis, and give you the easy-to-understand results. Contact us online or call us today at 818-913-1335 and let’s set a time to visit.