Securing the network (part 1) #CyberSecMonth

by | Nov 9, 2018 | CyberSecMonth, News & Events

A week dedicated to network security

We continue to distribute our #CyberConseils with a new topic: Network security. The ANSSI hygiene guide recommends 8 measures to secure your network, so it is a dense and complex subject. That’s why we decided  to cut it into two parts for more readability and simplicity. Find the second graphic design and our recommendations in a few days. Don’t worry, this article should give you something to keep you busy while waiting for the next step!

Protect your network for more security

Internet access has become almost indispensable in a professional context. Unsecured access to the Internet can become the source of many problems: malicious code, downloading dangerous files, taking control of the terminal or even the terrifying leak of sensitive data. Securing the organization’s network therefore means ensuring the integrity of the information system!

securing the network part 1 graphics

To better protect your information, organizations must be more than vigilant about connecting to the Internet. It is important to set up “barriers”, whether to access the network or between workstations, to ensure the security of the system and to be able to act more easily in the event of a cyber attack.

What can be done to secure the network?

Segment and partition:

A network without partitions allows any machine to access another machine connected to the same network. If one of them is compromised, all connected machines are also threatened. The design of the network architecture must therefore be thought of by segmentation into zones composed of systems with homogeneous security needs. It is recommended to segment the different servers (infrastructures, business…) and the different roles on the network (users, administrators). These areas consist of VLANs, dedicated IP sub-networks and dedicated infrastructures if required. IP filtering and firewall allow to promote the partitioning of zones. It is also important to compartmentalize the equipment and flows associated with administrative tasks.

Organizations must set up a secure gateway to the Internet. This protection measure must contain a firewall that filters connections and a proxy that authenticates users and logs requests. This way, you will have a partitioned and secure network. In case of an attack, thanks to logging, you will quickly find the origin of the vulnerability.

The use of secure and common network protocols, such as those based on the use of TLS, ensures network integrity.

Control Wi-Fi access networks:

The use of Wi-Fi can present a risk in a professional environment, particularly in view of the poor control of the coverage area or the lack of secure access configuration. Thus, the segmentation of the network architecture limits the consequences of an intrusion to a specific perimeter of the information system. Important steps to secure your network:

  • The flows of workstations connecting to the Wi-Fi network must be filtered and restricted.
  • It is also important to implement robust encryption and centralized authentication  through machine client certificates.
  • The wifi network should not be secured with a single shared password. If this is not possible, this unique password must be complex and renewed regulary.
  • Login passwords must not be disclosed to unauthorized third parties.
  • Access points must be managed in a secure manner.
  • Wi-Fi connections of personal terminals or visitors must be differentiated from Wi-Fi connections to the organization’s terminals (usually with a Wifi guest).

How to apply these solutions?

Securing the computer network is not easy without special skills. To act effectively, you need good methodologies and appropriate tools. Tools can be obtained easily and quickly, unlike methodologies that are more complex to address. These methodologies can be obtained through in-house training or with the assistance of an expert such as Tranquil IT.

To start, we recommend contacting a PASSI to conduct an audit of your fleet. Audits are classified into several categories:

  • Architecture audit
  • Configuration audit
  • Source code audit
  • Intrusion tests
  • Organizational and physical audit

ANSSI certifies the audit bodies on each of these criteria individually. Not all PASSI are qualified for all criteria, refer to the PASSI list for more information. Once your audit is complete, we can help you apply the audit bodies recommended to secure your network.

Get help from an expert

Tranquil IT has more than 15 years of experience in securing the local network. Have yourself audited by an Information Systems Security Audit Service Provider (PASSI) and entrust us with the implementation of their recommendations. We combine Software Restriction Policies (SRP) to establish security barriers, Samba Active Directory for user rights management and WAPT for application control to ensure the security of your IT assets. This “winning combination” and our DevSecOps methodologies allow us to act efficiently and securely on any fleet.

Do you need to secure your computer equipment?

What you shouldn’t have missed:

Who to follow during #CyberSecMonth?

Articles not to be missed:

Find all our recommendations on Twitter and LinkedIn and on hashtag : #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.

WAPT Self Service: Allow users to install software

WAPT Self Service: Allow users to install software

At Tranquil IT, we work on a daily basis with system administrators who are looking for fast and efficient solutions to manage and secure their IT assets, which is certainly why they come to meet us (hello WAPT). And if there is one problem that any AdminSys is likely...

read more