Network Security Best Practices & Complete Guide
As society has become more digitized than ever, it has become increasingly important with network security. We store increasing volumes of critical data digitally and this is why it becomes crucial to protect our networks. Network security is about protecting the underlying infrastructure and information from unauthorized access, misuse, bug fixes, and other cyberthreats, thereby creating a secure platform for computers, users, and applications.
For most people and companies, most things happen via the network. This makes the network the natural place to deal with an increasing number of security threats. More and more different units are connected and traffic volumes are increasing. Complete solutions are required that provide control, transparency, and easy handling
Security starts naturally in the network. The network is the point at which all devices are connected and where all communication is visible. A properly designed network is a perfect base for managing the rights of all communications and for ensuring that all resources only have access to what they are supposed to have access to.
The challenge of network security is multifaceted. Both the complexity and the volume of traffic increase. More and more different types of devices will be connected, such as servers, end-user client devices and IoT devices, as well as applications that need access. And they communicate with each other to a greater extent and in new combinations. Add this communication to and from cloud services.
Access needs to be controlled in several different ways between different types of connected devices. Two examples are that not all end-users should be able to reach the same resources and that not all applications should be able to reach the same servers. It takes a well-thought-out structure and a compelling segmentation to solve this in a scalable way. This is done with integrated platforms with broad functionality and with automation.
Tips for increased network security
Let’s have a look at the best and most important tips and steps for network security, keeping your data safe, and preventing cyberthreats and attacks.
Get an overview of which devices are connected to the network
Many people have good control over computers and mobile phones in the network, but what about all other devices? Printers, cameras, projectors and sound systems – today many of these are connected to a network.
Before you can protect yourself, you need to know what to protect and what to protect yourself against. Both are easier said than done, but the good news is that it is not impossible. There are several simple free tools that can provide an overview of what is connected to the network.
To begin with, there are several apps and software that scan your network and show which devices are connected to it. This helps you identify all the connected devices.
The most important thing is to scan the networks that are visible to users and guests. Also, keep in mind that there may be other networks that are not necessarily visible to users. These should also be scanned and monitored.
Devices that are not needed should not be connected to your network.
Basically, only devices that actually need to be connected to your network should be connected. As a starting point, you can keep only the devices you use the most connected.
Separate guest network
A good tip is to offer guests a separate network where the devices can only talk to the internet and not to each other. This is particularly important if you are running a company. The guest network should be secure, preferably with a one-time password. Open networks are not recommended.
With your own guest network, you get better control and an overview of who joins the network. In addition, you can control:
- How much of the total bandwidth the guest network should get
- How much each device can use
- How the network can be used
Divide the network
Business systems are the “lifeblood” of the business. Only computers and servers approved and managed by the company should be connected to the networks that communicate with them. To set up your network securely and conveniently:
- Servers, computers and mobiles should have their own networks. Through the firewall, you can control traffic to and from the network and the company’s business system.
- Devices such as public printers and information monitors should not be on the same network as business systems. Only the data traffic that is to be forwarded to the business system. Payment systems and IP phones should also have their own network.
- Cameras, alarms, ventilation, sun protection, security systems, amongst other things, are often connected to a network. These should be completely isolated and preferably not on the internet.
- Unauthorized devices that are connected via cable should be isolated without internet access.
Configure and protect your wireless network
If you are installing a network in your company, it is important to make sure that the network is configured correctly. Using a default setting significantly reduces security.
It is important to have a good firewall. With a firewall, the company will always have a security solution that ensures first-class defense for the company’s infrastructure. By classifying all traffic based on application, user and content, the firewall sorts out malicious software.
Do not use a default password
Replace the default password with a new, strong password. It is recommended that you use unique passwords on the various services and systems you use instead of changing passwords often. For example, create a password recall rule that ensures that you can create variations across a phrase that ensure unique passwords for each service.
We mainly make two mistakes when choosing and using passwords. On the one hand, it is often far too short and thus easy to guess, and on the other hand, we use the password in several different places.
It is not uncommon for hackers to access the user databases of various online services. Even if the passwords are hashed, ie not visible in clear text, they are not completely secure. Those who have come across the database can try to crack the encryption on their own computer in peace and quiet with the help of special programs. It can be compared to trying to log in billions of times a second.
One way to “crack” the password is to compare it to a list of common words. Another way is to simply guess all the possible combinations. So it is bad to have only one name or word as a password. It is also less good to have a short password.
A good password is both long and contains both uppercase and lowercase letters, numbers, and other characters – which unfortunately makes it almost impossible to remember. A tip is therefore to use a whole sentence that means something to you as a password, and put in numbers or other characters. More and more security experts believe that length is essential.
Hackers, fraudsters, and cybercriminals know that we often use the same password in several places. If they come across a password, they will test it on all possible services. It’s really bad if they get into your email account. They can then use the “forgot password” function on other websites and get a new password emailed to them. Use a really good – and unique – password for the email!
Keep the devices up to date
It is important that all devices you use are up to date. This applies to all applications and programs on the device, as well as the operating system itself. A good tip might be to turn off the devices once a week. When the device is turned on again, you will usually be notified of available updates.
Make it a habit to regularly update your devices so that they are running on the latest software version.
As a company, establish employee routines and guidelines to ensure your employees follow security guidelines when connecting their devices to the network. In this way, the company can ensure the security of its critical systems and limit the attacks should they occur.
Safety is also about further training of employees. It is important to ensure that they have a good knowledge of how cybercriminals try to access their devices and username and password information.
There are some things you should always do to protect your computer and your data. Keep in mind that if you neglect safety, it can affect both yourself and others.
No computer, or mobile phone, and tablet for that matter is completely safe from malicious code. And yes, this also applies to Apple’s computers and mobiles. Fortunately, there is a lot you can do to minimize the risks.
One way to make it much harder for cybercriminals is to use two-factor login. You already have it on your online bank, where two levels of identification from two different sources are required. For example, first you need the password, and then you need to enter a code that you received via SMS. Other online services, such as Gmail and Facebook, also allow you to use two-factor login.
A home-made variant is to write down a long and complicated password on a note in the wallet. Does it sound the opposite of what you have heard? As a rule, you keep a close eye on where your wallet is and quickly discover if it disappears. But write the password in such a way that the finder – if you now accidentally lose your wallet – can not guess what it can be used for.
One last variant, perhaps most useful for the web services you rarely use, is to create a password by typing wildly on the keyboard for a few seconds. When you want to log in next time, use the service’s “forgotten password” function instead to get a new one.
Even if you have the world’s most secure password, it does not matter if you give it to the cybercriminal.
Keep track of the programs
All programs can contain security holes that allow malicious code to enter your computer. It is therefore a good idea to never install programs unnecessarily and to uninstall those you have stopped using. This also applies to plug-ins, plug-ins for browsers such as Flash.
Always update your computer’s operating system, software, and plug-ins as quickly as possible. Feel free to choose to download and install new updates automatically, if you can make that setting during installation. Then you minimize the risk of malicious code slipping in through newly discovered security holes.
Never install programs you are prompted to in windows that appear when you browse. There are false messages that you have been infected with a virus, should update drivers or the like, and need to download something that solves the problem. Always close such prompts. Go directly to the software vendor’s website instead, if the message looked genuine, and update there.
Updating the Router
Just as programs can contain security holes, your wireless router can as well. A hacked router can infect all computers that connect to it with malicious code, intercept passwords and send you to the cybercriminal’s site instead of the bank’s when you log in.
This is why it is so important to make sure that you update your router on a regular basis. Update the router’s software and firmware, to the latest version, change default password to admin page, and make sure that any possibility to remotely control the router is rejected.
No computer should be used without a security program, also known as an antivirus program, that specializes in detecting malware. There is a great risk that you yourself will never notice if your computer has been infected. Many antivirus programs also have features to block malicious websites and stop intrusion attempts.
The advice applies to both PC and Mac users. Although most malware is targeted at Windows, Mac is not a protected zone. As we use mobile phones more and more, fraudsters also focus on malware for that platform as well. There are security programs that cover both computers and mobiles.
There are both free antivirus software and programs that cost money. Remember that an antivirus program never provides 100% protection against new malware, and must always be kept up to date.
A good piece of advice is also to activate the security functions of your operating system, such as a firewall and similar. Another is not to “jailbreak” your iPhone in order to install applications that are not approved by Apple, as it reduces security.
There are two things you should know about email that you probably have not thought of. The first is that an email message can be seen as a postcard. Meaning that anyone in the chain of computers that distributes the email could also potentially read the content -just as the postman can read the back of a regular postcard. Therefore, never write theft-prone information, such as a card number, in an email.
The second thing is that the sender of an email is easy to counterfeit. It may look like you’re getting an email from someone you know or a company you do business with – but in fact, the email is from a scammer.
Secure card payments
Paying with your credit card online is usually very secure, as long as you think about a few basic things.
First, never disclose your card details on an unencrypted web page. If it isn’t, your card details will be sent in clear text over the internet, and anyone on the road can intercept them. You see that a page is encrypted by the fact that it says https instead of http in the address bar and that a locked padlock is displayed.
Second, do not disclose your information to any strange-looking site. Illegal sites can just as easily steal your card details as not deliver what you ordered.
As always, there is a risk, albeit a small one, that a serious e-retailer will have their database hacked, and card numbers spread to fraudsters. It can be good to know that many online stores let a third-party payment solution provider such as Paypal handle the card payment, which you will notice if you are redirected when it is time to pay at the checkout. That way, the merchant will never find out your card details.
Previously, only card numbers, validity periods and CVV numbers (the three-digit code on the back) were needed to shop online. Nowadays, both Visa and Mastercard have an extra security function that many people use, where you have to confirm the purchase via e-identification or a code you receive via text message, most often known as 3D-secure.
However, as there are still merchants, especially abroad, who do not have this extended security system, you should still be very careful with your card information when shopping online. If you are shopping at an established and reputable online store, you can expect that they have a greater level of security.
Many online banks have systems where you can restrict your card for purchases abroad, or for purchases over the internet. These locks can be unlocked temporarily when you go on holiday or online shopping.
Connecting to an open wireless network when you are at a café or when raveling can be tempting. If the network is not encrypted, it means that the traffic can be intercepted by anyone nearby. This means that fraudsters can come across login information and other valuable information that you send.
A cybercriminal can also set up their own network, name it “McDonald’s”, for example, and then tracks everything you do, or install malicious code on your computer. Because the networks you have logged in to before are saved in a list, your computer or mobile tries to log in to networks with the same name automatically – even though it may not be the “real” network.