A Guide to Corporate Network Security

Any company that uses a corporate network for both internal and external interaction needs to pay utter attention to its security. The possibility of data leaks or cyber-attacks may cost a company millions of dollars and a ruined reputation.

In order to protect sensitive data and prevent possible threats, companies need to follow the basics of corporate network security. We collected the most common practices that will help safeguard one’s corporate network and prevent the threat actors from intruding it.

The most common types of risks

Before discussing the best practices of combatting cyber threats, it is important to understand the most common types of these threats. In this way, you will have a clear picture of what might be threatening your network and thus will be able to build a solid security strategy.

A brute force attack

Even though this is a relatively old method, it is still quite efficient and remains a big threat. A brute force attack is a trial and error method of guessing the user’s credentials (meaning, login and password). Most often, a hacker uses the already known credentials to conduct a brute force attack and try guessing the correct combinations.

The brute force attacker normally succeeds when a user has a weak password or uses the same password across different accounts (i.e. different social media platforms). What makes it worse is the fact that today, there is a big variety of automated hacking tools, such as Brutus or THC Hydra, that can find the necessary password or user name in mere seconds. Therefore, it is an absolute must to use strong passwords and two-factor authentication to minimize the risk of such an attack.

A DDoS attack

This type of attack aims to disrupt a network or a system with tons of traffic such as messages, queries, etc. Such an attack is usually performed with the help of botnets that overload the target and result in the exhaustion of the target, service disruption and other unpleasant consequences. So in order to avoid the DDoS attacks, one needs to deploy powerful tools and resources in order to differentiate between normal and malicious traffic.

A malware attack

Malware is malicious software that hackers use in order to disrupt the system and access the network. It comes in many forms and the most common are:

• Worms, Trojan horses, and viruses
• Ransomware
• Spyware
• Adware
• Hybrids

The defense strategy has to be comprehensive, with consideration of all possible attacks and problem areas of the network.

A phishing attack

Another common hacking attack is phishing. It implies tricking the users into doing a certain action that would allow hackers to intrude the network. Such actions may be clicking on a suspicious link or opening an email that contains a virus.

Some of the methods that help avoid phishing are checking the email or website security, having anti-virus software and using firewalls. It is also critically important to educate the users about the possibility of such an attack and explain that they should treat any suspicious email or website with extreme accuracy.

Now that we had a look at the most common attack types, it is time to see the basic network security practices.

Deploy network defense methods

Even though the methods below may seem quite common, not all the companies deploy them to safeguard their network:

• Firewalls: come as both software and hardware solutions and serve as the first line of defense in a network. It is heavily recommended not to disable personal firewalls but rather configure them in accordance with the needs of your company. As for purchasing a corporate firewall, carefully analyze its features and whether it can provide the needed defense.
• IDS and IPS: use Intrusion Detection System and Intrusion Prevention System to timely identify a potential intruder and take preventative measures to avoid the network breach. Even though the deployment of these systems (or at least, the IPS one) may be costly, it will still cost you less than recovery from an attack
• NAC: Network Access Control is a tool that restricts access to the network only to those devices that comply with the company’s security policy. However, NAC is the most useful in a static environment and is not a very suitable solution for networks with a diversity of users and settings (i.e. healthcare or education).
• Web filters: prevent users from loading certain web pages that seem suspicious. There are many types of web filters, including the ones for enterprise use, so a company can easily select the most suitable one.
• Load balancers: these devices direct computers to individual servers with an aim to minimize the server load and balance the bandwidth.

Perform network segmentation

Network segmentation means segmenting the network into smaller segments which are called zones. Zones are functional units and every zone can be used for a different purpose: a sales zone, a research zone, etc. You can perform network segmentation by using either switchers or VLANs.

The main benefit of network segmentation is the minimization of potential damage by breaking down one target into several. In this way, a hacker will either need to treat each segment as a separate network or jump from a comprised zone to another. But in either case, a hacker will have to spend too much time and resources and will most probably not succeed in intruding the network.

Another benefit of network segmentation is data protection and classification. Each zone can be assigned different classification rules and therefore it will have an appropriate security level.

Use VPNs

A Virtual Private Network is a secure network connection that creates kind of a “tunnel” through which the data securely travels. To ensure data security, VPNs normally use such protocols as Layer 2 Tunneling Protocol, IPSec, Point-to-Point Tunneling Protocol (PPTP). As well, VPNs encrypt the data which is an additional bonus of using this solution.

It is important to note though that VPNs alone do not protect the network from phishing attacks or similar threats. So it’s best to combine VPNs with other security methods to ensure 360-degree network security.

Enhance authentication and user access

While trying to secure the network, companies pay close attention to external threats such as malware and tend to overlook internal threats such as unauthorized users.

Two-factor authentication is one of the most common and efficient ways of securing the network. It requires not only the credentials (login and password) but also access to an external device (another mobile device, email, etc.) in order to confirm the user identity.

As well, pay attention to the user roles and levels of access. Different users should have different levels of access to the network and it should be thoroughly monitored. Among other practices of authentication optimization are session expiry, password encryption, disposal of cookies upon logout, limited login attempts. All these practices add to the network security and minimize the possibility of a threat actor logging in the system.

Automate the responses to attacks

A company may actually prevent or at least mitigate a number of hacker attacks simply by automating the responses to the attacks. This feature is provided by a number of software solutions and devices and includes the following actions:

• Block of the IP address (can be performed by a firewall or IDS),
• Disruption of the connections,
• Collection of information about the potential intruders.
• Identification of the way the malicious software was used.

By automating certain processes, it will be much easier for the company to timely identify and react to the threats and minimize their effect.

Final thoughts

Network security is a comprehensive subject to discuss. It involves many aspects: both external threats that need to be addressed and internal threats related to the employees’ knowledge of security basics. Therefore, any company that wishes to safeguard its network and protect the data needs not only to deploy suitable tools but also to educate the employees on the basic practices of network security. In this way, the company will create a secure working environment and will minimize the potential risks of the network intrusion.