Copyright ©2008-2020 SoftTeco
What Should be Included in a Project Specification?

What Should be Included in a Project Specification?

A well-written project specification helps software engineers navigate through the project, understand its scope and, and get an overview of the final product.

Top 5 Advantages of Agile Methodology

Top 5 Advantages of Agile Methodology

It is important to understand the advantages of agile methodology in order to assess whether you need to use this method for your project.

Java vs Kotlin: An Honest Comparison

Java vs Kotlin: An Honest Comparison

Java has been the staple of Android development but times change and now Kotlin seems to be a rising star.

The Difference Between Offshoring and Outsourcing: What’s Best for Your Business?

The Difference Between Offshoring and Outsourcing: What’s Best for Your Business?

It is important to know the difference between offshoring and outsourcing in order to choose the best practice that will bring tangible benefits.

A Guide on Data Visualization Techniques

A Guide on Data Visualization Techniques

Data visualization techniques help present the collected data in an understandable format and gain the needed insights from it.

Virtual Healthcare: What You Need to Know

Virtual Healthcare: What You Need to Know

Virtual healthcare delivers multiple benefits to both medical specialists and patients and is a very promising niche for every software development company.

Part 2: Code Review - How to Improve the Process

Part 2: Code Review - How to Improve the Process

We highly recommend that you follow the above mentioned code review guidelines in order to speed up the development process and save time.

VisitorAccess Application for Medical Facilities

VisitorAccess Application for Medical Facilities

The VisitorAccess application is designed to help medical facilities control the access of visitors, monitor their number, and track the exact time of visits.

Workhealth Application for Medical Facilities

Workhealth Application for Medical Facilities

Workhealth contributes to the mitigation and prevention of the disease spread and helps medical facilities keep their employees and patients healthy.

SoftTeco Has Developed an Application for Belorussian Red Cross

SoftTeco Has Developed an Application for Belorussian Red Cross

To help mitigate the impact of COVID-19 and help the vulnerable population, SoftTeco has developed a “Volunteers in Action” web application for the Belorussian Red Cross and UNFPA on a gratuitous basis.

Web development
A Guide to Corporate Network Security

A Guide to Corporate Network Security

Corporate Network Security: Best Practices to Safeguard Your Business

Any company that uses a corporate network for both internal and external interaction needs to pay utter attention to its security. The possibility of data leaks or cyber-attacks may cost a company millions of dollars and a ruined reputation.

In order to protect sensitive data and prevent possible threats, companies need to follow the basics of corporate network security. We collected the most common practices that will help safeguard one’s corporate network and prevent the threat actors from intruding it.

The most common types of risks

Before discussing the best practices of combatting cyber threats, it is important to understand the most common types of these threats. In this way, you will have a clear picture of what might be threatening your network and thus will be able to build a solid security strategy.

A brute force attack

Even though this is a relatively old method, it is still quite efficient and remains a big threat. A brute force attack is a trial and error method of guessing the user’s credentials (meaning, login and password). Most often, a hacker uses the already known credentials to conduct a brute force attack and try guessing the correct combinations.

The brute force attacker normally succeeds when a user has a weak password or uses the same password across different accounts (i.e. different social media platforms). What makes it worse is the fact that today, there is a big variety of automated hacking tools, such as Brutus or THC Hydra, that can find the necessary password or user name in mere seconds. Therefore, it is an absolute must to use strong passwords and two-factor authentication to minimize the risk of such an attack.

A DDoS attack

This type of attack aims to disrupt a network or a system with tons of traffic such as messages, queries, etc. Such an attack is usually performed with the help of botnets that overload the target and result in the exhaustion of the target, service disruption and other unpleasant consequences. So in order to avoid the DDoS attacks, one needs to deploy powerful tools and resources in order to differentiate between normal and malicious traffic.

A malware attack

Malware is malicious software that hackers use in order to disrupt the system and access the network. It comes in many forms and the most common are:

  • Worms, Trojan horses, and viruses

  • Ransomware

  • Spyware

  • Adware

  • Hybrids

The defense strategy has to be comprehensive, with consideration of all possible attacks and problem areas of the network.

A phishing attack

Another common hacking attack is phishing. It implies tricking the users into doing a certain action that would allow hackers to intrude the network. Such actions may be clicking on a suspicious link or opening an email that contains a virus. 

Some of the methods that help avoid phishing are checking the email or website security, having anti-virus software and using firewalls. It is also critically important to educate the users about the possibility of such an attack and explain that they should treat any suspicious email or website with extreme accuracy.

Now that we had a look at the most common attack types, it is time to see the basic network security practices.

Deploy network defense methods

Even though the methods below may seem quite common, not all the companies deploy them to safeguard their network:

  • Firewalls: come as both software and hardware solutions and serve as the first line of defense in a network. It is heavily recommended not to disable personal firewalls but rather configure them in accordance with the needs of your company. As for purchasing a corporate firewall, carefully analyze its features and whether it can provide the needed defense.

  • IDS and IPS: use Intrusion Detection System and Intrusion Prevention System to timely identify a potential intruder and take preventative measures to avoid the network breach. Even though the deployment of these systems (or at least, the IPS one) may be costly, it will still cost you less than recovery from an attack.

  • NAC: Network Access Control is a tool that restricts access to the network only to those devices that comply with the company’s security policy. However, NAC is the most useful in a static environment and is not a very suitable solution for networks with a diversity of users and settings (i.e. healthcare or education).

  • Web filters: prevent users from loading certain web pages that seem suspicious. There are many types of web filters, including the ones for enterprise use, so a company can easily select the most suitable one.

  • Load balancers: these devices direct computers to individual servers with an aim to minimize the server load and balance the bandwidth.

Perform network segmentation

Network segmentation means segmenting the network into smaller segments which are called zones. Zones are functional units and every zone can be used for a different purpose: a sales zone, a research zone, etc. You can perform network segmentation by using either switchers or VLANs.

The main benefit of network segmentation is the minimization of potential damage by breaking down one target into several. In this way, a hacker will either need to treat each segment as a separate network or jump from a comprised zone to another. But in either case, a hacker will have to spend too much time and resources and will most probably not succeed in intruding the network.

Another benefit of network segmentation is data protection and classification. Each zone can be assigned different classification rules and therefore it will have an appropriate security level.

Use VPNs

A Virtual Private Network is a secure network connection that creates kind of a “tunnel” through which the data securely travels. To ensure data security, VPNs normally use such protocols as Layer 2 Tunneling Protocol, IPSec, Point-to-Point Tunneling Protocol (PPTP). As well, VPNs encrypt the data which is an additional bonus of using this solution.

It is important to note though that VPNs alone do not protect the network from phishing attacks or similar threats. So it’s best to combine VPNs with other security methods to ensure 360-degree network security.

Enhance authentication and user access

While trying to secure the network, companies pay close attention to external threats such as malware and tend to overlook internal threats such as unauthorized users.

Two-factor authentication is one of the most common and efficient ways of securing the network. It requires not only the credentials (login and password) but also access to an external device (another mobile device, email, etc.) in order to confirm the user’s identity. 

As well, pay attention to the user roles and levels of access. Different users should have different levels of access to the network and it should be thoroughly monitored. Among other practices of authentication optimization are session expiry, password encryption, disposal of cookies upon logout, limited login attempts. All these practices add to the network security and minimize the possibility of a threat actor logging in the system.

Automate the responses to attacks

A company may actually prevent or at least mitigate a number of hacker attacks simply by automating the responses to the attacks. This feature is provided by a number of software solutions and devices and includes the following actions:

  • Block of the IP address (can be performed by a firewall or IDS),

  • Disruption of the connections,

  • Collection of information about the potential intruders.

  • Identification of the way the malicious software was used.

By automating certain processes, it will be much easier for the company to timely identify and react to the threats and minimize their effect.

Final thoughts

Network security is a comprehensive subject to discuss. It involves many aspects: both external threats that need to be addressed and internal threats related to the employees’ knowledge of security basics. Therefore, any company that wishes to safeguard its network and protect the data needs not only to deploy suitable tools but also to educate the employees on the basic practices of network security. In this way, the company will create a secure working environment and will minimize the potential risks of the network intrusion.

Comments

IH

Hello! First I would like to thank your. Because your article is helpful. I am very happy to here your site. Keep doing it. Thanks admin.