Skip to content

5 Best Practices To Protect Your Network

As with everything else in life: so many network security options, so little budget. How do you know which one will best protect your network, users and devices? No need to agonize over endless hours of research, we’ve shortlisted the five critical elements of cyber security: firewalls, NAC, anti-virus software, proxy servers, and endpoint security.

Firewalls

Filtering out malware that might otherwise bury itself so deeply into the network that it cannot be removed is a pure gain for your network security. That is what a firewall is for. How can you be sure you have a firewall suited to your network? Test it for stability under tough traffic conditions.  According to NSS Labs you should subject your firewall to traffic from several protocol randomizers and mutation tools. And at a maximum of 350Mbps and 60,000 packets per second. Another test is to see if your firewall blocks a constant stream of attacks over time, while allowing most of the legitimate traffic and alerting the admin to the attack.

On the downside, employees pressured to get their jobs done, might turn a firewall off as if it slows down their computers.  Only regular employee training  and raising awareness to the importance of the firewall will help here.

Network Access Control

Network Access Control (NAC – sometimes AKA Network Administration Control), provides visibility and control for any user and any device in the corporate network. Utilizing its agentless technology, it can detect and profile any device on the corporate network in real time across all network layers; wired and wireless network, VPN, Virtual and Cloud.

It also employs an access-control policy that matches users and permissions. This policy also defines endpoint security via wired or wireless networks. NAC enables you to set a policy for every user or group of users. This means that once a NAC solution is deployed, your cyber security team have a much easier time controlling access to the network (denying access if necessary), thus protecting it. Some of the NAC solutions are deployed in a central location (on premise / cloud) and can see all of the network locations – whether headquarter or a remote branch.

The 802.1x NAC protocol is not always the most viable option. Next generation NAC sets out to resolve all the issues that have made NAC deployment complex. With NG-NAC, you control who accesses the network and what activities they can take once they have entered it. NG-NAC also copes with smartphones and IoT devices by separating them for core components/ layers of the network. Cloud based solutions such as Portnox CLEAR, make deployment even simpler as they easily integrate with other existing security solutions and offer pre set-up infrastructure for easy deployment. Portnox CLEAR also delivers continuous risk monitoring as well as Risk Adaptive Access over the VPN utilizing its two factor authentication approach, enabling access not only by the user strong identity but also based on the device risk score when accessing through VPN.

Get Your Free IoT Security Risk Assessment With Portnox

Anti-Virus

The best “anti-virus program” is to get network users to be aware of how easily viruses can attack their computers, laptops and smartphones every day. Employees tend to remove the anti-virus applications from their devices because they often consume a lot of resources during scans.  After the firewall, the anti-virus software is the second level of protection, detecting malware on the hard drive. A good anti-virus software should also protect your network from viruses, spam, spyware, Trojan worms and identity theft. Automated updates are essential for optimal protection.

Proxy Servers

Deciding what you  want to use a proxy server for is the first step of the equation.
Will it be used  solely for the purpose of forwarding requests for internet access, or also as a replacement for IP addresses? Proxy servers can thus save expenses of providing routable addresses to access many systems. In this mode they also obscure the location of the client but it is still advised to use a firewall.

Proxy servers can also increase performance by acting as caching servers. But look out! The high quality of the cache system might well mean that your secured data is being viewed by the proxy service provider. You can place filters and anti-virus programs on the proxy. This is however not foolproof as not all data is scanned. A proxy server can simplify access to blocked websites. This however is not always good news. Hackers create proxies to achieve high level access to networks, using them for repeated attacks.

Endpoint Device Security

Endpoint devices come in all shapes and sizes and are probably today’s biggest security loophole. For example, no security application is known to completely stop someone from attaching a USB drive to a computer (and stealing confidential data in large volumes). Endpoint devices are also used to initiate a malware attack.

Securing the endpoint devices directly is usually limited to a specific device and sometimes to a specific version (no updates for more advanced devices). Unfortunately, Network Administrators cannot ensure all network users are using permitted and secured endpoint devices. The biggest culprit is the USB stick. According to Hendon Publishing, most frequently, the vast majority of sloppy endpoint practices are the result of employees trying to get things done quickly. Once again training and awareness play a key role to your ability to implement a successful network security program.

The Optimal Solution for Enterprise Network Security

Of all of these methods, next generation NAC is the best all-around type of protection. It is more comprehensive than just anti-virus, end point security, firewalls or proxy servers. NG-NAC controls access to the network and provides full visibility to activities within it. It thus stops one of today’s most prevalent network threats, namely illegitimate mobile devices used to access corporate information.

Training and awareness are important, but you do not want to depend on others when securing your network. Only NAC is dynamic enough to provide you with peace of mind.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

SSH Keys: Learn More About the Importance of Secure Control

Counting on maximum security is essential to bring a protected environment and strengthen customers’ trust in the company. SSH keys are an important authentication mechanism that ensures data and information protection.

They work as an access credential, being an essential tool to strengthen the secure control of companies and bring more credibility to their operations. With the General Data Protection Law (LGPD), investing in data security is a huge need for companies.

Therefore, in this text, we are going to explain what SSH keys are, how they came about, and their importance when it comes to bringing more security to the company’s day-to-day. Check it out.

What Are SSH Keys?

SSH (or Secure Socket Shell) is a network protocol that gives users access, modification, or administration permissions remotely to servers. In this way, one can bring a layer of protection during use.

Its security capability occurs through cutting-edge encryption that enables user access to data, information, documents, and files between machine and server. SSH keys rely on an authentication mechanism that is capable of masking transmitted user data.

They can come in various sizes, but the most common model is the SSH key with RSA 2048-bit encryption, which supports passwords up to 617 digits. SSH keys come in pairs — where one part is private and the other public.

Typically, SSH keys are used as a form of login or to perform other operations on servers and remote machines. However, they can also be used as a means of transferring information and files securely and reliably.

How Do SSH Keys Work?

When accessing through SSH keys, the user enters a shell session — which works as a text interface that allows direct interaction with the server. During this session, all commands entered in the terminal are sent through an encrypted SSH tunnel and executed on the server.

So, the SSH connection is implemented using a client-server model, and to enable access, the remote machine or server must have a tool capable of listening for connections and authenticating requests.

For this, the user’s computer must have an SSH client installed to enable communication via the SSH protocol and then receive information about the remote host to which it intends to connect.

What Are The Types of SSH Encryption?

SSH keys encryption is the main guarantee of protection during access requests and data transfer. We separate the three structures used in this protocol. Check them below.

Symmetric Encryption

In this encryption model, users have a feature that works as a personal identifier to allow data sharing between server and user. For this, a secret key is responsible for the process of encrypting and decrypting the information that is sent.

Symmetric encryption is also known as the “shared secret” model due to the need to rely on a secret key to make data sharing available. Typically, there is only one key that is used for all operations.

SSH symmetric keys are responsible for encrypting the entire connection. Therefore, this model makes it possible for both password authentication and data transfer to be protected against intrusion and unauthorized access.

Asymmetric Encryption

Unlike the previous model where only one secret key is used, in asymmetric encryption, we rely on two keys — one for the user and one for the server. This process is essential for data encryption and maximizing information protection.

These keys are known as public and private and are responsible for the combination capable of generating SSH and its entire security protocol. The public key can be shared freely with any party. It is associated with the paired key. However, the private key cannot be derived from the public one.

There is a relationship between both keys that allows the public one to encrypt messages that can only be decrypted by the private key. Therefore, the private key must be kept entirely secret and must never be shared with other parties.

This key is the only component capable of decrypting a message encrypted by the public key. Therefore, it exercises secure control over the transmission of data and information and only entities that hold the private key are able to carry out this process.

Hashing

Hashing is another form of data manipulation that can benefit SSH. Here, the information is scrambled into a random sequence of characters that works as a kind of signature generated through an algorithm, which summarizes all the data.

This method ensures messages are protected through this data manipulation, providing greater security against tampering with codes that are received remotely by servers.

How Important Are SSH Keys in Secure Control?

One of the main points that determine the importance of SSH in companies is their ability to extend security on-premises. SSH keys are able to protect the integrity of data and information transmitted and changes made to the server.

Through its encryption methods, the SSH protocol is capable of providing maximum protection in the event of malicious actions where there are attempts to intercept data or invade the servers where the information is stored.

With SSH keys, a company has more control over its data, as access is restricted only to the legitimate authentication key. This security protocol also works as a reinforcement when allowing access to remote machines or servers, blocking any unauthorized access to the system.

That’s it! SSH keys are one of the most secure communication protocols out there today. In addition to bringing more security to a company’s routine, counting on this encryption method is an excellent way to strengthen its credibility and bring more efficient means to deal with sensitive data.

Take the opportunity to check out other articles on our blog to deepen your knowledge and learn new methods to bring security to your business.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Cyber Security strategies for SME

Small businesses have been growing since the beginning of the pandemic thanks to digital transformation allowing them to open cost-efficiently. However, it brings the disadvantages of relying on the internet.

Just like any business is growing, viruses, ransomware, malware, and phishing have been growing over the past years, and attacks are expected to double in 2022 according to cybersecurity specialists. It doesn’t mean that we should just watch it happen, cybersecurity has been improving as well. Antiviruses are getting better, DNS protection is performing greatly with AI/ML systems, and now we have a lot of free training courses that help avoid cyberattacks.

To stay safe in 2022, our cybersecurity specialists advise you to do the following:

Multifactor authentication (MFA)

Attackers usually avoid those who use MFA due to a strong protection layer it adds to the user’s security. MFA is deployed easily, and it is highly recommended to be used.

Training

Cybersecurity training isn’t only made for big organizations, SMEs are usually even more attractive to hackers due to the lack of their cybersecurity. If the company cannot afford long-term courses, it can enroll into a few shorter ones over a longer period of time. This will help employees to raise cybersecurity awareness, thus using strong passwords and avoiding suspicious downloads or phishing emails.

DNS Filtering

A new trendy feature that is very easy to deploy and requires no hardware or IT background. This service can be installed on the network level to protect all users from malicious content and eliminate it before it even reaches the user’s network. DNS filtering comes with a lot of other features besides protection against malicious content, such as blocking unwanted websites like time wasters or social networks.

Antivirus

DNS Filtering usually should be enough, but if the user accidentally allows malicious content to be downloaded on their device, here comes the Antivirus alerting about the risks and deleting the malicious content that has been downloaded.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About SafeDNS
SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×