Boost Your Network Security By Considering These Three Things
Lots of good things come in threes. The Pyramids at Giza. Goals in a hat trick. Books in Lord of the Rings. Examples in this list… no wait…
But there are also three crucial considerations when securing your network. Whether you’re a microbusiness or a multinational – they might all apply to you. But let’s start from the top.
What is Network Security?
Network security refers to tools and disciplines used to protect networks (and their users, devices, and organisations) from cyber threats, data insecurity, and unauthorised access. Network security is also concerned with what goes on inside a network, making sure threats aren’t originating from within.
In terms of products that help enforce network security, the most essential one is probably the firewall. The firewall sits at the gateway between the network and the open internet, so it is an essential step in filtering out any nasties. However, network security is also inherent in other solutions like endpoint protection controls, network usage analytics, data loss protection, VPNs, and network access control tools.
What is the Difference Between Network Security and Cyber Security?
Cyber security is a broad discipline of protecting data, devices, organisations, and individuals from the effects of cybercrime. Network security is a specific practice within cyber security, specifically focused on what can be done to defend a network from the inside and outside.
The lines between what counts as cyber security and network security are growing increasingly blurred. Hybrid working, cloud software, and even WiFi have eroded the traditional, rigid view of an IT network with a set perimeter; where everyone’s on-site, sitting at a desk with a dedicated ethernet port. Modern network security can include solutions like VPNs and cloud firewalls to accommodate how geographically spread out an organisation can be nowadays.
Plus, there is no real spot where cyber security ends and network security begins. They both sit under an umbrella of information security, and are all focused on combating the effects of cybercrime and data insecurity.
The Three Pillars of Complete Network Security
As we relay our personal three pillars of network security, it’s important to remember that nothing we do in network security – or indeed in cyber security – ever happens in a vacuum. A cocktail of protective measures are needed to provide a holistic layer of security across a whole organisation.
So, some of these pillars will overlap with each other somewhat. But what our metaphor’s architectural integrity loses, information security learning gains! Let’s go…
Network Security Pillar 1: Network Access Control
Before we dive into network access control, we need to know what it is…
What is Network Access Control?
Network access control is a network security discipline focused on keeping unauthorised users and devices out of a private network and only allowing safe, authenticated parties in. Admission control is the main aim, though gaining some visibility over all currently connected devices is also crucial.
How Does Network Access Control Work?
Depending on your own organisation, there may be a whole host of different criteria you might use to indicate what/who gets access and what/who doesn’t – and indeed what parts of the network they are granted access to.
- Are they authorised members of your team? Many NACs only allow authorised team members to access the network, authorising them using passwords – or even better – passwordless authentication.
- What’s their security like? Some NAC systems require that a device needs to meet a certain threshold of security before it allows access – a fully updated operating system is a good start.
- Where are they dialling in from? If you are a fully UK-based organisation, any unexplained connection from abroad may be fishy, so NAC systems can automatically reject it.
- What time are they connecting? If you only operate during the usual 8am to 6pm window and someone tries to access the network at 3am, a NAC system can automatically reject that request.
Network access controls can also help you segregate your network into different security strata. Let’s use a hotel as an example. Now, for security reasons, the hotel probably doesn’t want customers’ devices, staff BYOD devices, point of sale devices, management PCs that house essential data, and essential servers all inhabiting the same network “space” because this presents numerous security worries.
Without segregating the hotel’s network, a sneaky customer could start poking around sensitive databases and servers. A member of staff with a grudge could take down the EPOS system from their BYOD device. Or an internal threat actor in middle management could use their authorisation and credentials to steal customer data – perhaps directly from their very devices. So instead of having all of this data floating around on the same network, NACs allow you to segment the network into different levels of access that are fully closed off from each other. So going back to our example, customer and staff devices may have firewalled access to the internet and nothing else. EPOS devices can have a dedicated segment to prevent outside tampering. Operational staff can have access to basic operational IT and network resources. And management can have access to sensitive company resources, all protected by data loss prevention tools.
Network Access Control: 3 Questions to Ask Yourself
- How are you currently authenticating devices that join your network? Are you authenticating devices at all? (a massive “tut tut” from us if not…)
- How are you currently monitoring the devices on your network? Can you simply see who’s connected, or can you drill down into what they are/have been doing?
- Do you have an automated way of raising a red flag if someone is trying to do something untoward? Do you have a way of de-authenticating a potential threat actor’s device? Do you have a way of capturing what they were doing that raised suspicion for further examination?
Network Security Pillar 2: IoT & Smart Devices
The internet of things (IoT) is a huge deal in business. We’re not just talking about voice-assisted speakers and smart fridges, either – a number of business-critical operations can now be handled by internet-enabled devices; from physical access control, to buildings management, to vehicle tracking, to manufacturing processes, all the way down to the humble laser printer!
In our previous, more in-depth investigation into the topic, we explored how these tools allow businesses (and in some cases, the device’s supplier) to monitor the device’s usage, fine-tune performance, automatically order supplies, and generally manage our businesses with both eyes open. But there is some rough to take with the smooth…
How Do IoT Devices Present a Network Security Risk?
In short, securing IoT devices can be a tricky prospect. As we explored previously, it’s relatively easy to make a PC or server relatively secure through installing endpoint protection, content filtering, and providing cyber security training for the device’s user(s).
But this is because PCs are multi-purpose and multi-faceted devices that can handle different software and instructions. On the flip side, smart devices are often designed to simply do the thing they are designed to do and nothing more.
There is no way to install antimalware protection on a building management/access system. There’s no way to tell an industrial control system to filter out potentially dangerous traffic by itself. And when a PC gets manually taken over, you can see the mouse pointer moving on its own – but how can you perceive a similar kind of takeover on a smart speaker with no screen?
It’s important to remember that any device that connects to the internet and also connects to your network can present a network security risk. Considering their lack of inherent cyber protection, IoT devices can present a hacker with a woefully under-defended backdoor into a network. And from there they can spread malware, steal data, carry out cyber-recon, overload systems, or impact industrial control systems to the extent of creating physical danger (more on that shortly).
Cybercriminals can also create malware for IoT devices too. We reported back in 2020 that IoT malware was a rising threat, and SonicWall’s Mid-2022 Cyber Threat Report tells us that it’s still on the rise. Thankfully IoT malware can often be scuppered by simply powering the device down completely and restarting it (ah, that old chestnut) but this won’t solve the issue that caused it to get on there in the first place. More investigation would definitely be needed.
3 Ways to Open Your Eyes to IoT
We’re not saying that IoT is a liability that shouldn’t be touched with a bargepole. Far from it. When approached with full knowledge of potential risks and a bit of security know-how, IoT can be hugely beneficial to a business.
So that’s our advice. Open your eyes to IoT risks. Establish every single internet-enabled device within your infrastructure, and make sure you can answer the following questions:
How does each device connect to your network?
Does its traffic pass through the firewall (preferred) or is it connected directly to the public internet (very much less preferred)? If it does connect directly to the internet, why? If there is a good reason (sometimes suppliers dictate it) consider how you can segment and monitor that traffic so it doesn’t cross paths with your “regular” protected network; this is called a DMZ, a demilitarised zone, akin to the diplomatic and military concept.
Where does it “phone home” to?
This is where network monitoring tools come in handy. Set up some way of monitoring the traffic that flows through each IoT device – this can sometimes be achieved via your firewall, network access control, or your network vulnerability scanner. Establish what on-network and off-network locations your IoT devices frequently communicate with so the flag can be raised when something out of the ordinary is going on.
Who installed it and who knows about it?
This is a crucial one. It’s safe to say that your IT department (or your IT support partner) will know about your million-pound industrial control system or your access control devices for whom everyone on your team has an RFID card.
But do those responsible for your network security know about the smart fridge in the upstairs kitchen that was idly hooked up to the WiFi by one of the team? Do they know about the smart speaker that Jon from HR brings in now and again to keep morale up? Have they acknowledged the web casting device hooked up to the display in reception? All are IoT, all are within the organisation’s infrastructure, and all need monitoring in case of a potential threat.
Network Security Pillar 3: Operational Tech & Industrial Hardware
As a subset of IoT, much of the network security wisdom around internet-enabled SCADA and industrial control systems is the same as above. Yet because the devices that control things like heating systems, refrigeration, and the factory floor are so essential to a business’s risk profile, there are a few additional considerations at play.
Operational Technology is What Makes the Money
In manufacturing, it’s the factory floor that makes the money. So therefore, if a well-targeted hack or a piece of malware were to take down an essential conveyor belt, actuator, or refrigeration unit, that means that the business’s money-making potential is ground to a halt. It could also affect the money-making potential of those downstream of the supply chain, destroying the company’s reputation too. Defending operational IoT is really an exercise in risk management.
Equally destructive hacks can be formulated around misinforming sensors or muddying usage information. It causes confusion and disruption at best; but can be used as a cover for more destructive, covert operations at worst.
Operational Technology Runs Infrastructure
Which brings us nicely to the fact that SCADA Operational Tech runs a lot of our critical infrastructure. Oil, gas, water, sewage, utilities, pharmaceuticals – a well-planned attack on one supplier could have devastating consequences.
Such an attack could come from state-endorsed threat actors (e.g, the 2015 and 2016 Ukraine power grid hacks), by independent criminals who make their money through hacking, or politically motivated “hacktivists” to make a point or further an agenda.
The Missing Link Between Cyber Risk and Physical Risk
Because Operational Technologies are often used on busy manufacturing lines, a cyber incident can be a real risk to life and limb too. And we’re not necessarily talking about heavy industry here.
Our Director, Andy, likes to use the example of a custard factory. Powdered custard (in fact, a lot of powdered goods) can be surprisingly flammable when swirling in the air as a dust cloud. If a hacker were able to cause a custard-dust cloud and at the same time, overload a nearby device to overheat and catch fire, that could cause a very real threat.
So is IoT and Operational Tech Bad?
Absolutely not! With a risk-aware approach, there is nothing wrong with using operational technology and internet of things devices. On a day-to-day basis, they make our working lives easier, allowing a level of analysis and control unavailable just a decade ago.
The key thing is to implement these technologies properly, fully aware of the risks, and using the full suite of network and cyber security defences available to you.
We hope this has been an eye-opening read without being too doom and gloom! If anything in this article gave you pause about your own organisation’s network security measures, have an informal chat with the team on 0808 1644414 or request a call back today!