Perimeter 5min de Leitura - 26 de August de 2020

Enterprise network protection, implementation from A to Z

Tela de computador exibindo números binários

This post is also available in: Português English Español

The number of incidents has increased in a frightening way, not proportional to the growth in the use of electronic devices, storage of information or even the number of people with Internet access.

This means that over time it has been very interesting to use the internet or other virtual means to engage in illicit activities, whether for money theft or information, contraband, pedophilia, and so many others.

Unfortunately, this should not decline in the coming years, there are sources that project a cost of cyber security of 2 trillion dollars by 2019. The reason is relatively simple to understand: more and more data is connected and accessible to a representative number of people.

Regardless of how big the security controls applied by major technology vendors are, this will never be enough to avoid the discovery of vulnerabilities that can turn into attacks. Another important factor is that more and more small companies have been able to enter the global technology market. This is fantastic, but not always beautiful and functional products that solve real problems, use best security practices during their development.

As everything travels through communication channels, the protection of corporate, government and even residential networks is essential. Many technologies have been created in recent decades, some of them with a broader purpose; others highly specialized in protecting or minimizing problems of such markets, applications, environments, etc.

A great offer of security products is something positive, however it can bring doubts, causing the consumer to need more to understand and decide for the security items, necessary for the protection of their environment. Because of this, we bring in this post some elements, essential for the protection of corporate networks, and the context by which they must be inserted in a security structure.

UTM/Firewall

Perhaps UTM firewallUTM firewall is the most remembered solution when it comes to protecting corporate networks. Not to be outdone, the role of a UTM firewall is to create a bottleneck on the network, so that all traffic between two or more networks (e.g. the internet and internal networks) goes through it.

Since traffic passes through a single device, such as software or hardware, it is possible to analyze the content and decide, according to the policies worked out by the organization, whether that should be allowed or not.

UTM firewall solutions generally offer a number of security features that allow you to build a highly secure environment.

It is important to understand the context of the word “permit” above, because a solution on its own cannot solve environmental security problems. In this way, it is fundamental that the professionals involved in the process are experts in safety, and can extract better use of the product selected by the company.

Web Proxy

Much of what is accessed on the internet is in webpage format, which facilitates the visibility of the content. The number of pages and domains registered on the Internet grows every day, strengthening the movement of dissemination of content in the network.

This reality generates great challenges, since the universe of contents is very wide and diversified so knowing everything is absolutely impossible. Managing websites that can be accessed by restricting access to the rest can be a solution for many companies. But for others, this model is not adherent to the reality of the business.

In this sense, web proxy solutions have built-in category-based control, features, where a representative set of websites is organized and referenced in a unique way, and the management of this base is the responsibility of specialized suppliers. The company has a database of billions of classified websites, being able to manage it based on areas of interest, such as entertainment, online games, social networks, piracy, adult material, religion, among dozens of others.

When thinking about a solution to manage access to sites in your company, remember the concept of web proxyand add-ins associated with categorization of content; you will have much more power and ease when creating access policies.

IPS/IDS

Intrusion prevention and detection systems act as another layer of security, which can be part of an UTM firewall solution, or in a decentralized way. The importance is to look for anomalies and attacks, as well as stop them before they cross the protected networks. Basic operation consists of having a database for knowledge of attack characteristics, analyzing all the traffic passing through certain networks. based on this classification, it defines the action to take. For zero-day attacks, these solutions are inefficient, but they can still detect anomalies and classify traffic and, depending on the policy, it can be blocked, since the security infrastructure can recognize it as invalid.

Application control

Managing addresses, ports, protocols, and websites has become a complexity since many applications are web-based, where the common base protocol is HTTP. In this sense, there is a great challenge associated to the treatment of applications that do not have standard communication behavior (port).

In this sense, an option for handling these occurrences is the use of solutions that have application-based controlsuch as Torrent, WhatsApp, Facebook etc., allowing greater knowledge and ease of environment management. This feature can be found in specialized solutions or as security modules associated with the UTM firewall.

Corporate antivirus

Whether the antivirus is installed on end devices or servers, it is important that the perimeter solution (UTM firewall) be integrated with antivirus, minimizing the chances of malicious content going beyond the barrier established by the web proxy and being accessed by users.

The antivirus tool on stations and servers is also critical to having efficient network protection, since many attacks use the same to proliferate and the higher the protection points, the less chance of success of these incidents.

Anti-spam

For more solutions and security layers to be used, having specialized tools is super important for a security strategy. Because of this, having a corporate anti-spam, which not only protects users from threats but also provides greater productivity for them, is critical.

Other features incorporated into anti-spam, not directly associated with security, but which allow greater control over the use of e-mail, should also be evaluated, such as transparent auditing, e-mail archiving, quarantine, others.

In cloud or hosted format, it is important that the company have a robust spam solution, which not only protects them but allows users to be productive in managing email.

Virtual Private Network – VPN

The number of people who need to access corporate data while they are out of business increases every day and the trend is to grow even more. This is real, especially in large cities where mobility logistics is a major challenge for the population’s productivity and health.

Even outside these conditions, this need is natural. This means that the company must have an external access point, which can be a weakness in the structure if it does not follow basic security principles.

Every company that offers external access to users needs a solution that allows secure connection to corporate data, identifying users individually, allowing granularity of access schedules, robust system authentication, traffic encryption, among others.

In this context, VPNsolutions must be densely used, for both connecting computers, notebooks, smartphones, tablets, etc. It is a way of opening a point of connection with the external world, with a series of criteria so that access, in fact, is allowed.

Redundant environments

Considering availability is also a premise of information security, depending on the criticality of the environment, it is important to evaluate contingency or high availability models, ensuring that in the face of some logical or physical fall, the environment remains operational or even does not stop.

The resiliency of an environment is critical to keeping it as accessible as possible and, especially for companies that work with the Internet, it is crucial to seek positioning in this direction. The unavailability of the structures generates tangible and intangible damages to the company, bringing impacts that can compromise the structure of the business.

Reporting and visibility for corporate network protection

The amount of network security tools is important for a strategy, however, if there is no visibility to what is happening, the tools become unnecessary or are underutilized.

Solutions should ideally offer at least compilations of relevant information about the environment, and that these data be accessed regularly, making it easier to make decisions and adjustments associated with compliance with the established security policy for the organization.

This post is also available in: Português English Español