The Internet provides connectivity to resources the world over.  This also means that without adequate protection, your office network is accessible to bad actors the world over.  No single form of Internet security will be 100% effective.  So, the best protection is a multilayered approach which includes:

1. Internet firewalls and remote VPN
2. Multifactor Authentication
3. Password Management
4. Network Security – Antimalware threat protection
5. End user training

In this blog we will focus on Internet firewalls and remote VPNs.

A network firewall, such as those provided by SonicWALL, Cisco, Fortinet and Watchguard, monitors the flow of traffic and applies rules to allow or block access to internal network resources.  A firewall has a network connection to your Internet Service Provider (ISP), also known as the WAN or Wide Area Network, and a connection to your private trusted network, also knows as a LAN, or Local Area Network.

For inbound Internet traffic, the firewall is configured with rules to only allow access to predefined network resources, such as a locally hosted website or email server.  Ideally, these systems are located on a protected network segment known as a DMZ, or Demilitarized Zone.  The DMZ segment has its own rules to protect access to the rest of the network, the LAN, where workstations and servers are located.  In this way, if a system located in the DMZ is compromised, the rest of your network is still protected.

For many small and medium sized offices, email and website hosting is provided by cloud-based providers.  Therefore, there are no internal systems that are accessible from the Internet.  This significantly simplifies your firewall rules and limits your exposure.

Many organizations also create outbound firewall rules to limit which programs and sites can be accessed from the LAN.  This approach can be used to protect network users from undesirable content, such as hate speech, violence and pornography, or to ensure that system users can’t access certain sites while at work, such as social media, shopping or gaming.

Firewalls can also offer a wide range of additional security protection features.  These include but are not limited to:

1. Geo-IP Filtering – Only allow access to and from systems within predefined countries.
2. Antivirus filtering – Monitoring inbound and outbound traffic for known or suspected malware.
3. Intrusion Prevention – Monitor for suspicious activity and block access when detected.
4. Anti-Spyware – Monitor for and block known and suspected spyware.
5. Realtime Blacklist (RBL) Filtering – Monitor traffic that is coming from known or suspected blacklisted sites.

No matter how simple or complex your network’s firewall configuration, there are a number of important maintenance tasks to ensure your firewall is providing optimal protection.  First, monitor your firewall’s activity to identify and block attempts to compromise your network.  Most manufacturers offer tools and services to monitor your firewall.  Secondly, update the firmware on your firewall on a regular basis to patch any known issues and to take advantage of protections from newly emerging threats.

To allow users to work remotely, Virtual Private Networks, or VPNs, provide secure access to all of your network resources, such as servers, databases and applications.  VPNs use data encryption protocols to securely encrypt traffic between two or more locations.  This can take the form of a hardware VPN tunnel, where two firewalls provide a secure connection between geographically remote office locations.  Or it could take the form of a software VPN tunnel, which can be used to provide a single remote user access to your office network.

In the case of software VPN users, it’s important to incorporate multi-factor authentication (MFA) when establishing a remote VPN tunnel.  Some of the more popular MFA providers are Google Authenticator, Duo, Microsoft Authenticator and Quest One Identity.  Using MFA ensures that even if a user’s password is compromised, a bad actor would also need access to the user’s phone or VPN token to gain access to your network.  See our blog on Multifactor Authentication (MFA) – The cheapest insurance money can buy!

Our clients rely on us to setup, monitor and maintain their network firewalls, remote VPN access and multifactor authentication.  If you have questions about any of these security tools we would be happy to advise you on a solution that fits your needs.