Securing a Small Business Network: it even sounds daunting! The days of installing Norton Anti-Virus on your computer and thinking you are safe, are over. Today you need to take a layered approach to securing your network. Think of it as a puzzle, with each piece playing an important role. No one solution solves the problem; it's various products, devices, solutions, and software that must all work together to secure an environment. In my upcoming webinar with Verizon, I’ll discuss the top seven ways you can protect your Small Business Network. Here’s a sneak preview of what you’ll about learn at the webinar.
Unified Threat Management, or UTM, is a buzzword in technology today. The idea is to block security threats before they enter your network. Traditionally a network gateway consisted of a Router or Firewall while the workstation or other devices would handle AntiVirus, AntiSpam, Web Filtering and other security functions. A UTM Gateway combines a Router, Firewall, Anti-Virus, Anti-Malware, Intrusion Prevention, Content and URL Filtering, etc. into one device. This device analyzes incoming network traffic before it enters your network and can throw out suspect data before it has a chance to infect your computers.
Content Filtering is the process of controlling the content that a computer can access on a network. This can be as simple as blocking broad categories of websites, such as pornographic or violence-oriented content. Going further, Content Filtering can be used to block things such as pop-ups, advertisements, URL redirects, cookies and even Flash or Java-based content.
URL Filtering is allowing or denying access based on the URL or origin of the requested content. This can be used to block specific websites that an organization does not want its employees accessing, such as monster.com or facebook.com. Instead of filtering based on broad categories, this is a granular approach to filtering. Many URL filtering services include dynamic block lists which will prevent access to websites that are known security threats. This can significantly reduce the risk from zero-day threats, which are so new that most anti-virus software is not yet aware of them.
Software Restriction Policies define the files and file types that are allowed to execute on your computer. Similarly to how a firewall will allow or disallow traffic based on specific parameters (source, origin, port, protocol, etc.), Software Restriction Policies can allow or reject programs based on their location on the disk, filename, file type, etc.
There are essentially two ways to implement Software Restriction Policies: Whitelisting or Blacklisting. Blacklisting allows any program to execute by default unless it matches a restriction defined by an administrator, specifically file type, file name, or file path. For example, a Blacklist restriction might say that any file named Spotify.exe cannot execute. This would effectively block the program Spotify from running on a computer that is subject to this policy. For a brief analogy, think of Blacklisting as the TSA's No Fly List. Anyone can fly on an airplane (with a ticket and proper ID) as long as they are not on the No Fly List.
Whitelisting, on the other hand, takes the opposite approach. By default, no programs can run unless they match specific allowed criteria. In a Whitelisting scenario, you may have a policy that will enable C:\Program Files (x86)\Microsoft Office\root\Office16\Excel.exe to execute. This would allow Microsoft Excel to run, but any other program would be disallowed. You can think of Whitelisting as the lock on your home’s front door. No one is allowed in unless they have the key to unlock your door
Whitelisting is a more effective strategy to keep your computers secure; however, it can require more time and effort to implement and can be more intrusive to the end user.
Spam Filtering is the process of separating the "good" email from the "junk" email. It's the same thing you do when you get home from work and stand over the trash can with that day's mail. You filter the junk into the trash can, and you keep the important items.
Spam email can be overwhelming without effective filtering. It is estimated that there are over 14.5 billion spam messages sent daily. In addition, some estimates indicate that 73% of all email traffic is spam. These aren't just advertisements for the next gadget or miracle pill, many of these messages contain malware, viruses, phishing scams, etc.
Spam is also very costly to a business. Without a solid spam filtering system, employees can spend a significant amount of time identifying and then deleting spam that arrives in their inbox. Nucleus Research Inc. did a study that found spam costs U.S. companies over $71 billion per year in lost employee productivity.
Think of Endpoint Security Software as one of the last lines of defense in our layered approach to securing your SMB network. Endpoint Security Software is installed and runs on each of your workstations and servers. A decade ago, Endpoint Security Software was essentially Anti-Virus software (Think Norton or Symantec Antivirus). That type of software only had to look out for viruses involving rogue code. Fast forward to 2018 and Anti-Virus software is just a small part of Endpoint Security Software.
Today, it is expected that your Endpoint Security solution will include Anti-Virus, Anti-Malware, and Anti-Ransomware. Many leading solutions include things such as Sandboxing (A way to safely execute suspicious applications/code), dynamic firewall and port protection (To prevent Trojans and/or Ransomware from downloading payloads), Email protection (Anti-Spam, Anti-Virus, Anti-Phishing), Browser Protection and URL Blocking, USB Protection, the list goes on and on.
Patching is the process of approving and installing updates to the software, hardware, and operating system installed on your computer. The term "Patching" is normally used when addressing a security risk. "Updates" usually refer to an improvement or an upgrade in a software package. Security Firms, Hackers, Software Companies, and Hobbyists are continually finding defects and exploits in software. When these vulnerabilities are identified and made known to the software companies, the software company should quickly release a patch to resolve the vulnerability. For example, Adobe Flash is one of the most exploited applications of all time. When a new exploit is identified, Adobe will release a patch to resolve the threat. Your computer is considered vulnerable until you install the latest Adobe Flash patch.
Local Administrative Rights give you full access to a computer. This allows you to install programs, remove programs, modify and delete any files on the computer (regardless of which user created them), and change any settings/configurations that you wish.
The number one reason why you should be restricting administrative rights is to combat malware, ransomware, and viruses. If a user opens an infected email attachment or clicks on a link they shouldn't, the malicious program can only execute using the permissions of the end user. As a result, if the end user has Administrative Rights, the malicious code/program can likely do whatever it was intended to do on that computer. However, if the user account doesn't have permission to execute programs or edit specific files, the malicious code won't be able to execute. In an adequately secured SMB network, the end user is always the weakest link. Restricting local administrative rights dramatically reduces this risk.
The layered approach that Banks Technology Services uses to secure our client's networks was developed over many years of seeing what works and what does not. No single piece of this puzzle will secure your network. Each piece focuses on a particular attack surface, and together they minimize the risk to your Servers, Computers, and your data. Be sure to register for my webinar, on Wednesday, March 21st, to learn how each of the pieces should be tailored to your specific business needs. I look forward to answering your questions during the live Q&A session.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Contact the editor: email@example.com