Securing your computer network (part 1) #CyberSecMonth

by | Nov 9, 2018 | CyberSecMonth, News & Events

A week dedicated to the importance of securing your computer network

We continue to distribute our #CyberConseils with a new topic: Network security. The ANSSI hygiene guide recommends 8 measures to secure your network, so it is a dense and complex subject. We decided to cut it into two parts for easier readability and simplicity. Find the second infography design and our recommendations in a few days. Don’t worry, this article should give you something to keep you busy while waiting for the next step!

Secure your computer network for better protection

Internet access has become almost indispensable in a professional context. Unsecured access to the Internet can become the source of many problems including:

  • Execution of malicious code
  • Downloading dangerous files
  • Taking control of the terminal
  • Or even the terrifying leak of sensitive data.

You’ve figured it out, securing the organization’s network therefore means ensuring the integrity of the information system!

securing the network part 1 graphics
To better protect themselves, organizations must be more than vigilant about connecting to the Internet. It is important to set up “barriers”, whether to access the network or between workstations, to ensure the security of the system and to be able to act more easily in the event of a cyber attack.

What can be done to secure the computer network?

Segment and partition:

A network without partitions allows any machine to access another machine connected to the same network. If one of them is compromised, all connected machines are also threatened. The design of the network architecture must therefore be thought of by segmentation into zones composed of systems with homogeneous security needs. It is recommended to segment the different servers (infrastructures, business…) and the different roles on the network (users, administrators). These areas consist of VLANs, dedicated IP sub-networks and dedicated infrastructures if required. IP filtering and firewall allow to promote the partitioning of zones. It is also important to compartmentalize the equipment and flows associated with administrative tasks.

Organizations must set up a secure gateway access to the Internet. This protection measure must contain a firewall that filters connections and a proxy that authenticates users and logs requests. This way, you will have a partitioned and secure network. In case of an attack, thanks to logging, you will quickly find the origin of the vulnerability.

The use of secure and common network protocols, such as those based on the use of TLS, ensures network integrity.

Control Wi-Fi access networks:

The use of Wi-Fi can present a risk in a professional environment, particularly in view of the poor control of the coverage area or the lack of secure access configuration. Thus, the segmentation of the network architecture limits the consequences of an intrusion to a specific perimeter of the information system. What is important to do is:

  • The flows of workstations connecting to the Wi-Fi network must be filtered and restricted.
  • It is also important to implement robust encryption and centralized authentication including through machine client certificates.
  • The wifi network should not be secured with a single shared password. If this is not possible, this unique password must be complex and renewed regulary.
  • Login passwords must not be disclosed to unauthorized third parties.
  • Access points must be managed in a secure manner.
  • Wi-Fi connections of personal terminals or visitors must be differentiated from Wi-Fi connections of the organization’s terminals (usually with a Wifi guest).

How do I apply these solutions to secure my computer network?

Securing your computer network is not easy without certain skills. To act effectively, you need good methodologies and the appropriate tools. Tools can be obtained easily and quickly, unlike methodologies that are more complex to address. These methodologies can be obtained through in-house training or with the assistance of an expert such as Tranquil IT.

To start, we recommend contacting a PASSI to conduct an audit of your fleet. Audits are classified into several categories:

  • Architecture audit
  • Configuration audit
  • Source code audit
  • Intrusion tests
  • Organizational and physical audit

ANSSI certifies the audit bodies on each of these criteria individually. Not all PASSI are qualified for all criteria. Refer to the PASSI list for more information. Once your audit is complete, we can help you apply the recommendations to secure your network.

Get help from an expert

Tranquil IT has more than 15 years of experience in securing computer networks. Have yourself audited by an Information Systems Security Audit Service Provider (PASSI) and entrust us with the implementation of the recommendations. We take our DevSecOps methodologies and combine them with tools that we have mastered. This allows us to act efficiently and securly on your park. We use Software Restriction Policies (SRP) to establish security barriers, Samba Active Directory for user rights management and WAPT for application control to ensure the security of your IT park.

Do you need to secure your computer equipment?

What you don’t want to miss :

Articles not to be missed:

Find all our recommendations on Twitter and LinkedIn and on hashtag : #TousSecNum, #CyberSecMonth, #ECSM2018 and #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.

FAQ WAPT 2.5 : Answers to your questions

FAQ WAPT 2.5 : Answers to your questions

WAPT 2.5 has been available for several months now. In this specific FAQ, you'll find 10 of the most frequently asked questions and comments.If you receive the error: EWaptCertificateUntrustedIssuer ('Issuer CA certificate CN=blemoigne,C=FR can not be found in...

read more
Demonstration

Group demo

21/11/2024 : 10h30 - 11h30

Let's go !