Essential Steps to Network Architecture

Author Archive

Essential Steps to Network Architecture

Written by Scott Hall on . Posted in Infrastructure Management, IT News

Everyone has seen security checkpoints at the airport. They ensure that only those people who belong at the gate can reach them, and also that there are no bad actors on airplanes. But why are there so many gates? Luckily, they’re labelled in a sequential and logical fashion. So at the airport, multiple security checkpoints keep things safe, locked doors ensure I can’t enter areas I don’t belong, and accurate labelling helps direct everyone to where they need to be, safely.

Network segmentation works similar to security checkpoints and gates on network traffic.

So what is network segmentation?

In very short terms, network segmentation is the concept of taking a computer network and breaking it down, both logically and physically, into multiple smaller fragments. Physical segmentation involves breaking down a network into smaller physical components. It involves investing in additional hardware such as switches, routers, and access points.

While physical segmentation can seem like the easy approach to breaking up a network, it’s often costly and can lead to unintended issues. Think about having two Wi-Fi access points right beside each other, each broadcasting different SSIDs. This would be inefficient and cause many conflicts.

Logical segmentation is the more popular method of breaking a network into manageable chunks. Usually, logical segmentation doesn’t require new hardware, provided the infrastructure is already managed. Instead, logical segmentation uses concepts already built into network equipment, like creating separate virtual local area networks (VLANs) that share a physical switch, or dividing different asset types into different subnets and using a router to pass data between the individual subnets.

Segment a network to achieve the following:

Enhanced Security

By ensuring different groups of devices pass through a firewall, you can apply access control lists to the traffic and enable the concept of least privilege. It also allows the traffic to be inspected by security tools for potential threats. In a world where nothing ever went wrong, there’d be no need to contain a breach or attack. But the reality is that attackers can affect an entire network, unless they’re limited to a local subnet. And when things do go wrong, segmentation significantly reduces your mean time to resolution by narrowing the focus area of your troubleshooting and protection efforts.

Increased performance

Smaller subnets mean fewer devices on each subnet. Fewer devices mean you can build and enforce more granular policies, like access rules, and file permissions. Fewer hosts also mean less traffic and a smaller broadcast domain. Reducing the broadcast domain reduces ‘noise.’ All in, network segmentation contributes to better performance across the entire network and its segments.

Here are some common network segmentation methods:

Creating a guest wireless network

Theoretically a client’s guest network could be both wired and wireless but, almost always, the guest network is primarily wireless. By implementing a new guest SSID and ensuring it’s configured to provide wireless isolation, you’re effectively creating a segment for each user of the guest Wi-Fi, allowing them to see the internet without accessing anything else on the rest of your network.

Creating a voice network

Unlike guest networks that are typically wireless, a voice network is normally wired. Low latency and low jitter are extremely important for voice-over IP phones (VoIP) to get the best call quality, and mixing it with data traffic can reduce that quality. Voice networks are generally segmented into a separate VLAN and use a dedicated IP subnet range, away from routine data traffic.

Separating user groups from services

Does every user need access to the entire network? Should the receptionist in your client’s office be able to pull reports from the accounting system? Probably not. By separating user groups and services into their own segments or subnets, you can create groupings of similar users and services. You can then build data traffic around these groups, ensuring the right people can access the right things.

If you’re experiencing network issues, SOS can help get you where you need to be today.

 

Information Technology Then and Now

Written by Scott Hall on . Posted in IT News

technological audit

Looking back, 1995 was a pretty big year in IT. Almost 40 million people had Internet access, and that new email thing was catching on. The World Wide Web was exploding. Though some predicted the Internet was just a fad, many more went all in, kicking off what would become known as the dot.com boom:

 

Netscape, Microsoft, and Opera all launched their first web browsers.

Search engine AltaVista came online.

Amazon and eBay had just opened up shop.

Jerry Yang and David Filo registered Yahoo.com.

Hotmail launched.

 

Despite all this online activity, in 1995 a typical small or mid-sized business handled nearly all of its networking and computing on site. IT closets were crammed with servers plugged into hubs and bridges. Shelves and shelves of servers in the IT closet, all beige of course. Beige ruled in this land of office PCs. Everything was wired. And enormous.

 

In September, Microsoft made history with the launch of Windows 95, which, for the first time, added a graphical user interface to the company’s operating system. The product raked in $30 million in its first day of sale. Floppy disks, the 3.5” kind, were still plentiful though were slowly being supplanted by CDROMs. Phones sat on desks and were connected through wires. Cell phones — while not quite the bricks they used to be — were still big and relatively uncommon. No one had a Palm device. Software was purchased in a literal box and installed by hand on computers or servers.

All of this hardware was typically maintained by a team of IT specialists. It wasn’t uncommon for a company of under 50 employees to have four or five full-time IT people: a database specialist, a network specialist, a desktop specialist, and so on. If you managed an IT network in 1995, you probably handled Novell, Microsoft NT, and UNIX. And though user-facing operating systems were moving to a GUI, you spent your day in the command-line interface.

In 2019, more than three billion people worldwide have Internet access. Email is ubiquitous, along with instant messaging and texting. There are nearly 1 billion websites online right now, and that number climbs by the second. Good, unused dot.com domain names are scarce on the ground, giving rise to dozens of new top-level domains to satisfy demand.

And that typical small to mid-sized office now?

 

Laptops, not huge tower computers.

Smartphones (likely brought from home by employees) that come on and off the corporate network throughout the day. Wi-Fi everywhere.

VoIP for desk phones — if the company even has desk phones anymore.

Storage? It’s all in the cloud. All automatic.

 

Software is also in the cloud. Users buy and use what they want as they need it. They no longer need to go through IT for that. Companies still have network infrastructure on site — routers and switches have largely taken the places of hubs and bridges, and now there are wireless controllers, firewalls, perhaps a load balancer. But most of those servers are gone. So is the specialized team that used to maintain them. Now, a company of 50 employees might have one IT administrator, a generalist who keeps everything running. The budget that IT used to have for purchasing equipment and software for the office, and completing complex projects, has shifted away. It’s been allocated to finance, marketing, HR, and the other lines of business so they can buy the SaaS tools they need. No one knows what a DOS interface looks like anymore — except the IT administrator, who’s still working in the CLI all these years later.

 

So what’s the upshot of all this change?

 

In 2019, the IT function is more critical to business than it has ever been. In 1995, a user could work happily and productively all day long and not once need to access the Internet. Not being able to print was an inconvenience, sure, but they could do something else while that was being fixed. Now, if the network goes down, so does the business. Every system and every person in an organization relies on the network to get things done. And yet, IT no longer has the specialists or the budget to manage this business-critical operation. To make things worse, the IT administrator’s tools have not kept pace with change. It’s no wonder that in-house IT teams are struggling.

IT is overdue for a system that makes network operations easier, a system that recognizes the nature of today’s hyper-connected businesses. At SOS we understand these systems through and through. Partner with us today.

Setup for Success: IT Security for Everyone

Written by Scott Hall on . Posted in Computer Security

The consequences of malware, phishing attempts and breaches are known to be common amongst household name corporations in our times. Credit bureaus, video streaming and gaming console breaches as just some of the most recent that have made the news. Even though the resulting damages from these attacks totaled in the millions of dollars fiscally, the damage to their brand will take years to measure. Small businesses & start-ups do not have the financial, or social, capital to withstand these types of incidents without putting their very survival at stake.

The following are a few ways to ensure your business is facing modern threats as best it can:

Lock your network doors

In the same way that you wouldn’t dream of leaving your car unlocked, you shouldn’t invite cyber criminals into your business networks, either. Purchase a business grade firewall with comprehensive anti-virus and security threat definitions that are updated constantly. Stay current with your licensing to ensure you can meet the latest threats as they’re exposed. Do not rely solely on equipment provided by your ISP; these devices are intimately known by bad actors and have had their weaknesses make public knowledge.

Also, use SSL VPN connections for remote employees or after-hours access to your networks. Business grade firewalls can easily accomplish this.

Setting company policy

Size is rapidly becoming irrelevant in being an attractive target for cyber criminals. Teach employees and re-teach them about your security requirements and best practices as provided by your IT team.

Policy should include employees using company computers responsibly and not engaging in extra risky activities, how to spot phishing attempts in email, setting requirements for password complexity and expiry, and setting two-factor authentication wherever it can be applied.

Social Media Do’s and Don’ts

Social media is a part of our lives and isn’t going anywhere anytime soon, so reducing risk is paramount. Determine whom can speak for the business publicly and approve all social media content before publishing. When writing employee policy, cover social media sites like Facebook, Twitter, and the like in your non-disclosure agreement, especially their use on company time and premises. Assume the worst to get the best results. Encourage employees to limit the amount of personal information they share online for their safety and the safety of the business.

Protect with passwords

Passwords are the key to front line security, so they are important to protecting access to your networks. The more characters and variation you have, the stronger your password will be. Require strong passwords with a length of at least eight characters with embedded numbers, so you can stop simple attacks that guess passwords. Time out old passwords and require password changes frequently. Educate employees about why writing down passwords, storing passwords on cell phones, or using guessable choices puts company security at risk.

 

Get critical about Internet security

Stop the mad links. Don’t rely on employees to think about security. Restrict where and when they can access the network or Internet within the business. Along with guidelines for acceptable web use, select content filtering solutions that stop unacceptable use. URL filtering can limit access to unproductive sites completely or during business hours.

Bring Your Own Device

The level of adoption for employees bringing their own devices (BYOD) to work in the small and medium business market is soaring – but what about the security risks? Develop a plan. A BYOD plan will provide a safety net against legal repercussions and mobile system costs. Draft a comprehensive & clear BYOD policy that covers data deletion, location tracking, and content monitoring.

Regularly reflect on the benefits and impacts of BYOD programs. Most businesses adopt the BYOD trend because of the increased productivity and cost savings it can provide. However, not all take the time to gauge if the trend is worth the risk it can expose an organization to. Monitor your use of BYOD to help justify its deployment and prevent future device security problems.

Be Current

Be sure your mobile users, PCs and servers are using the best available threat intelligence and definitions. You are only as safe as your last update. Look for solutions that make use of remote servers or data centers to do most of the heavy lifting of security. Don’t rely on old antivirus. New methods of detection perform the equivalent of background checks on email senders, files, and websites to protect better and faster without slowing your PCs. Make it as simple as possible for your PCs to have the latest OS patches as well. Do not use end-of-life operating systems.

Choose a Security Partner

Select a vendor who understands the unique needs of security in a small business environment. Check their record. Vendors with a proven track record of years of defense against multiple threats, with knowledge of both small business and enterprise experience will be your best defense.

 

What you should know about RANSOMWARE

Written by Scott Hall on . Posted in Computer Security

Ransomware has become the scourge of the Internet. It’s so common that it no longer makes the news. In fact, it’s predicted that a business will fall victim to a ransomware attack every 14 seconds in 2019. The evolving nature of the threat makes malware attacks very difficult to counter. Regardless of the type of malware, they all have the same objective to encrypt or disable access to the files on a computer, or the network it is part of, and then demand payment for their recovery. Overseas, cybercrime labs often have budgets as large as or larger than the total spend of an enterprise level organization’s annual security budget.

 

Security analysts estimate that most hacking related breaches are because of stolen or weak passwords. Other attack vectors include vulnerabilities exposed in a web application, open or insecure network ports and email-based phishing. These are all sobering data points, whether you’re a large corporation or SMB. The impact of breaches can be highly damaging – monetary payments, lost data, productivity impacts, system downtime during recovery, just to name a few.

 

Although the different kinds of malware attacks have existed for years, the success of the latest generation is due in part to improved techniques. Machine learning and other heuristics help hackers learn about network and people patterns. This is very different from prior automated or cryptologic based methods because skilled IT resources and improved security software can detect and disable, or even prevent these kinds of attacks outright before they cause damage.

 

Ransomware falls into the broad category of malware. The definition of malware is to damage or disable a computer or an entire system. In one scenario of ransomware, the attack disables access to systems by encrypting files. The attacker then demands a ransom in exchange for a key to decrypt the files and regain access. Another scenario in the Ransomware attack is to simply lock one or more systems, so they can’t be accessed. Unfortunately, there’s no single solution that can stop this type of attack, despite many claims to the contrary.

 

This leaves two options in response:

 

The first is to pay the ransom which most all security experts advise against. This could make an organization a repeat target. The second, more realistic option is to use a multi-layered approach to make it more difficult for Ransomware and other attacks to succeed. Implement a security management practice that includes regular patching of all systems, services and software, including network device firmware, like IP security cameras, printers and scanners. Proactive measures reduce the likelihood of an attack being successful but there is no guarantee. Ransomware authors continue to get smarter, and their attack software usually include routines to find and delete or encrypt backups along with primary data. This means organizations can’t rely solely on backups as a response tactic, without taking additional security precautions and measures.

 

Given how many ransomware attacks succeed, educating employees to detect phishing and related attempts to penetrate the network is a must. Strengthening your security management practice with added employee training will help minimize your exposure to malware and maximize your response management. If you’re wondering where to start, SOS can help. Reach out to us today.

Securing the Airwaves: How can the Cloud be better?

Written by Scott Hall on . Posted in Cloud Hosting

data archiving

When establishing your IT environment, either on premise or cloud hosted, all organizations should always give serious consideration to the security. But how secure is the cloud? There’s numerous pieces of hardware in a datacenter where your information is travelling through or being stored. How can it be more secure?

When considering the cloud, the main fact is that while some of the methods and tools used to secure a network and data in the cloud are different as a physical server, the basic principles are exactly the same. Also, because the cloud runs in data centers staffed by experts from numerous technology specialties, data stored there is secured by the best people available in the industry today.

Security in the cloud is achieved through the implementation of technologies, infrastructure, and policies like any other network. Those used to secure datacenters, however, are suited to agile, large-scale environments and are certified by independent third-party auditors. Compliance with these audits show that datacenters are using the best tools and equipment available at the enterprise level that SMBs can take advantage of at scale.

Datacenters can be certified to show they are compliant with HIPAA regulations for systems that handle sensitive healthcare information – this is absolutely necessary for HIPAA-compliant cloud storage. When companies handle information like birthdays, addresses, and credit card data, they are also audited for PCI compliance too.  Any datacenter which has been audited and certified according to these standards absolutely proves it has the procedures and technical acumen to provide the best security to protect even the most sensitive business information.

Firewalls are the de-facto security for any network, including cloud hosted networks. A firewall is a hardware or software system which applies screening and rules to all the traffic of a network. Data passing in or out of your Cloud environment is inspected and filtered by the firewall based on a set of configurable rules, blocking dangerous traffic, and allowing the correct data in. This is what provides the network barrier between your systems and other systems in the data center. The rules governing a firewall must be managed closely, to meet changing threats and maintain security, a process best handled by managed service experts.

Businesses of all sizes, including Enterprise and SMB level, have been using the Cloud for years, and among users of every size cloud hosting is only increasing in every industry. Private businesses and governments are moving workloads of varying levels to the cloud, even with increasingly stringent security needs. This change is driven largely by lower costs, and the increased performance, and agility advantages delivered by cloud computing. A benefit central to this confidence is the realization that service providers offer experience and expertise which are far beyond most organizations, particularly those not dedicated to IT services, network security or data management. Committed, professional management is a major part of what makes any environment secure and efficient, cloud or on premise.

An expert managed service provider like SOS Technology Group provides the most benefit to any business, allowing anyone to benefit from the scalability and low cost of the cloud while providing the leading edge security needed today for any compliance needs. Contact us for a no cost assessment today.

Tech Headaches? We can help! Contact us now »