A firewall is recognized as the first line of defense in securing sensitive information. For better safety, the data can be encrypted.
A firewall is software used to maintain the security of a private network. Firewalls block unauthorized access to or from private networks and are often employed to prevent unauthorized Web users or illicit software from gaining access to private networks connected to the Internet. A firewall may be implemented using hardware, software, or a combination of both.
Firewalls generally use two or more of the following methods:
- Packet Filtering: Firewalls filter packets that attempt to enter or leave a network and either accept or reject them depending on the predefined set of filter rules.
- Application Gateway: The application gateway technique employs security methods applied to certain applications such as Telnet and File Transfer Protocol servers.
- Circuit-Level Gateway: A circuit-level gateway applies these methods when a connection such as Transmission Control Protocol is established and packets start to move.
- Proxy Servers: Proxy servers can mask real network addresses and intercept every message that enters or leaves a network.
- Stateful Inspection or Dynamic Packet Filtering: This method compares not just the header information, but also a packet’s most important inbound and outbound data parts. These are then compared to a trusted information database for characteristic matches. This determines whether the information is authorized to cross the firewall into the network.
First step for secure small business or home network
What’s the first thing you do after buying a new wireless router? Chances are you would rather try out the faster connection speeds than configure your network security settings. However a “set it and forget it” mindset can leave your network open to vulnerabilities, such as Wi-Fi moochers or even hackers trying to steal your private data.
Help IT Tech takes routers and firewalls protection seriously and we want to encourage more users to better guard their data and networks.
Maintaining a secure small business or home network
Maintaining a secure small business or home network isn't easy, and even for an old hand in IT, it still takes time and energy to keep things locked down. Here are 10 of the most critical steps you can take to keep your data from ending up elsewhere, and none of them take much time or effort to accomplish.
1. Use encryption on your wireless access points (AP). Many site surveys have found half or more of all wireless networks are wide open, ripe for anyone to gather all the traffic and perhaps record your sensitive information by sitting in a nearby parked car. Some people mess around with locking down MAC addresses, but that gets unwieldy and a better solution would be to use WPA2 encryption. WPA2 is far better than other encryption methods that are more easily broken into.
2. If you have a wireless network, make sure to hide your SSID (service set identifier), or at least change its name to something common. All wireless routers should have obscure IDs when they announce themselves to the world. Rather than put in any real information that can make it clear who owns the router or that can divulge your location or business name, such as "Acme Systems, here on the 4th floor" or the product name like "Netgear," use something innocuous like "wireless" or "router1" that doesn't give away anything really critical.
3. If your router (wired or wireless) has a Web management interface, disable access from the outside network. And change the admin default password now. Most routers have the ability to do both quite easily. You don't want anyone else coming in and changing your settings or reading your log files.
4. Make sure all of your PCs use antivirus software and if you're using Windows, add antispyware protection. This seems obvious, but it bears restatiing. And while you are at it, check to make sure that all of your antivirus subscriptions are current. Anything out of date isn't doing you any good.
5. If you are running a Web server on your LAN, put it on a DMZ. If your router doesn't have a DMZ, get a new router. Better yet, move to a collocation facility where someone who knows what he is doing can manage it. Having your own local Web server sounds like a good idea, but is a real security sinkhole, and many cable networks have made it harder to host your own from your home network anyway.
6. Speaking of Web servers on the Internet, if you have them, you should scan regularly for exploits. There are many sites that can do this, two of my favorites are SPIdynamics.com and Qualys.com. Also, make sure to keep track of your domain registry and change all of your access passwords regularly. If you update your Web content, don't use FTP or Microsoft's Web page creation tool, FrontPage; instead, find more-secure methods that don't send your access passwords in the clear. You can learn about other ways to protect your Web site at OWASP.org.
7. If your ISP offers such an option, use a VPN (virtual private network) for access back to your local LAN or your remote Web server. There are many to choose from, ranging from the free OpenVPN.net to inexpensive but capable ones from SonicWall and Fortinet, which are designed for small business owners.
8. Disable file/print sharing on everything other than your file server. You don't need it on each desktop, and that just causes more vulnerabilities.
9. Use whole disk encryption on all laptops that will ever leave home. You never know when someone will steal your data or break into your car or hotel room and lift the laptop. I like PGP Disk, but there are others that cost next to nothing and provide plenty of protection. If you are in the habit of carrying around USB thumb drives with your data, then use one of the more modern U3 drives that work with Windows and are at least password-protected to keep your data away from others.
10. Start doing regular off-site backups now. At least start with making copies of your key customer and business data, and then make sure you cover your personal files, such as family photos and the like. Now is the time to cook up something simple. Burn DVDs and take them home, or make use of one of the online storage vendors such as eVault and Amazon.com's S3. They cost less than $100 a year (Amazon's less than $10 a year) and can save your data in case of fire, theft or just carelessness. If you have two PCs in two different locations, sign up for Microsoft's Foldershare.com free service to synchronize your data.
Now, there are plenty of other security options that will buy you peace of mind and make it harder for hackers, but these 10 items are easy to implement, don't cost much in terms of your time and money, and will have big security payoffs. Try to attempt one item each week and you'll sleep better at night.
Five Simple Steps to Secure Your Home or Small Office Wireless Network
Help IT Tech takes Wi-Fi protection seriously and we want to encourage more users to better guard their data and networks. Here are five simple steps to increase your home or small office wireless network security.
1. Change the Default Password
The first topic to address is the default admin password for your router. Manufacturer default usernames and passwords are well-known and easily accessible. If you leave the admin login credentials unchanged, even the most amateur hacker can enjoy unimpeded access to configure your router settings and view data being transferred and stored on your network.
Experts suggest creating a password that is at least eight characters long, uses a variety of character types (uppercase and lowercase letters, numerals and special characters) and doesn’t use your name or complete words.
2. Change the Default SSID
Similar to the admin username and password, routers feature a default SSID, which is the name of your wireless network. The default SSID usually contains the name of the manufacturer giving hackers more than enough insight to crack into the network. Moreover, leaving the default SSID in place is a red flag that other default settings are likely unchanged as well. Basically, it’s a big target for individuals looking for easy access to wireless networks.
When deciding on a new SSID, avoid including details about the make of the router or identifying information about its owner (family name, address, apartment number, etc.). The less information you provide the better.
3. Disable SSID Broadcasting
In addition to changing the SSID, you can choose whether that information is visible in the first place. Disabling SSID broadcasting through the router’s basic setting will force users to manually type in the SSID name and password before they can connect to the network. Although this won’t be completely hidden to the seasoned hacker with the right programs, it can keep your network name concealed from a snooping neighbor looking for free Wi-Fi.
4. Establish Secure Connections
Sonicwall TZ UTM Secure Firewall was developed by Dell to allow users to create a secure wireless connection with ease. You can connect an Sonicwall router to any enabled device, including many systems, with just a push of a button. This establishes a secure link that boasts the highest encryption levels supported by the Sonicwall client device.
5. Check for Firmware Updates
Router manufacturers are constantly fixing bugs and improving performance through firmware updates. These updates can include patches to vulnerabilities in your router’s security features.
If you have any questions about how to better protect your SonicWall wireless router, Cisco Router or Cisco ASA Firewall, contact us.
Get started with Network Security from Help IT Tech today!