Header image overlay

4 steps to a more secure business network

"How many devices are on our corporate network?" Few network administrators can answer this simple question correctly. But why is it so important to know this anyway?

Chances are you're also counting in your head right now, "We have this many employees, so that will be about...".

You can't overstate the final number enough. Or do you know exactly how many network printers, smartphones, tablets, IoT devices, smart presentation screens, VoIP and conferencing tools, camera systems, smart speakers, smart watches, access points, switches, servers, smart switches, virtualized devices, firewalls... are in your network?

We regularly find that network administrators dramatically underestimate this figure. And that is alarming, because any network device can be an attack vector. You will have to anticipate at least 4 factors to guarantee the security of your network even more.

1. NAC with Conditional Access

To measure is to know. Network Access Control (NAC) maps the hundreds, if not thousands, of devices within your network. You can protect them and give or take away access to the network. It is virtually impossible to do this manually. Fortunately, with NAC you can set some conditions yourself and you can let this process run automatically. For example.

  • Is it in your domain?
  • In the right VLAN?
  • Are the right certificates present?
  • Have all the patches been applied?
  • Are the antivirus and EDR active?
  • Where is the device located?

A device outside your NAC that wants to connect to your internet (e.g. visitors or a colleague's smartwatch) is either refused by definition, or cannot connect to your company network anyway.

2. Deepscan

With deepscan (Deep Packet Inspection) the network traffic of all devices is routed through your firewall inspected and checked for malware or suspicious actions. But it's not possible to inspect encrypted SSL/TLS traffic just like that. And that is easily 70% of all traffic in your network. With a well-designed NAC, your firewall will be able to inspect and secure encrypted traffic from known devices, because in this case, you are managing the certificates yourself.

But encrypted traffic cannot be inspected by visitors or external devices that are not within NAC.

Schedule security NAC and Deepscan | VanRoey.be

3. Patch management

Now that all devices in your network are known, it is of utmost importance to keep their soft- and firmware up to date. You want to avoid at all costs that a known vulnerability, for which a patch has been available for some time, is exploited by hackers or ransomware to gain access to your company network.

Updating all your devices manually as soon as a new patch is rolled out is a gigantic, never-ending task. Thanks to 'patch management' this can be done largely automatically. You can find this service in our Managed Services. Of course, there are also uncovered leaks, the so-called zero-days. How to protect yourself as good as possible against these, you can read here.

4. MFA

Now that all devices in the network are known and optimally protected, there is only one additional security measure left.

How can you be sure that the people using the devices or services are indeed your colleagues? Passwords are a vulnerability; they can be leaked, guessed or forced, and people often use the same password...

You can set up stricter password policies, but this is often counterproductive (post-its...) and causes a lot of frustration and time loss. The best solution is Multi-Factor Authentication (MFA). Users have to login to this system with 2 or more unique keys: some examples:

A hacker - even with a stolen device from a colleague, with the right credentials and within your company walls - still can't log in this way.

Of course, there are still plenty of ways to make your network even more secure, but these tips will get you a long way. Would you like to know how we can completely map out your network and/or how you can configure all these other things? Then we would like to help you.

vat no.*

"A hacker can't log in this way-even with a stolen device from a colleague, the right credentials and within your company walls."
Protection from Zero-Days?
What if unknown malware does nestle in your network? How quickly can you detect and isolate it?

Written by:

Els Bleys
Security Engineer

Els is 'a real VanRoeyer' and has already completed a fascinating growth path within VanRoey.be. She started many years ago as a Service Desk Engineer and progressed to Support Engineer for companies. After that she became a Support Teamleader. Her passion and interest in security solutions, combined with mountains of experience, make her a rock-solid Security Engineer today.

What will the future bring? Get an exclusive tour & plenty of inspiring sessions at the revamped Living Tomorrow. It promises to be another great and educational year-end event! See you there?

Attention: limited number of places!