Small Business IT 101 – Network Security

IT Security, specifically network security, is one of the things we stress at Crossroads IT. If for no other reason than you don’t want to deal with a problem when you don’t have to. If you’ve read our previous posts, you’ll understand that we stress prevention and deterrence.

Taking the assertive approach to securing your information isn’t difficult or costly. Knowing how information gets exposed, how to protect yourself, and some guidelines can be very helpful. Trying to recover from having your information exposed however, that is both nearly impossible and can be wildly expensive. Having a plan in place should the worst happen is very important.

Over the next few blogs, we’ll discuss some easy ways to take care of your company and keep things where they should be. We’ll cover a range of topics:

• Network Security
• Email Best Practices
• File Storage
• HIPAA Standards
• Ransomware, Disaster Planning, & Recovery
  
  In the leadoff spot:

Network Security

At the heart of virtually everything in modern computing is some sort of network. Before we delve into how to protect one, we’ll ask the question: What is a Network?

Networks are the result of a pretty basic idea. You have one computer, you have another computer, and you want them to talk to each other. That’s it. That is all a network truly is in its purest form.

In the mid-90’s there was a game called Doom that served as a benchmark at the time and spawned a bunch of similar games. Of those clones, Duke Nukem 3D was our favorite. I knew two brothers whose parents had bought them each a Compaq computer. At the time, having a PC to yourself was a big deal and we set forth to linking them up. To link them, we ran a network cable across the hall. One connected, we proceeded to play Duke vs. eachother, it was great. This is a decade-plus before Xbox Live, or PSN, or any of those things. No internet needed and no obscene complexity. We just ran a basic network where the machines were yelling directly at one another.

Looking to get in on the action, someone introduced a third computer and suddenly things got a bit more harried. With a third computer, and only one network jack on each machine, how were we going to link everyone up? The answer was a router*. With a router, we had a single hub with which we could get everyone talking. Instead of three machines screaming inexplicably at everyone, the router could direct traffic. Commands that were intended to go to a specific machine, would go _only_ to that machine.

The Players

Router is a term you’ve heard of if you have any sort of network connection to the internet. In order for your computer or your phone to talk to the online world, the traffic needs direction. Subsequently, the response also needs a roadmap to get back to your phone.

In between the router and the internet is a device called a Modem. MOdulator DEModulator: MODEM (tech guys aren’t too creative). When you connect to any website, the modem is translating your command into something that the internet can understand. Prior to high-speed internet, commands were transmitted over the phone lines. This resulted in the halcyon days of trying to make a call and getting the high-pitched squeal still heard on modern fax machines**. I remember trying to muffle the wretched sound so my parents wouldn’t wake up.  

Let’s recap:

Group of computers – Network

Computer Traffic Cop – Router

Internet Interpreter – Modem

Why The Nerding lesson?

First, to establish that a network is not incomprehensible technobabble.

Second, in the case of routers and modems, to highlight these devices as destinations where internet traffic pauses for a moment.

Network traffic from station to station is very static and direct. There’s not much to it. Imagine sound waves in a tube between a noise and your ears. The tube is giving the sound directions on where to go. Network traffic is similar in that it goes until it hits a router or a modem or some other breakpoint.

Routers and modems serve as breakpoints due to decisions being made on how to best route traffic from station to station. The breakpoints are also the easiest place to intercept network traffic***. With that in mind, those breakpoints become fairly critical parts of your network and important to secure.

Securing Your Network

Which brings us to the main point: You undoubtedly have (or are part of) a network in some form or another. You’d be wise to ask yourself to secure it. There are a few really effective things to consider.

Strong Network Passwords

– Modern routers make it very easy for a user to change passwords. Changing both the admin and the network passwords periodically is a good way to make sure those who are supposed to have access are the only ones who do. For example, when you change the wi-fi password, your employees can have access once thier notified. If you had a guest drop in for the day, they won’t have the correct password any longer. There’s a hint of paranoia there, but restricting access is a key to security.

To change passwords, you normally just need the administrator password to the router and you can select whatever you’d like.  On older routers, the administrative credentials to the router were set to a default depending on the manufacturer, relying on the users to change them (they often didn’t). Now, they usually consist of a couple unrelated words (i.e.: VioletSunday, JavelinMinute, etc..) printed on a sticker located on the router itself. If you have an older router (5+ years), changing the admin credentials should be something you look into soon.

Strong Computer Passwords

– If someone who has malicious intent has access to one computer on a network, network security assumes they have access to the entire network. It’s more complicated than that, but from a security standpoint you assume the worst. When logging into your computer, it’s vital that the password is something relatively difficult to guess. IT professionals have varying thoughts on what type of password is most secure. Whatever your preference, passwords deserve a great deal of attention and I’ve written at length about this in a previous post, please check it out.

Update Your Software

– Operating Systems (Windows, MacOS, Linux, etc.) are all targets for some sort of attack. Microsoft, Apple, et al, know it and they consistently develop and fix their software against various types of problems. Running the most recent version of the supported OS cannot be understated. Viruses, malware, and other hacking techniques are often ahead of the network security curve. Problems happen before solutions but the major companies are good at adapting solutions before widespread problem. You should always try to stay within a few days of the latest security updates.

Update your Firmware

– What is firmware? Firmware is not exactly software, but hardware requires it. Think of it like a drivetrain on a car. You give the car input through the steering wheel (the software) to direct the car (the hardware). When you give input, the drivetrain takes certain pre-programmed actions to ensure the result. Firmware does much the same thing. Firmware is generally secure, but exploiting it does happen. Manufacturers release firmware updates infrequently, but when they do it’s vitally important to apply them.

Employ Firewalls

– Firewalls monitor network inbound and outbound connections made by your computer. The first couple months you use a new computer, when starting up some software that needs the internet, you’ve likely seen the pop-up asking you if you trust the connection. This is the firewall recognizing a new connection being attempted. The firewall puts the brakes on and asks “You really want this? You know what’s happening here? Is it expected?”.

The goal of the firewall is to manage trusted connections. If you download a virus and it’s trying to make an unrecognized connection, or the attackers are trying to leverage it, the firewall can potentially block this unwanted connection from being established. Small act with huge benefits. Firewalls are far more important than it sounds.

Update your Anti-Virus & Anti-Malware

– In 2019, this should go without saying by now. Network security is compromised by all manners of attacks: viruses, malware, trojan-horses… whatever you call it. Save for a couple ones that go rampant once every so often, viruses are not overly sneaky or innovative. Most of the time, those rampant viruses are totally preventable. Viruses normally exploit systems where the owners haven’t bothered to update any measures to stop them. Don’t be that user.

Above and Beyond

When it comes to network security, there are advanced methods that would make a good deal of sense, but these listed above are the very basics. The second-level techniques take a bit of forethought and a touch of planning, but the above can generally be actioned in a day or two.

Being that we wrote this article, Crossroads IT is obviously happy to take any of these steps. We can educate your users on their responsibilities and how to succeed. We can make sure you’re up to date, and we welcome to chance to sit down and discuss any further steps that would secure your company and give you peace of mind.

You never want your company’s security to be an active recovery situation. Logical preparations can make sure that you’re not a prime target for bad actors.

Keep an eye out in the coming week for the second part of our IT Security series: Email Best Practices.

* – This isn’t important at all, but it could have also been a Switch. Routers and switches perform the basic task of routing traffic like the phone switchboards of old, hence the names. They differ in specific functions and when you would employ them, but for the purpose of this example, they take care of the same job.

** – It also started the Great Phone-Line Struggle of 1996. I lost the debate to get a second landline installed, dedicated solely for internet. I believe it would have turned out differently if I were entrenched a bit deeper, but graduation was imminent and my parents gamble paid off when I moved out before securing victory.

*** – Worth mentioning that while network traffic is very point A – point B, it can be intercepted en-route. This is where encryption is important. If you ever see HTTPS in the website address, that’s indicating that traffic to and from that site is encrypted. There’s more to say on this, but just keep in mind when a website is warning you it expects HTTPS and only sees HTTP, that’s not a minor issue and you should be very skeptical about using the site.