Securing a Scalable Network


Note: This is a guest blog by Ken Fletcher, CEO of Quarterhorse Technology Inc., a  SonicWall Premier Partner based in New York.

Security is a major concern for small and large companies. When small companies hear the term enterprise-level security, the first thing that comes to mind is how much it would cost upfront and long term. Support is not just a dollar amount, it involves extensive management by trusted professionals.

As companies begin to outsource more of their IT needs to hosted applications and outside firms, internal staff are shifting their attention to network-centric issues. IT security has expanded from a firewall deployed at the perimeter and anti-virus installed on workstations to include mobile device security and user education. Network security has evolved to encompass securing non-company assets such as cell phones, tablets, and personal laptops that are utilized by end users to access company resources. Additionally, companies have started to invest in educating users on the multitude of ways a criminal can attempt to obtain sensitive information. This can include malware/ransomware and social engineering tactics.

The evolution of the next-generation firewalls

Firewall manufacturers are beginning to shift their focus from basic packet inspection to more intuitive and adaptive methods of traffic inspection. Security threats are constantly evolving and, as a result, firewall manufacturers have introduced next-generation firewalls (NGFW). An NGFW not only protects a network, but also its users. These firewalls go beyond packet inspection, and have the ability to scan for viruses at the gateway. They also include additional services such as content filtering (CFS) and intrusion prevention and detection (IPS/IDS). CFS can minimize the risk of employees visiting websites that contain malicious content, and increase productivity by eliminating access to non-work related websites. CFS can also be used as a liability protector by eliminating the risk of employees visiting controversial websites and subsequent lawsuits that could be filed against the company. If implemented correctly, these services can reduce the time and cost of management.

BYOD for the Real World

While some organizations are adopting a Bring Your Own Device (BYOD) model for their staff, these organizations are typically large, with significant support staff dedicated to managing the inherent issues that come with BYOD. Some organizations limit user’s remote access to company provided devices, allowing the company more control over security. Despite this, providing company-issued devices can be expensive to deploy and support. For example, companies have been inclined to provide a firewall for their employees’ home network in order to secure a device, such as a PC, that is being used for business purposes. This adds to the complexity of both the setup and support these devices for their employees. As a result, this methodology can limit the amount of personnel the company will allow to remotely access their network. Additionally, this method does not scale in an event such as Superstorm Sandy or the recent NYC blizzard to support the majority of employees that would be unable to commute to the office for work. As a solution to the drawbacks of both BYOD and company issued devices, many organizations have adopted a hybrid approach to secure BYOD devices. To accomplish this hybrid approach, companies are utilizing SSL VPN technology. This approach is less expensive, provides a high level of security and can scale quickly.

Today’s SSL VPN appliances can provide access to the network assets while performing a security checklist before allowing a connection through the use of endpoint control (EPC). EPC can determine a variety of properties about the device, including its OS version, patch level, antivirus, domain membership and equipment ID. EPC then compares the device’s properties against the predetermined requirements, and if the specified criteria is not met, access can be reduced or denied. While a technology with these advanced features sets may sound expensive,  SonicWall makes a SMA Virtual Appliance with virtual SSL VPN that includes EPC for under $500. On top of these features, it also includes the ability to generate one-time passwords which adds a second layer of authentication and protects against compromised credentials. SonicWall’s SSL VPN also contains a bookmark feature that can provide user-friendly access to an employee’s office PC, similar to remote control software such as LogMeIn or GoToMyPC. This feature does not require an installation of software on the office PC or monthly subscription cost.

Considering the human element

Security encompasses more than just hardware and software solutions. It is very common for companies to disregard the human element of security. Spammers are able to replicate emails from major corporations to a point that only a trained eye can tell the difference between a fake and legitimate email. Not only do these emails come from reputable names, but they can also appear to provide information which the user might be waiting for in a link or an attachment. One example would be purporting to have information about a delivery, such as a FedEx package. When the unsuspecting user click on a provided link, there is a chance that it will download malicious software that can encrypt files or applications and can give the attacker access to the company’s network. Companies are becoming aware of the need to adequately educate their employees to recognize these threats so they do not fall victim. While online training may cover a specific point, firms that specialize in awareness education generally offer a more comprehensive approach in training employees to identify these threats. These specialized firms can perform tests by sending spoofed or malicious emails to the trained users to determine if they are able to identify the threats.

As companies evaluate their IT infrastructure, they need to be cognizant of the perimeter, mobile and human elements that affect security. Implementing the correct strategy for each of these components will minimize security risks and reduce cost, while providing great flexibility.

Guest Author