Saturday, April 18, 2015

Starting at the perimeter for Cyber Security

I believe the old saying goes " A chain is only as strong as a the weakest link". Same goes for perimeter security and it is a place to start talking about a structured and layered approach.

In my previous blog I described your data being like money in a bank. It should take many layers to get even close to it just like in a bank. If you are a bad guy trying to steal money in the middle of the night the first order of business is trying to get in the door or inside of the building. The same goes with data on a network.

I am going to pause for a second and put a disclaimer out there for you. In this blog I am only going to describe the technology side of security. Not the actual physical security. Physical security is as important but for the sake of simply staying focused we will talk on the technology side. Many businesses do not think about the physical security aspect of protecting data but in later blogs I will go through some of the things I have seen and experienced that will bring to light how important that aspect of security is. Still with me??

Think of the Internet as the world outside of the door of your business. So you have a door on your business. Right?  Same goes for your network. You have to put a door there so it is not wide open that any body can come on in. Take a look around at your data and financials. We are trying to avoid that. The harder it is for the bad guy to break down that door and get in the more of a fighting chance you will have.

So this door. The door will be a piece of equipment that you probably have heard of at some point called a router. What that router will do is let traffic in and out of your door or doors (I will talk about those doors in a minute) and direct traffic (emails, data etc) to where it needs to go. I will not go into the gory details of how that works but it is kind of cool what it can do.

Now a router is not just a router in most cases. A router has on it something called a firewall (the better ones at least). Picture our bank again. Now think of that bank of having thousands of doors on it that can either be made to just let people in, just let people out or to let them go in and out. On the router these are called ports. Here is a very important part. There are a few doors every bank has to have open just to make sure people can come in and go out (when you surf the Internet you have to go in and out of one of those ports). The rest of them should pretty much be locked, sealed and welded shut so someone doesn't get into your bank without you knowing. This is typically done when it is first set up. 

Even more important is every door has a master key (this would be the admin password for the router itself which can be used to change settings). That key is known to the world and anyone with the key can get in the door and do what they please. So what do we do if we know we have a common lock with a common key?  Change the lock and key!! I can not tell you how many times I go to visit a new client and simply test the original password (typically either admin, password or 123456.. I am not kidding!!) and bang!!  I am in their router and able to do any type of voodoo I do including opening doors they don't know about so I can get in later. I just described how a majority of hacks on routers happen. CHANGE THE DEFAULT PASSWORD!  

Sorry for yelling but this is one of the simplest and most effective ways to keep a common hacker out of your system and so many times it just is not done. Anyway.. That is kind of routers 101 so to speak. I do have one item to add. Spend a few hundred dollars on a router. Please!! I have replaced countless inexpensive routers because frankly they just are pretty easy to breach. I wont mention brands hear.  

I will mention several brands that I like to work with that really are solid. My favorite is probably Watchguard ( . Excellent product! Very powerful if you need it but also does a fantastic job of updates on their systems and I just do not have problems with failures. Averageish cost is $500. You can add services such as a web filter, virus protection and Intrusion detection but that where you would have to have someone who knows his stuff to be running it. Other brands I have used are Cisco, Dell Sonicwall and Fortinet. There are many more out there but any of these work for a small business without killing you in price. All make routers that are $100K + so lets just say you have a wide range.

There is one more thing to be addressed. I have run into businesses that would not put a router on thinking they were safe. Their provider of their Internet plopped this black box in (cable modem), hooked up to their stuff and sure as shootin they had Internet. They never asked if there was a firewall on there. Some do have that firewall, some don't and some just are not very good though it has been getting better. Don't just trust that black box. Many providers will not even give you access to see what is going on in case one day you have trouble. Put your own equipment on.

So in closing the router is your first line of defense for your network. If you want to tighten up your security this would be the best place to start. Not the only place though! Many more layers to go through. Aren't you excited? Next I will touch on wireless which is an area many businesses are not understanding is a wide open door into their system.. Till then...

No comments:

Post a Comment