Network Security Best Practices

The Importance of Network Security

Businesses, large and small, need to secure networks from the next attack. As we learned in the 2021 Security Report, threat actors are opportunists. When the pandemic began and workers shifted to a work from home model, cyber threat actors took advantage of vulnerabilities in VPNs and stepped up phishing attacks targeting remote workers.

In the report there were 5 simple, easy to remember recommendations for improving your cyber security stance:

• Change your security settings from detect to prevent.
• Secure everything; networks, mobile, endpoint, and cloud.
• Consolidate security to improve visibility.
• Implement the zero trust, “trust but verify” model.
• Be cyber-aware and use this threat intelligence to your advantage.

If there is one takeaway, it is to adopt a cyber security mindset. To quote Dr. Dorit Dor, VP Products at Check Point, “security is an enabler that unlocks innovation and helps to safeguard the future – for all of us.”

5 Network Security Best Practices

With a growing and evolving cyber threat landscape, effective network security is vital for every organization. We’ve compiled a list of the top five network security best practices to help your organization protect itself against Gen V cyber threats:

#1. Segment, Segment, Segment

The first best practice is to segment your network into zones. Basic network segments for a perimeter-based network firewall in a small organization are designed to isolate it from external networks, maybe creating a demilitarized zone (DMZ) and internal network.

Internal network zones may be created using functional or business group attributes. Examples of business groups include HR, finance, Research & Development, visitor Wi-Fi access. Examples of functional groups include web, database, email, core network services (like DNS and Microsoft Active Directory), and IoT services like building management or surveillance systems. Segmented networks enable the setup of least privileged access across zone boundaries. This is the foundation for zero trust and our next security best practice.

#2. Trust but Verify

In the zero trust model, data can be considered the new perimeter. Access to that data is allowed only to the people, devices, systems, and applications that need it as part of their defined role. To implement zero trust, deploy role-based access controls and identity management systems that can verify access.

This includes:

• Using multi-factor authentication for people.
• Ensuring the device or machine where they are making the request from complies with company requirements (e.g. is not in an infected or rooted state).
• Using PKI-based certificates to verify and identify applications and systems.

Once verified, the connection context and device can be monitored for any change in state. For example, a connection context change may occur if the client uses a network or application exploit once the connection is established. This can be accomplished using IDS/IPS technologies.

#3. Secure IoT

IoT security is an extension of the “Trust but Verify” best practice. IoT devices connected to the network are ubiquitous today. Like shadow-IT, employees may connect IoT devices to the network without first getting approval. Unfortunately there is a good chance the device is vulnerable, and, if it is exposed to the Internet, it has a good chance of being discovered and compromised by bot networks.

Companies can discover the devices when they’re connected using products that specialize in IoT for different industries, such as enterprises, healthcare, manufacturing, and utilities. All industries are vulnerable to enterprise IoT devices such as IP cameras and HVAC or building management systems. Include solutions that detect these IoT devices as well. In industries like healthcare, manufacturing, and utilities that use sanctioned IoT devices in production, apply security controls that do not impede the IoT devices normal functions.

Securing IoT involves:

• Discovering and classifying the IoT device.
• Automatically segmenting the device using firewall policy.
• Preventing exploits of known vulnerable devices using IPS technologies.

#4. Enable Security

Here, we get back to one of the five recommendations we mentioned above: change your security settings from detect to prevent. First, enable security that matches the data, device, user, or system that you’re securing, including:

• Safe Internet Access: Users accessing files on the Internet will need advanced threat prevention technologies such as sandboxing and Content Disarm & Reconstruction (CDR) to protect them from malicious files.
  • CDR enables them access to only safe files while the files are emulated in a virtual sandbox to watch for maliciousness.
  • Likewise, users should be protected from visiting sites that are malicious and serving up drive-by malware.
  • No user is safe from targeted spear phishing, so anti-phishing protections are vital as well.
• Secure Data: Prevent the inadvertent loss of sensitive data with Data Loss Prevention (DLP) technologies. Users sometimes inadvertently or out of convenience may send work to a personal email. DLP technologies provide security and visibility into how employees are using company data.
• Device Security: Firewalls enable control of large groups of computers, but sometimes granular device security is needed.
  • Device security products that secure laptops and BYOD devices apply the zero trust model’s micro-segmentation best practice by creating a security layer for these mobile devices.
  • Endpoint security and EDR solutions that protect laptops and computers with anti-ransomware that detects when files are at risk, can automatically restore files to their safe state, and can provide rich and detailed information of how a malware infection started (even when from connecting a malicious USB device).
  • Mobile threat defense solutions protect BYOD and company-owned mobile devices from malicious apps and can detect when a device is rooted or jail-broken. When combined with an MDM/UEM solution only compliant mobile devices can be allowed access to corporate assets.
• Cloud-Native Security: Cloud technologies virtualize networks, workloads, and applications. Securing hybrid data center and hybrid cloud (public and private cloud) infrastructures requires cloud-native security technologies that are agile, dynamic, and can scale as these infrastructures grow or shrink. This can be achieved with DevSecOps, i.e. including security in DevOps CI/CD pipelines to automate security, prevent threats, and manages posture across multi-cloud and hybrid environments.

#5. Security is a Process, not a Product

Here, we revisit one of the top cyber security recommendations from the 2021 Security Report: be cyber-aware and use this threat intelligence to your advantage and what this means when applied to network security

• Create and Communicate your Security Plan: Primarily, this means having a security plan in place and communicating this to your employees to ensure they follow company guidelines. This, along with employee training, will help increase their awareness and provide guidelines for them to follow as well.
• Build Resilient Security: The likelihood that any company will be attacked is high, so it’s important to design and create resilient security systems. Cyber security resilience ensures your business continues to operate even when under attack.
  • This means having security that is not a single point of failure, i.e. using firewalls in an HA or better yet an Active-Active load-sharing cluster like that in a hyperscale network security solution.
  • Additionally, this means following the first recommendation from the 2021 Security Report: change your settings from detect to prevent. When you prevent attacks, you save time trying to control the infection from spreading laterally within your networks.
• Audit Regularly: Performing regular security audits can identify vulnerabilities in systems such as open ports, insecure protocol use (TELNET), and configurations that are not secure (using default passwords).
  • Another security audit finding may show that sensitive data that is not secured at rest, in transit across the network, or while in use. Encrypting data at rest and using VPNs can help secure data from eavesdropping and when a breach occurs.
  • Security audits can be augmented by hiring a third party to do penetration testing or a security assessment to identify security gaps.
• Security Maintenance: The top consideration here is to regularly backup and update your security systems and other connected network devices.
  • Even firewalls can be vulnerable. Follow 8 Firewall Best Practices for Securing the Network for hardening your firewall and the firewall security.
  • Regularly backing up system configurations and data will help you recover when systems fail, administrators make mistakes, and, in a worst-case scenario, when a breach occurs.
• Security Change Control: Having a change control process in place reduces configuration errors, ensures changes are tracked and their effect is analyzed and gauged.
• Optimize Security: In addition to performing regular audits, security systems should be monitored to ensure they’re performing well as devices are added to the network or more load is placed on the network.
  • Firewalls need to do deep packet inspection which can add latency and lower throughput. Use security systems that can scale as needed to meet demand.
• Be Proactive: Sophisticated threat actors plan their attacks by doing reconnaissance, researching their target, and creating multi-vector and targeted attacks. This may mean registering a domain similar to your company domain and using carefully crafted phishing techniques that will trick users into unknowingly giving up their credentials.
  • SOC teams can benefit from tools that exist for searching the dark web to find early stages of an attack that can help identify attacks before they occur.
  • Similarly, using the MITRE ATT&CK framework can help identify tactics and techniques used in an attack and reduce the time it takes to remediate the effects of an attack.

Network Security with Check Point

For nearly thirty years, Check Point has set the standard for Cyber Security. Across the ever-evolving digital world, from enterprise networks through cloud transformations, from securing remote employees to defending critical infrastructures, we protect organizations from the most imminent cyber threats.

Modern cybersecurity requires protection against sophisticated Gen V cyber threats across an organization’s entire IT infrastructure, including networks, cloud-based deployments, endpoints, mobile, and IoT devices. Check Point Infinity is a cybersecurity architecture that provides consolidated security management, offering single-pane-of-glass visibility and control over Check Point’s entire portfolio of cybersecurity solutions.

These solutions are informed by Check Point ThreatCloud AI, which uses artificial intelligence and the world’s largest cyber threat intelligence database to stop the latest cyber threat. To learn more about how you can use Check Point threat intelligence tools, sign up for a free demo.

Check Point Security Architects leverage their industry experience and employ independent frameworks, such as NIST CSF, SABSA, and Zero Trust Architecture, to provide advisory and assessment services to secure customer networks from threats. You’re welcome to sign up for a no-cost Security Risk Assessment today.