X
    Categories: Data Center

Securing Network in Pandemic

Securing Network in Pandemic

In the event of the ongoing pandemic, all network administrators currently face this challenge. We provide work from home facilities to our employees but this outbreak has unleashed a more volumetric situation of securing the network. The answer to your problem is the use of Virtual Private Network which you have to make available to your employees to be able to access your network without risking your security. As you may have seen by now the productivity and cost benefits from allowing collaboration that dominates geographical barriers. It is easy to see that keeping your network secure is now even more difficult than it was as each uncontrolled remote computer potentially opens up the possibility of unwanted access to your network.
Here are some possible ways which help to secure your network ensuring the benefits of your VPN. The said solutions have already been implemented in Unbox Data Center making this Data Center worthy of my Trust and continued support.



A strong Authentication Method for VPN: In Microsoft Servers most secure authentication is provided by Extensible Authentication Protocol-Transport Level Security (EAP-TLS) used with smart cards need PKI and distributing smart cards securely. Here Microsoft Challenge Handshake Authentication Protocol Version 2 (MS-CHAP v2) and Extensible Authentication Protocol (EAP) provides the best authentication security while Password Authentication Protocol (PAP), Shiva Password Authentication Protocol (SPAP) and Challenge Handshake Authentication Protocol (CHAP) are too weak and frail, only to be easily broken.

Strong encryption method for VPN Access: On a network with Microsoft servers, it is necessary to have Layer Two Tunneling Protocol (L2TP) over Internet Protocol security (IPsec). Further, the Point-to-Point Tunneling Protocol (PPTP) is too vulnerable to unwanted access to be permitted unless your client’s passwords are strong (view tip No. 6). OpenVPN, a Secure Socket Layer (SSL) VPN, can be accepted with TLS-based session authentication, Blowfish or AES-256 encryption, and SHA1 authentication of tunnel data.

Limit VPN Access: VPN access ought to be limited to those with a valid business reason or cause, and only when necessary. It is a connection doorway to your Local Area Network, and should only be accessible when the need arises. Remotely working staff or employees should be discouraged from accessing the VPN all day just to check a mere e-mail. Commonly needed files should not be downloaded using a secure VPN connection.

Restricted access should be given to selected files via intranets or extranets rather than using a VPN. An HTTP Secure (HTTPS) Web site with safe password authentication not using basic authentication method exposes only a handful of selected files on a single server, not your whole network, and it scales better than a VPN.

Enabling e-mail access without the requirement of VPN access. On Microsoft Exchange servers, it is a common practice to set up an Exchange proxy server to permit Outlook to access Exchange through remote procedure call (RPC) protocol over HTTP, that is protected by SSL encryption. On other mail servers, enable Post Office Protocol 3 (POP3) and/or Internet Message Access Protocol (IMAP) mail receipt and Simple Mail Transfer Protocol (SMTP)i. It is a required criterion of secure password authentication (SPA) and SSL encryption to improve upon the security of these mail systems. Secure Webmail is another viable and reliable choice for remote working employees, especially when travelling and during the need to use other people’s computers.

Enforcement of a strong password policy is an immediate and of utmost importance. During the absence of two-factor authentication using smart cards or biometrics is a viable choice; your network is only as secure as the weakest password in use.No passwords should be kept permanently, it would be wise to use a word found in a dictionary for a password, use a number related to their telephone or social security number, or use the name of a family member or pet or a combination of alphanumeric digits. Passwords should not be easy to guess even by family members and should be lengthy with a large but quantifiable character set to be prohibitively hard for a password-guessing program to discover. This implementation method goes double for administrators to protect their security.

A strong antivirus, anti-spam and personal firewall protection should be an essential requirement of your remote users. Any computer fully connected to the VPN can possibly spread infections throughout the entire network, with the potential of bringing company business to a halt.

Quarantined users, from time to time connect to a VPN until their computer has been verified and declared safe. A client’s computer should not have complete access to the network unless and until it has been cleared for compliance with network policies, including checking for existing antivirus and anti-spam signatures, an operating system fully patched against critical security flaws, and no active remote-control software, key-loggers, or Trojans. The downside of doing a thorough scan at login is that it delays the user from working for several minutes. User experience can be improved for frequent VPN users by having the server remember each client computer’s scan history and reduce the scan level for several days after each successful scan.

Prohibit the use of other VPNs and remote-control software while connected to your VPN. Exposing your network introduces great risk which is the last thing you need. Existing VPN software sets the client’s routing to make use of the network’s default gateway after connection by default but is usually optional. Remote working employees discover that work-related Internet browsing becomes restrictively slow if all their traffic is routed through the same network, which will warrant them to turn this option off, but this will also defeat the purpose of protection against hostile sites that you have established at your proxy or gateway. The use of a personal firewall and a client for your proxy firewall enables employees to have safe remote network access without deteriorating their Internet connection. Establishment of clearly written policy about what constitutes acceptable Internet usage while connected to the VPN should be mandatory.

Securing remote wireless networks is essential. Employees working from home often at times use laptops connected to a cable or a DSL modem through their wireless access point(s). Unfortunately, most wireless routers are never configured for security, just merely connected and turned on. It is crucial to teach employees how and why; to configure their wireless routers and computers for WPA with a pre-shared key, how to configure their firewalls, and the importance of keeping their home networks secure. Maintenance of network security requires constant vigilance and maintaining VPN security requires even more. Adhering to these tips reduces your chances of likely to encounter VPN-related security breaches.

Arun Kumar: