7. Use VLANs
Not everyone in your small business necessarily needs access to the same network assets. While you can determine and set access with passwords and permissions on applications, you can also segment your network with VLAN or virtual LANs.
VLANs are almost always part of any business class router and let you segment a network based on needs and risks as well as quality of service requirements. For example, with a VLAN setup you could have the finance department on one VLAN, while sales is on another. In another scenario, you could have a VLAN for your employees and then setup another one for contract or guest workers.
8. Get an IPS
A firewall isn't always enough to protect a small business network. Today's reality is that the bulk of all network traffic goes over Port 80 for HTTP or Web traffic. So if you leave that port open, you're still at risk from attacks that target port 80.
In addition to the firewall, Intrusion Prevention System (IPS) technology can play a key network security role. An IPS does more than simply monitor ports; it monitors the traffic flow for anomalies that could indicate malicious activity.
IPS technology can sometimes be bundled in on a router as part of a Unified Threat Management (UTM) device. Depending on the size of your small business network, you might want to consider a separate physical box.
Another option is to leverage open source technologies running on your own servers (or as virtual instances if you are virtualized). On the IPS side, one of the leading open source technologies is called SNORT (which is backed by commercial vendor Sourcefire.
9. Get a WAF
A Web Application Firewall (WAF) is specifically tasked with helping to protect against attacks that are specifically targeted against applications. If you're not hosting applications within your small business network, the risks that a WAF helps to mitigate are not as pronounced.
If you are hosting applications, WAF in front of (or as part of) your Web server is a key technology that you need to look at. Multiple vendors including Barracuda have network WAF boxes. Another option is the open source ModSecurity project, which is backed by security vendor Trustwave.
10. Use VPN
If you've gone through all the trouble of protecting your small business network, it makes sense to extend that protection to your mobile and remotely connected employees as well.
A VPN or Virtual Private Network lets your remote workers log into your network with an encrypted tunnel. That tunnel can then be used to effectively shield your remote employees with the same firewall, IPS and WAF technologies that local users benefit from.
A VPN also protects your network by not letting users who may be coming in from risky mobile environments connect in an insecure fashion.
You Can Secure Your Network
You may be a small business, but you can use these 10 tips to help secure your network. Though hackers don't discriminate against small business, they also tend to target the low-hanging fruit and the easier targets.
Lock down your network with a properly configured firewall, understand your own internal network with locked down IPs, VLANs and VPN, and you'll be ten steps ahead of the low-hanging fruit.
Small Business Computing is on Facebook. Join us on Facebook and interact with the site's editors, post messages, share your small business challenges and successes, discuss technology and suggest topics you'd like covered on Small Business Computing.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|