WitNetwork Segmentation on Firewallh an increasing number of smart devices being added to small and medium sized business networks, it is worth considering how these devices can become a security risk to your business.  For several years now it has been necessary to separate guest WIFI networks from the business network, both to stop guest machines from introducing malware into your network and to stop nosy guests from poking around on your private business network.

As data security specialists, we keep a close eye on what is happening in the industry.  In recent years we have seen an increasing number of reports of devices such as printers, security camera systems and other “Internet of Things (IoT)” devices being targeted. They can then be used to provide a staging post for attackers inside your network. In this context, for example, there is probably no reason why your networked security camera system should be able to communicate directly with your business PCs and servers. There is even less reason for your network-enabled thermostat, Smart TV or Smart Projector to be able to do the same.  Compromised devices can also be used to launch attacks on others, using your network infrastructure and risking your business connectivity.

With this in mind, we have been doing more work for customers in properly segmenting their networks to minimise the risk of one compromised device causing more issues than it should. There have been a number of high profile cases over the past few years where such devices have been shown to be very vulnerable – see here, here and here for some examples.

In many cases, for simple data security purposes in small businesses, it is possible do a basic segmentation where core business devices reside on one network segment while devices which solely need external internet access reside on another, completely separate to the first. In other circumstances, you may choose to have a segment for your core business devices, another for security devices such as cameras and recorders which need to communicate between themselves, another for internet only devices and perhaps a final one for devices belonging to guests.

In order to implement this type of segmentation, you typically need a small business firewall device which is capable of creating the segmented networks that you require. It will also allow for the creation of rules about the circumstances in which one network can communicate with another.

Depending on your network architecture, you may also require a smart network switch that allows the segmented networks defined by the firewall to be distributed around your premises in a secure and isolated manner.

Network segmentation does require some thought and the wrong architecture can be a cause of frustration. Almost all network segmentation comes at the cost of convenience, as does most other types of security. However, when it comes to securing the crown jewels of your business, you may decide a little inconvenience is worth it for a lot more security.

Working with our data security specialists will allow you to understand how best to segment your own business network, making the most of your firewall and minimising the risk that a single vulnerable device will lead to a more serious data breach. Give us a call today to see how we can help you bring improved data security to your business.

______________________________________________________________________________________________

If you need advice please don’t hesitate to call one of our qualified engineers. We will be delighted to help.

021-4642096 

Business Hours: Monday – Friday 09:00 to 17:30