Network setup best practices: 4 protection mechanisms all networks should have

In order to help protect key information and databases, many organizations will be very particular in how they set up their network and what protection mechanisms they put in place. But how it actually occurs and what specifically is used can vary dramatically from one organization to the next. A well-organized and well-protected network should always have the following features:

1) Separate Wi-Fi networks for guests and approved users

“Guest Wi-Fi networks are a key segmentation tactic.”

This one is becoming increasingly commonplace, and for good reason. By providing separate networks for both guests and core staff members to use wireless networks simultaneously, organizations can make sure that their customers have the connectivity they desire while staff can accomplish critical work both on the go and free from interference from non-staff members. This not only ensures adequate bandwidth for mission-critical activities, but it also can go a long way towards keeping everything and everyone safe.

This kind of network setup is ideal in a variety of settings, like hospitals and retail stores. In healthcare in particular, Wi-Fi segregation allows patients waiting for appointments to browse the web at their leisure, while also ensuring that doctors and other staff members can access electronic health records and communicate securely, among many other tasks. It also helps to keep guests away from the critical assets that healthcare teams need to view, so they are unlikely to be tampered with by patients.

Network segmentation can help ensure that hackers are not accessing the network at off hours.

2) Rules based on users and time of day

Not everyone in your organization needs access to all of your data all the time. For example, while your CTO and CIO should be able to look at databases containing customer information when necessary, the summer intern probably doesn’t need to see this data, nor should they be able to get even close to it. These kinds of user-based rules can go a long way toward stopping insider breaches, ensuring that only highly trusted individuals are able to look at and access the most sensitive data you have on hand.

Similarly, implementing rules based on time of day can be a helpful way to set up resources. Cybercriminals can often instigate an action during off-peak hours or on weekends. By ensuring that only a select few are able to access certain key assets and hardware during non-work times, these kinds of attacks can be mitigated. That way, no one can easily access databases at midnight on a Saturday, or any other off time.

3) A captive portal prior to access

For compliance or other legal purposes, it’s often necessary to require some sort of consent or formal written agreement on behalf of the end user prior to access being provided. A terms of use page is a good example of a captive portal. Not only can a captive portal help weed out some forms of malicious traffic, but this kind of documentation can also help protect an organization from fines should an incident occur.

4) Firewalls

A next-generation firewall or UTM solution helps to protect a network by allowing the administrator to create and implement complex rules to better filter out bad traffic and more effectively oversee the traffic that makes it onto the network. Firewalls are a crucial first line of defense for any network.