A Layered Approach to Network Security
While a one-size-fits-all, one-stop-shop network security solution sounds appealing — the fact of the matter is that no such solution exists. Just like there is no one magic medication that can keep the human body perfectly healthy, there is no one solution that can keep a network perfectly secure. That is why it is so important for organizations to adopt a layered approach. By combining different solutions that address different risks, organizations can ensure that all of their network access components are fully protected. Take a look at some of the security solutions that your business can layer for optimal protection:
Intrusion Prevention and Intrusion Detection Systems
Intrusion prevention systems and intrusion detection systems continuously monitor your network, looking for possible malicious incidents, and capturing information about those incidents.
A prevention or detection system can see if, for instance, there is an infected computer in the office contacting botnet command and control servers or any other kind of unusual traffic. The systems detect that abnormal behavior and inform you which system is performing irregularly. The IDS or IPS will block that system, and then allow you to handle it as you see fit.
These intrusion detection and prevention systems are all about visualizing the different things occurring within and to the network and then allowing the administrator to act on that information.
Antivirus software is a great program that addresses specific problems. Unlike IDS and IPS systems, the antivirus runs silently in the background without requiring an administrator or user to take many (or any) actions. These programs proactively stop malicious software and scripts from running on a device. If a malicious software or script does somehow make its way onto a device, the antivirus will remove it before it can cause any harm.
If an employee’s computer accidentally downloads and installs malware or trojans, the antivirus software will take care of those viruses without the user seeing the process. The unwelcome programs are just whisked away before they can cause any damage.
Antivirus is a non-negotiable for any device — however, it cannot replace IDS/IPS or be replaced by IDS/IPS. The two different solutions solve separate problems — and the two together can provide an even deeper layer of protection.
Virtual Private Networks
In addition to IDS/IPS and antivirus software, a VPN is another essential component of a layered network security strategy. A Virtual Private Network (VPN) is all about providing a secure way into a network. And while VPNs perform very different functions from IDS, IPS, firewalls, or antivirus software, VPN technology is still essential to network security and can provide many additional benefits. A VPN, specifically OpenVPN Access Server, is resistant to several different types of risks, and allows you to layer different security measures for a more robust solution:
- Bruteforce password attacks are not possible because OpenVPN Access Server has a lockout policy — it also logs failed login attempts so you can see if any unauthorized entities tried to break in. This allows you to differentiate between an employee who forgot their password, or a bad actor with malicious intent.
- OpenVPN Access Server has a hardened web server that is developed and maintained by OpenVPN.
- The OpenVPN processes that deal with incoming connections are protected in multiple ways. One of the ways is signing and verifying packets that get sent and received. That means unless you have the necessary keys, OpenVPN will drop the packets.
- Authentication uses a username and password combination but also offers multifactor authentication built-in using Google Authenticator. This is extensible with other authentication systems.
Layering In Action
A possible use case for a layered network security approach could be as follows:
- For a first step, an organization implements OpenVPN Access Server to provide secure remote access to company resources for geographically distributed offices and remote employees. The company can then enforce multi-factor authentication for the VPN to ensure that all entities attempting to access the network are fully validated.
- From there, the organization ensures that every single employee device is equipped with up to date antivirus and antimalware software. The company can also enforce automatic updates so that software currency doesn’t lapse.
- Finally, the organization can implement intrusion detection and prevention systems so that they are aware of all the potential threats they face, and develop an additional action plan if necessary.
While there are numerous components that can make up a layered network security approach, and this is by no means an exhaustive list, this lays out a good foundation for getting started.
If you want to get the first layer in place for optimal security, OpenVPN Access Server is a great remote access solution. Access Server works on a wide variety of devices: Windows, macOS, Linux, and mobile OS (Android and iOS) environments. That way your employees can safely connect regardless of what device they happen to be on. You can set it up yourself using our Quick Start Guide.
From there, be sure that all devices connecting to the VPN are protected with antivirus and antimalware software. Then, as a next step, you can establish an IDS/IPS that fits your organization’s unique needs.
Here are some antivirus and IDS/IPS solutions that you might find helpful:
No matter what solution you choose, remember that a layered approach is the best approach. By layering, you provide more comprehensive protection and set your organization up for network security success.