How to improve network security?

what is a cyber-attack, Methods used in cyber-attacks, cyber attacks, how to improve network security,

HOW TO IMPROVE NETWORK SECURITY?

With the increasing number of network security threats coming from the Internet, Network administrators need to keep one step ahead of cyber attackers. In this blog, we will discuss how to improve network security that helps you better protect your router and data network.

What is a Cyber Attack?

A cyber-attack is an attempt to gain access to your network from the internet to disrupt, disable, destroy, or gain control of your network infrastructure. The main aim of cybercriminals in most cases is to steal personal or financial information for financial gain.

Methods Used

There are many methods used by cybercriminals to gain access to or disrupt, your network and services. These include DoS and Denial of Service attacks, phishing attacks, ransomware, malware, MITM attacks, whale-phishing attacks, spear-phishing attacks, password attacks, SQL Injection attacks, and many others.

Cyber Attacks

As reported in news articles that there has been a cyber-attack on some organizations somewhere in the world. Recently even Microsoft's email servers were attacked. So there's a constant need to harden the security of your network. Cyber-attacks can come from different angles. One of them, Denial of Service attacks, can cause your server to become inaccessible from the internet. Spoofing attacks attempt to log into your router or even attempt to gain access through your VPN connections. So what can we do about it?

What we can do to improve network security?

Firewalls are the first line of defense to protect your network. They establish a barrier between secured and controlled internal networks that can be trusted, and un-trusted outside networks, such as the Internet. It's important to remember that firewalls cannot protect against viruses coming from infected media, such as an infected office document that a staff member might bring in on a USB flash drive. This will circumvent any security measures you have in place and requires the use of antivirus software installed on PCs to cut this risk.

1) Use the latest Firmware

Routers have several features that can protect against threats from the internet. Most of them are easy configuration changes that can help with network security, while others are built-in features that only need to be enabled. Ensure your router has the latest firmware version installed as it usually includes the latest security patches. For example, the most recent security fix in the latest firmware is to protect against Wi-Fi Frag attacks. This vulnerability can be used to steal user information or attack devices. So it is important to ensure your router always has the latest firmware version installed.

2) Use a restricted-access list when remote access enabled

If you need to access the router remotely to manage it, then it's recommended to restrict access to only known sources. You can do this by using the Access List function in the System Maintenance. This way only the IP addresses listed in the access list will be able to get access.

3) Use access-list with VPN tunnels

When accessing the router management page over a VPN connection, you can also restrict access by entering the peer IP address of the VPN connection. This will be the IP address of the PC at the other end of the tunnel. This way only authorized users will be able to access the router management page.

4) Use validation code - CAPTCHA

Another option you can use is to enable the Validation Code option which appears when you try to login into the router admin Web User Interface. Each time anyone then tries to log into the router, they will need to enter the temporary code that appears. This can protect the router from bot attacks where an automated bot or application continues to try a list of passwords found in a password list. Given enough time, any common password can be cracked, but if you need to enter a validation code with each attempt, then the job becomes much more difficult. While this still may not provide 100% protection, the idea is to make the job much harder. So that the hacker moves on to find an easier target.

5) Enable 2-factor authentication login

Two Factor Authentication provides strong protection against hacking. so it's a good idea to take advantage of it whenever it is available. You may have come across two-factor authentication before where you receive a validation code via a text message to your mobile phone number. That code then has to be entered, along with the correct username and password to gain access. Also, two-factor authentication can be used in remote dial-in VPN connections using the SmartVPN client.

6) Change management ports

Another thing is to change the management ports in the router. The default ports used are well known so changing the values to different numbers will make it more difficult for hackers to guess. But, a more secure way to manage your router remotely is to disable management from the Internet completely and use VPN to access the router management page.

7) Enable brute force protection

It is also recommended to Enable Brute Force Protection. These are when a hacker tries to log in to the router remotely, and they have no idea what the password is so they'll try every possible passphrase until eventually the correct login password is found. Enabling Brute Force Protection allows the Router to identify an IP address that has failed many login attempts, and block them for a set period.

8) Use firewall DoS defense

DoS (Denial of Service) is a networking attack that makes devices unavailable by flooding them with fake connection requests. These attacks are categorized into two types, flooding-type attacks, and vulnerability attacks. Flooding-type attacks will attempt to exhaust all your system's resources, while vulnerability attacks will try to paralyze a system by taking advantage of vulnerabilities of a protocol or operating system. The DoS Defense functionality in routers helps detect and mitigate a DoS attack.

9) Disable unused features such as unused VPNs

You should also disable any unneeded VPN services. This closes some doors for hackers. In later firmware versions, have disabled some of these services by default, so you will need to enable the required service if you need to use it.

10) Restrict access to the management console

Similarly, you should always disable unused services such as Telnet, SNMP, SSH, and so on. You can even limit access to the management console to certain LAN subnets. Syslog is a very powerful tool that will record a lot of events, and will sometimes show attempts to start a VPN tunnel or the IP address of a possible attacker.

11) Capture and check the Syslog regularly

A USB flash drive is adequate to collect the logs from the router. If collecting Syslog, it's a good idea to ensure that the correct time and date are configured in the router. So that the Syslog entries will have the correct timestamp. This helps to work out when an event occurred.

11 b) Sample of Syslog

It is good practice to check the router Syslog regularly to check if there have been attempts to gain access to your network.

Here is an example of an attempted login attempt from the Internet. All those "maximum retries exceed" messages say a possible brute force attack, and will give you an idea of what to look for when checking the Syslog.

12) Use a secure password for admin login and all VPN profiles

Another good idea is to make passwords as long as possible. It is now more and more encouraged to use sentences or several common words stuck together to make it longer. According to some security experts, having a sentence as your password can create a nightmare for hackers. The advantage of using a sentence is that it's much easier to remember than a string of random characters, and it is also more secure when used properly. Using secure passwords, it is recommended to change them regularly. That way if someone has managed to guess one, they'll be cut off and have to start the process all over again. Do that often enough and they're not likely to keep trying.

13) Re-sign and change the default security certificates for SSL or HTTPS access

Routers allow administrators to create and sign a custom certificate for SSL, VPN, and HTTPS connections. Due to security concerns, it is recommended to have a unique private key on each device for self-signed SSL. A recommended practice in the event of an attack is to re-sign and change the default security certificates in case they were compromised.

Summary

In this blog, we looked at what cyber-attacks are and what are the steps you can take to protect your router and your network from these attacks. Like using the latest firmware, using validation code, capturing, and checking the Syslog. Disabling unused features, enabling two-factor authentication login, using firewall defense, using secure admin password, enabling brute force protection, etc. This included looking at what security features are available in routers.