Businesses are increasingly using smart devices within the workplace and do not consider the security aspects of how these devices connect into their networks. The same can be said for domestic users ...
How many smart devices have you got connected to your business network?
Smart TVs, IoT devices, and sensors, such as smart thermostats and CCTV cameras, rarely receive firmware updates or patches to keep them safe from hackers. Therefore, they can be an easy gateway into your business networks.
"So, how do you stop a hacker from hopping from vulnerable devices into your servers?"
There are several ways of reducing the risk factor when connecting smart devices.
In a domestic setting, most (if not all) smart devices are connected by WiFi. The best option there is to create a secondary SSID or Wi-Fi network called a DMZ, with a different name and password from the main network. In simple terms, this would be like setting up a guest network.
For business users, with complex wired and WiFi networks, using a combination of routers, firewalls, switches and access points, there are numerous ways to add more security to the network. Routers and/or switches can have something called VLAN capability.
This is where you create a different path within the switch to allocate various IP subnets (for example: 192.168.0.1, 192.168.1.1 and 192.168.2.1) so to have pockets of isolation and it is easier to identify which types of equipment there are on the network. For example, all IP phones can be allocated the dot 0 subnet, all IP cameras the dot 1 subnet and so on.
You may even want to create port isolation and lock down each port on the switch to only accept a specific piece of equipment. For example, port 1 only allocates an IP address if it identifies the equipment as an IP handset and not an IP camera.
Depending on the size of your business, there may even be two (or more) internet connections and this can be used to separate the networks further. You could allocate one switch/LAN connection to WiFi-enabled equipment that does not require a fixed connection (for example, WiFi access points, Mobile phones and Tablets) and the second switch/LAN connection to fixed/wired equipment (applying VLAN configuration).
Ask your in-house IT team or your outsourced IT supplier to redesign your networks and get an external IT audit by a specialist PEN tester. A network penetration test shows all the possible leaks within your network and produces a working document from which to work from!
If your in-house IT team or your outsourced IT supplier does not have experience in VLANs or is not sure if your current routers/switches have VLAN capabilities, call in experts to keep your business as cybersafe as possible.
Until next time ...
PRITESH GANATRA
Would you like to know more?
If anything I've written in this blog post resonates with you and you'd like to discover more about smart devices and how you can ensure your business networks are protected, it may be a great idea to give me a call on 01604 926100 or take a look at my website which you can find by clicking here.
The word 'Technology' has too many connotations in today's world!
Where do we start? Simple terms like 'IT' and 'Telecoms'? or terms that appear NOT to have an actual meaning at all!, e.g. 'Internet of Things (IoT).
Technology also encompasses specialist products and services like 'Rugged' and 'Tough' android devices, Lone Worker Software, panic alarm devices, smart energy devices, low energy lighting, credit card terminal (PCI DSS) security, indoor/ outdoor Wi-Fi systems, Ultrafast Gigabit internet connectivity, access control systems, industrial IoT circuit controllers.
BTS UK can consult from simple solutions to the most complex, provide some of the products through a wholesale channel, bring together a multi-disciplined 'Task Force' to deliver and implement complete Technology 'projects'.
I am your technology problem solver and I look forward to helping you.
No unauthorised use, duplication, distribution or modification to any original content contained within this blog is permitted without prior written permission of the author. All other trademarks and registered names are acknowledged.
