5 Ways to Improve Network Security
Securing facilities and infrastructure from vandalism, threats and unauthorized access is a top priority for many public agencies and utilities. Expansive territories with numerous remote sites and devices presents an added challenge for these organizations.
A break in security can potentially threaten the health, security and well-being of thousands, if not millions of people. So how does one approach this challenge? In terms of physical sites, security and monitoring has been prioritized, with locking mechanisms, barriers, video surveillance and alarms being installed. But what about your network? As more and more devices are integrated and networked, protection of those devices, and the data, is increasingly critical.
With that in mind, there are 5 basic steps you can take right now to improve network security:
1.) Strong, Unique, Non-Default Passwords on All Networked Equipment
You’ve probably heard it before, but you’d be surprised how often we encounter default or overly simplistic passwords on networked devices. This is still a common gateway for unauthorized users and something you should routinely update.
We recommend a password of at least 10 characters, though the more the better. Passphrases are encouraged over complex passwords with numbers and symbols. Passwords with letters, numbers and symbols are generally harder to remember, so users are more likely to write them down or save them in their browsers, both of which aren’t ideal practices. It’s also easier to hack passwords where numbers and symbols are used in words to replace certain letters.
Alternatively, a passphrase (a long password including a combination of random words and spaces, such as “paint strong baseball kids”), has proven to be easier to remember and harder to hack.
2.) Enable Over-the-Air Encryption
It’s important that all networking hardware, including WiFi, data radios, etc., have over the air encryption capabilities. If not, this is a clear sign that your network should be updated. Encryption is the process of encoding data so that hackers can’t understand it; only authorized parties have access.
AES encryption is recommended as the standard, with a 128-bit or larger keysize. Over the air management allows you to load new encryption keys remotely. If a radio or device is stolen, all radios in the system can be re-keyed over the air in order to block the stolen unit.
3.) Restrict Traffic Flow In & Out of Your Network with Firewalling
Firewalls prevent unauthorized devices from accessing a private network and are typically implemented via software. Conversely, a firewall can also allow remote access to authorized users via device identification; a useful feature in managing numerous remote sites.
As radios are remote access devices, you may want to use a whitelist on remote radios to only allow traffic to a central SCADA server and/or necessary PLCs. This ensures that if physical security is compromised at a remote site (such that someone can access a radio’s Ethernet ports), access into the customer’s network is minimized to the fewest possible devices.
4.) Disable Unneeded Remote Administration Interfaces
Most devices provide various remote administration interfaces in order to configure the device over the air. However, over time security vulnerabilities may be discovered in the underlying software used by radios and other networking hardware.
In order to minimize risk, we recommend disabling remote access interfaces that you aren’t planning on using, such as Telnet or SSH. On our XetaWave radios, these settings are found under Management > Advanced Settings.
5.) Plan & Deploy Software & Firmware Updates
One of the central purposes of software and firmware updates is protection against evolving security threats. That is why all devices should be regularly scheduled for software and firmware updates. Building this as a recurring event into your calendar and having a deployment plan, including who, how and when updates will occur, will make the process easier and more regular, lowering the chances that this will fall to the wayside.
Have questions? Elevate Wireless can assist in improving your network security. Please reach out to us at firstname.lastname@example.org, or call 408-642-5458.