//
archives

application access control

This tag is associated with 4 posts

V (5) Fundamentals of a Secure WLAN

Would you rather have something for free or pay for it?

Dumb question right? A free ticket to watch the Seahawks pummel I mean battle the Broncos in Super Bowl XLVIII beats paying $2,100 per ticket any day – unfortunately, not a choice you or I will likely have to grapple with anytime soon.

However, when it comes to wireless networking, this is a question we face all the time.  Do I jump on the coffee shop’s complementary network after ordering my quadriginoctuple-frap, or do I use my provider’s network and eat into my data plan?

I would hazard to guess that most of us choose the free option – especially if we are going sit there and nurse that beverage all day – a choice that is repeated every day at coffee shops all around the world. In fact, we have gotten so used to making this choice as customers that we expect Wi-Fi access everywhere, including at work.

And, while an increasing demand for wireless networking may not be breaking news, many organizations still struggle when it comes to successfully deploying wireless networks in a secure manner.

So, in the spirit of the Super Bowl example above (nice work Hawks), I would like to present what coaches often call the fundamentals – only here I’ll talk about five fundamentals of securing your wireless network.

And, I’ll use roman numerals.

But no X’s or O’s.

I. Have a Plan

If you rush out, buy a couple of wireless access points and chuck them on your network, you’ll likely just make things worse. Instead, take time to understand your goals and consider some important pre-deployment questions such as:

  • How many wireless users do I expect to have on my network?
  • How much wireless coverage and what kind of bandwidth do I need?
  • What kind of traffic do I want to allow/restrict? (Pay particular attention to social media and mobile applications.)
  • How will I restrict access to the WLAN (by device, by user, by SSID, etc.)?
  • Will both corporate and personal devices be allowed access to the WLAN?

It’s also a good idea to draft a network usage policy and have users sign it as this can help to encourage self-enforcement.

II. Implement Access Controls

Segmenting the WLAN (e.g. by VLAN), creating security policies for different SSIDs, enabling station separation, enforcing MAC control lists and user authentication can all help to ensure WLAN users, devices and traffic are only allowed to access intended resources.

III.  Synchronize Wired and Wireless Networks

Make sure your wired and wireless security policies don’t conflict.  If an access policy is being enforced on your wired network, ensure you are not circumventing it with your WLAN policy.

IV.  Use Strong Passwords

Create strong WLAN access passwords and change them regularly.  Some strong password creation tips can be found here.

V. Monitor, Adjust, Repeat

Regularly use monitoring tools and review traffic logs to see what’s happening on your network. This will help to ensure policies are being enforced as expected, identify new traffic types and applications to allow/restrict and recognize emerging threats.

To learn more about how WatchGuard can help you to deploy a robust and secure WLAN, check out our wireless page here.

Following a Devastating Tornado, Walker Schools Rebuilds Network to Offer Secure Access to Key Educational Resources

When a tornado tore through Walker School District’s data center in 2011, the devastation took 95% of the district’s technology infrastructure. Turning tragedy into opportunity, the administrators worked to rebuild and support the district’s commitment to creating amazing educational opportunities for their students. This meant technology that could support key educational resources, and provide access to online and internal applications, while keeping students and staff secure.

In regard to key applications, the school has partnered with NASA to bring online a lunar observatory at its Science and Technology Center, where students can use and learn from NASA technology. In addition, to teach students about sustainable food growth, Walker Schools has created a ground breaking k-12 aquaponics program, the first curriculum of its kind in a U.S. school system.

In order to meet the technical demands of the district’s 11,000 users, Walker Schools deployed WatchGuard XTM 2520, WatchGuard XTM 1050 and WatchGuard XTM 525 integrated security platforms to power its network.

The Walker School District needed a high-performing Unified Threat Management solution and found it in WatchGuard.

The Walker School District needed a high-performing Unified Threat Management solution and found it in WatchGuard.

The key element for the Walker administrators was being able to implement a system within a tight budget, yet still deliver speed, easy administration, and cutting-edge security, which they found in WatchGuard.

This commitment to providing a solid technology backbone for the various programs the district offers has resulted in the district achieving higher test scores since implementing WatchGuard’s solutions. In fact, the improved student performance have been so attractive that Walker Schools has seen an increased number of student registrations from outside the district. Students who previously attended private schools have now switched to Walker Schools after seeing the innovative learning environment that has been created with the help of WatchGuard.

Investing in WatchGuard’s unified security solution ensures Walker Schools will receive tremendous long-term value through high-quality hardware. Walker Schools has seen
a vast increase in speed and bandwidth capability as well as a reduction in malware and virus outbreaks. The new solution has been able to handle heavy network traffic seamlessly, increasing response time within the student information system. Choosing WatchGuard is predicted to benefit the district with continued use for the next five to ten years.

The district has assured its students a solid platform to build their futures and WatchGuard is pleased to be a part of that growth and development.

You can read the official Walker School District Case Study here. And as always, you can contact us with questions or drop a comment below.

BYOD Device Management and Web 2.0 – Protecting Networks in Schools

Just like Principals and Superintendents, school district Network Administrators are facing the challenges of having to do more with less. Many school districts only have a small handful of IT personnel to begin with, their budgets are being reduced and they’re dealing with challenges to network security management. On top of all this, new challenges are putting a strain on networks, including:

  • BYOD (bring your own device) – Many schools are introducing tablets and other mobile devices as educators move to new ways of teaching and learning. BYOD device management is now a major need in districts across the country.
  • Web 2.0 – With students using computers to access social media sites like Facebook and YouTube, and downloading information for studies from sites across the Internet, tools like Application Access Control are now ‘must-haves.’
  • Secure Remote Access – Cloud computing solutions and of course the surge of BYOD means that teachers and students alike need secure remote access to the district network to access documents for collaborative work they may be doing.

These are challenges that, just like corporations, require smart network security solutions that do more than just stop spam or encrypt email. The Cascade School District just outside of Salem, Oregon has five campuses throughout rural Willamette Valley that serve 2300 students with a staff of 300. According to Michael King, their Network Administrator, things were getting a bit out-of-hand:

The IT department employed a mix of point solutions, each with its own management needs. “We were using ISA 2006, Windows Server, Websense for web filtering, and Barracuda for anti-spam and load-balancing, and there were big expenses for each. Yet, we still couldn’t even do things like HTTPS, which is incredibly important these days with Facebook, Google, et cetera. And, it kind of defeats the purpose to even have a web filter in place if the students can bypass it.”

Cascade School District today is leveraging most of the best-of-breed UTM security services on our XTM Next-Generation Security Platform, which includes URL Filtering, Application Control, AntiSpam, AntiVirus, DLP and IPS. This allows their IT team to meet emerging security challenges mentioned above and faced by their district (explosion of mobile device usage by students and staff, application access control to key educational and online resources, and streamlining remote access for staff). Application access control also gives them a new tool to proactively prevent cyber bullying by controlling access to popular bullying platforms such as Facebook, SnapChat or Kik Messenger. They also are able to monitor traffic on its wireless networks and throttle down users who start to bog down the network.

In addition to meeting all the challenges to network security management, the school district is projected to save approximately $24,000 in fees and maintenance and a boat load of time by consolidating these numerous point solutions into one UTM security appliance.

For more on how we met Cascade School Districts networks security management challenges, check out the case study. As always you can contact us with questions or drop a comment below.

Three (Network Security) Roadblocks to Achieving Retail Success

roadblockAs we coast into the Nation Retail Federation’s (NRF) big annual show in New York City next week businesses of all types face the daunting task of securing their business network from outside threats. Perhaps it’s fitting that online retailers in particular are concerned with the growing number of advanced persistent threats that are poised to make 2013 a potentially busy year in data loss prevention.

So with the NRF just around the corner, here are three network security roadblocks that threaten the success of online retail organizations of all types:

      1. Giving all employees access to the same websites and applications. While it might seem like the fair, and certainly easy, thing to do is to allow all employees at all levels access to the Internet carte blanche, it can expose your company network to unnecessary risk. Part of IT security’s job is to balance the threat management with risk management, and this means determining which employees need access to what in order to effectively and efficiently do their job. Interview employees and departments and set up policies that allow you to manage Internet and application access control.
      2. Only focusing on ingress and not egress. Monitoring inbound Internet traffic is certainly critical for data security protection, but with drive-by downloads and increased redirection capabilities hackers can easily manipulate your outbound traffic to gain network access. We recommend road blocking your business to all outbound traffic as a starting point. Then add back in ports 443 and 80 so you have some web based capabilities and then add back DNS traffic so you have some name resolution. While not an easy thing to do, tools like our ReputationAuthority – part of our XTM network security solution – can make this task easier to manage.
      3. Not updating security to account for server virtualization. Virtualizing your IT infrastructure can be a great thing; it saves time in provisioning, saves money in hardware requirements and cooling, and provides IT scalability. But as Neil MacDonald at Gartner says, “Unless you put virtualized security controls – virtual sniffers, virtual firewalls, all the same controls you’d use on a physical server – inside that network, you don’t see what’s going on.” In fact, 84 percent of our customers are proceeding slower than they’d like into virtualization simply because of the security concern. Make sure you consider virtualization security solutions as part of your overall network security plan.

There are many other roadblocks that can hinder growth and expose data, and we’ll certainly be blogging about them in the days and weeks ahead, but these three are certainly important and worth consideration. For online retailers, customer data security is the foundation for success.

If you’re at the NRF Show in New York, swing by booth # 1681 and say hello. We’d love to see you!