SpartanTec, Inc. Columbia: Security Beyond Firewall: 7 Tips

False security perceptions are one of the biggest threats to IT and business today. It has been a long-held assumption that if your network perimeter is secure, everything will be fine. Management often thinks that network security and firewall are enough to reduce risks. We know this is not true. Take a look at the headlines and research reports such as the Verizon Data Breach Investigations Report.

Vulnerabilities are one of the main reasons for false security. They can get past firewall controls and go unnoticed. It is often assumed that if the virus gets past the firewall, it will be detected. Red flags will appear in audit logs and alerts to staff members, just like in the movies. This is false. Many of the root causes of today’s network attacks are hidden and thus out of our minds.

Security Tips Other Than Your Firewall

Based on our experience as a network security consultant, these are just a few of the vulnerabilities you can’t afford to ignore – there are many more.

Attacks on web applications, both internal and external to the network

The data loss, malware exploits, and the email phishing, the data loss and malware exploits that go with it

Attackers exploit missing patches and other vulnerabilities

Open network shares offer unaudited, full access to the intellectual property as well as the personally-identifiable information in the unstructured databases and files.

Schwach points in guest wireless network configurations that permit access to the production environment

Poor password standards not only at Windows domain level, but also across standalone systems like databases, network infrastructure systems and mobile devices

Data exfiltration of endpoints to the cloud and local USB storage

Although firewalls can provide better visibility and protect the network, it is unlikely that they will detect or prevent many of the issues listed above. This is especially true if traffic is encrypted, or completely hidden from the firewall’s view.

As your computer security program matures, you must be aware that there are always new risks in the network. To improve security throughout your company, identify the risks and fix them.