Minimise Network Security Threats With Hardware and Software

A firewall can be used to examine incoming and outgoing data from the local area network (LAN) to the wide area network (WAN) to see if the data packets meet the criteria according to its list of permissions such as approved IP address and ports.

Physical authenticators such as mobile phones, card readers and YubiKeys can be used as part of MFA when a user logs into their account or attempts to make a payment online. The enrolled authenticator is paired with the user account or the computer. For example, a YubiKey paired with one device will not work on another device so the user accessing the said device will need to own and use the correct YubiKey. An account with one mobile number will send a verification code to that mobile number and not another, so the user being authenticated needs to own the said mobile number.

A router with a strong password can prevent unwanted users from accessing the LAN. The disabling of “broad SSID” or service set identifier of the router stops the router from broadcasting the name of the Wi-Fi network to the public so that the network is not detected by other smart devices, thus it is hidden. Any user would have to enter the network name or SSID and password to connect. That said, hackers can still uncover the SSID by capturing the probe requests from smart devices as they perform active scanning to connect to an access point. Therefore, it is important to have a strong password that is not the default factory password.

Hackers can also set up a fake Wi-Fi access point, or evil twin with the same SSID, to trick the victims’ devices to connect. This usually happens on a public Wi-Fi network.

Antivirus software runs in the background on a computer to detect and remove malicious software. It is updated as and when there is a patch so that it can detect the latest malware variants. It can also be used to check all the files on an external flash drive before it is plugged onto the main network.

Encryption algorithms can use public and private keys to verify identities between two computers, open a session, encrypt and decrypt data. The web traffic uses HTTPS which uses the secure sockets layer and transport layer security (SSL/TLS) certificates to verify the identities of the client and server before establishing an encrypted connection so that any input and instructions from the client to the server such as passwords are encrypted.

Security Information and Event Management (SIEM) is a software tool that analyses incidents that may be linked and displays the security information and network traffic anomalies on a dashboard for easy reading and real time incident response. This will alert the SOC analysts and help them see the bigger picture of all the incidents and determine if they stem from the same root cause. Instead of having multiple people working in silos patching different areas of the network, the bug can be handled centrally.