Data Security (Inc. Data Loss Prevention), Cyber Security, Privacy, Website Security, Email Security, Malware/Viruses, Open Source Intelligence, Cyber Security/Product Training

SME IT security: creating a simple and affordable bullet-proof closed network

Ask anyone “what makes computers today insecure?”, and the answer will inevitably be “evil hackers and viruses”.

The simple answer to the question is the network cable or wireless network connection. Take away the internet connection and your computer or network is close to being 100% secure since no one outside can connect to it. The only other vulnerability is physical security ... when someone breaks into an office to steal hard drives or computers.

So, you may wonder, how can you create a highly secure network which is simple to create and not expensive to run?

The simple (if impracticable) answer is to take a leaf out of Iran’s book and take away the connection to the outside world (the internet), Once generally seen as the attacker, Western states are (allegedly) attacking Iran to sabotage operations. For more information see Iranian state goes offline to dodge cyber-attacks published in August 2012 by The Telegraph.

For more practicable solutions you will need
  1. Network attached storage – £100 upwards
  2. Router with basic firewall - £50 upwards
  3. Desktop computers - £250 upwards
  4. Optional internet connection
  5. Optional backup USB hard drives
  6. Removable media blocking software
Option #1
Connect all the computers to the router and configure the Network Attached Storage (NAS) so that all computers can access it as a shared drive.

The only problem here is if the NAS fails you have lost all of your data so it is a good idea to buy an external hardware encrypted USB hard drive.

Software for £10 can be bought to sync all data from the NAS to an external USB hard drive every afternoon and this should be stored offsite.

To stop staff pinching files you should block all USBs, memory cards and CDs/DVDs.

The firewall/router should have all ports blocked with no internet connection plugged in and it should be locked away and out of sight.

For additional security all PCs (and possibly the NAS) should be encrypted fully to protect it if stolen.

Option #2
For those who wish an automatic offsite data backup option you should follow the above but plug in an internet connection.

Firewall rules should be 100% incoming blocked and all but one outgoing allowed.

A high-security offsite backup service should be used which lets you specify locally an encryption key.

Most backup services only need port 443 outgoing and this could be specified to only allow traffic to one or two IPs ... thus stopping incoming connections and stopping staff using the internet totally.

By using offsite backup, data will be held outside your office and should the NAS fail you have a retrievable copy.