Myth: “My network/workstation/server is secure because it’s not connected to the internet/other devices that are connected to the internet.”
This IT myth is based off of what is known as “security through obfuscation”. Basically what it means is that you “think” you are secure because you have removed your machine from interaction with what could potentially harm it. In residential terms it usually consists of masking or hiding the broadcast of your SSID to your home WiFi.
In commercial terms it is generally seen as having some part of a network remove or restricted access to the internet. Because of this measure some businesses think that they can take a lackadaisical approach to things such as anti-virus and anti-malware security programs.
Unfortunately the harsh reality is that even these lonely islands are not safe by any means. Without access to the internet these machines are lacking the most basic of patches to their entire system; OS, internet browsers, etc.
These patches are the most basic security you can afford your machines and without them your system is 100% vulnerable to any number of malicious attacks.
Guilty parties at this point might be wondering why this method of security (if you can call it that) is such a bad idea, if in fact you never intend to place the machine anywhere near the internet?
The fact is that the machines in question will at some point come in contact with data from the internet and that data could be the log that breaks the camel’s back. It is commonplace to use USB drives in the business environment, they are convenient and allow the movement of data without a network connection. Much like children sharing beverages, unseen illness can spread to your segregated system(s).
Network segregation is not a poor choice when trying to protect your data and business, it just has to be done properly. A great start to this is using an enterprise grade security firewall. Do not try and skimp on this by using some rinky-dink home WiFi router with a firewall feature.
You need something much more robust that has advanced firewall settings and is capable of VLAN tagging. With some research you can easily purchases these upgrades to your system without breaking the bank. Next you should employ a managed switch that can handle VLAN tagging or if you are a smaller business a regular switch deployed with the aforementioned firewall router.
Use these two things to manage your newly segregated network and you are off to a great start. To top things off make sure to use a quality anti-malware/anti-virus program with each of your machines. Free programs of this sort are generally illegal to use in a commercial setting, so DON’T!
The idea of security through obfuscation has been debunked many times over by this point and should not be employed at all in our technology driven business environments. At a time when regulations are becoming more prevalent in any business we must be sure to maintain “reasonable expectations” for safeguarding ourselves and those we serve.
