Skip to main content
SolarWinds MSP
  • Login
  • Support
  • Partnerships
    • Solution Provider Program
    • Technology Alliance Program
SolarWinds MSP
  • Products
    • Remote Monitoring & Management Protect your customers with a platform from the global leader in monitoring and management.
    • Backup & Recovery Manage backup for servers, workstations, applications, and business documents from one cloud-based dashboard.
    • Mail Protection & Archiving Protect users from email threats and downtime.
    • Password Management Easily adopt and demonstrate best practice password and documentation management workflows.
      • Passportal Demo
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Threat Monitoring Detect, respond to, and report on threats across your managed networks.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking to...

    I'm looking for...

    • Drive Efficiency with Automation
    • Manage my MSP Business More Efficiently
    • Manage my IT Department More Efficiently
    • Layered Security
    • Data-Driven Insights
    • Cross-Platform Support
  • Resources

    Webcasts & Events

    Resource Center

    • Ask the N-Central Experts
    • Daily Live Demos
    • Backup Foundations Training
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webcasts
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute Webinar Series
    • MSP Advice Project
  • About
    • Contact
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • Blog
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Passportal
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control

Design a Secure Network Now

Business IT providers and MSPs must design secure networks.

Imagine a scenario in which one of your employees is sitting at their desk, diligently working on a document when they receive an urgent call. From the “IT Department.” They’re told that their system has been compromised, and they need to take immediate corrective action to save their company (and their job) from ruin. So the employee dutifully handles over highly confidential information like IP addresses and passwords, for how could they not trust the IT Department in an emergency? This results in a malicious and devastating cyberattack on the company’s core assets.

This risk and others can be mitigated with the right measures.

locks securing the world

First: Inventory Systems and Policies

Think of this as examining the two great physical assets most organizations possess: their systems and their people.

  • Examine systems (on-site or off) to document what assets you manage. Many IT managers are shocked at what they find (e.g., applications that are not currently in use; servers that are extremely under allocated). As the MSP or IT provider, you need this information, and it will likely enlighten your client as well.
     
  • Interview employees to learn what they know and what kind of guidance they’ve received. What policy documentation is in place? What kind of training on IT security have they received?

A systems inventory is critical, for how you can protect assets you didn’t know you have? And how can you optimize environments without knowing what they contain?

Policies and training are also important, as employees are often the “weakest link” and are the least controllable asset in a company’s possession.

Second: Workshop Needs & Plans

This is a step that is easily missed, and it's the job of the MSP to point out to upper management that there is a need for your services. When MSPs point out a need, they need also to provide the solution. Once there is buy-in from the decision makers, MSPs need to communicate what needs to be done, the steps to do it, and any internal resources that are needed for alignment and execution. 

The best way to do this is:

  • Interview key management
  • Run workshops with managers

Carefully document these meetings and ask management to review and approve your mutual conclusions.

Third: Audit to Identify Vulnerabilities

To prevent intrusions to your clients' networks, it is critical that an audit is executed. Security gaps need to be identified, defined, and classified in terms of severity.

An audit accomplishes many things, including the following:

  • Provides the most comprehensive understanding of your overall security posture
  • Prioritizes risks and fixes to those risks to reduce exposure
  • Increases the integrity of your entire environment (physical assets and employees)

Focus on these Areas for a Secure Network Design

man choosing computer security

Physical Security

You might not chart physical security on a technical diagram, but physical security policy needs to be as specific as possible and communicated broadly – especially when the policy changes.

  • Organizations should set terms for accessing physical assets (stationary like servers or mobile like cell phones and tablets).
  • Policy documents should be tailored to those employees that have a need to access the hardware. Non-eligible employees should be alerted by emphasizing consequences for non-compliance.
  • Technologies that enhance physical security include RFID cards, premium locks, fingerprint reading devices, PIN pads and retinal scanners. Management may need to be advised that the company should not skimp on purchasing quality devices to enhance physical security.

Not to be overlooked: Any physical protection guarding sensitive areas around servers that hold critical business data.

  • If servers are off-site, the facility should provide documents containing their most recent security audits.
  • If servers are on site, multiple barriers to entry need to be created to protect data.

Unapproved access to encryption codes, network schemes, IP addresses or administrative user IDs and passwords could have a devastating effect on your company. MSPs and IT providers are encouraged to help their clients truly think through all of these physical components, even if the MSPs rarely visits the physical business location.

Get into VLANS with Subnets and QoS

VLAN (Virtual Local Area Network) refers to the splitting off of devices in your clients' network infrastructure logically while keeping them unchanged physically. VLANs can reduce the overhead of the network, make administration easier, and improve security.

Add Subnets

A subnet is like a VLAN in that it is also a logical separation in the network. Any network that has just one subnet in which a device is compromised has all devices compromised. This compromise could be a virus or a hacker. If this happens you’ll try to recover this one subnet all at once, but by the time you’ve secured one device, more may be compromised.

Subnets break the network into more places in which you can secure or segregate. These can take the form of packet filters or complete firewalls. IDS (Intrusion detection systems) have less work to do as there is less traffic to track.

Any intrusions into subnets are going to be more isolated and easier to troubleshoot. You can shut down access from that subnet to the rest of the network, for example, to prevent a virus or hacker from spreading. It is generally a good idea to have your most sensitive data, that from the HR and finance departments, on their own networks. This gives you far more control on machines with critical data.

Engage QoS

Quality of Service (QoS) is the third element to implement in a secure network design.

QoS acts like a traffic cop (within routers and switches) by giving priority for some VLANs over others. This is important not just for security, but also for any VoIP (Voice over IP) implementations. This is because, without QoS, latency can degrade the transmission of VoIP until dropped calls and other issues develop. QoS can hold the “stop” sign to data traffic to enable full transmission of voice data.

Add More and Better Firewalls

Firewalls direct traffic like QoS; they’re just a bit more definitive. Rather than focus on priority, they give the “thumbs up” or “thumbs down” sign to traffic based on preset parameters.

Firewalls should not be used just for perimeters — they should wall off any critical data in the network, even a single server. Your HR and Finance department servers might be good places to implement firewalls.

Use the DMZ

In computer security, a DMZ or demilitarized zone is a subnetwork that exposes a company’s external-facing offerings to a larger, less trusted network (typically the internet).

Some obvious examples are websites and email systems. By isolating these systems, you’re reducing the number of the overall assets or services that need to be managed securely. This can substantially lighten your administrative load and enhance security.

Design for Hierarchy

The prototype for network hierarchy is the three-layer (or three-tier) model. It has been adopted industry wide as a model for being reliable, scalable and cost-efficient. The three-layer design includes:

  • Core
  • Distribution
  • Access

This allows for data to take a direct path to a particular layer, which improves efficiency and adds another layer of security.

Add Port Security

Port Security is a capability in most switches that gives a device permission to use that switch. When the switch flags a violation, it can automatically shut down by disabling that port to further network access.

Port Security allows for the limiting of both the number and type of devices that are allowed on the individual switch ports.

Evaluate Wireless

Wireless security has become a critical IT priority due to its growth and importance. Smart phones, tablets and mobile POS (point of sale) devices have overtaken previous fixed wire technologies, yet have brought a new level of vulnerability to organizations deploying them. You’ve got to protect against basic intrusions into the network to safeguard cardholder data, critical network data and every user’s privacy.

Depending on the size and scope of your wireless network, you may decide to pursue the following:

  • Strategy plan for overall wireless security
  • Risk/Compliance plan to help you manage risk vis a vis regulatory requirements
  • Threat management investigation including a thorough wireless security assessment
  • Incident management plan, detailing how you’ll respond to incidents
  • Architecture evaluation to assess your current plan and draft improvements
  • Training and awareness to address the human behavior (to help reduce risk)
  • Identity and access management plan so only trusted users (employees/partners/consumers) can efficiently access services on your network using approved wireless devices

Get Comprehensive Layered Security with SolarWinds MSP

After you’ve extracted as much value from the above plan, the next step in keeping your network secure is the use of multiple layers of protection to shield your assets from intrusion.

Problem

Solution

Sophisticated layered IT security is expensive.

MSP Risk Intelligence for showing risk exposure to mitigate cost.

User base visiting malware sites.

Our blacklists using its web protection feature.

New malicious software is created daily.

Managed antivirus for leading malware detection.

Software requires frequent security patches.

Patch management provides all updates.

Hackers attack by email often using spear-phishing.

Use MSP Mail Protection or MSP RMM’s mail protection to aggressively combat spam, malware, ransomware, and phishing.

If there is an intrusion after taking all precautions, there needs to be quick, reliable recovery.

MSP Backup & Disaster Recovery is optimized for data recovery after disasters.

MSP Risk Intelligence scans for three types of threats:

  • Sensitive data
  • Vulnerabilities
  • Unapproved access permissions

It also assesses an exact cost for the level of liability a client is assuming in their environment.

SolarWinds MSP's platform also provides the best IT security available today, with a mix of proactive, detective, and reactive security.

Sign up for a free trial of MSP RMM today, and get access to the many tools that make designing a secure network easier and more efficient.

About SolarWinds MSP

SolarWinds MSP delivers the only 100% SaaS, fully cloud-based IT service management (ITSM) platform, backed by collective intelligence and the highest levels of layered security. SolarWinds MSP's MAX products including Risk Intelligence, Remote Management, Backup & Disaster Recovery, Mail, and Service Desk – comprise the market’s most widely trusted integrated solution.

Deployed on millions of endpoints across hundreds of thousands of networks, the platform has the industry vision to define and deliver the future of the market. SolarWinds MSP provides the most comprehensive IT security available as well as LOGICcards, the first ever IT notification feature powered by prescriptive analytics and machine learning.

Our passion is helping IT professionals secure and manage their systems and data through actionable insights, rewriting the rules of IT.

For more information, contact us.

Multiple-Products-CTA-Section.png
Smart, secure and efficient IT services software built by people who know your work is your passion.
Explore our Products

Related Content

Risk Management Security
A truly secure network design is the goal of every MSP. Learn how to effectively manage your client networks with a layered security approach.
Benefits of Network Security
A truly secure network design is the goal of every MSP. Learn how to effectively manage your client networks with a layered security approach.
Network Security Scanning Software and Layered Protection
A truly secure network design is the goal of every MSP. Learn how to effectively manage your client networks with a layered security approach.
Network Infrastructure Security
A truly secure network design is the goal of every MSP. Learn how to effectively manage your client networks with a layered security approach.
What is a Network Security Engineer?
A truly secure network design is the goal of every MSP. Learn how to effectively manage your client networks with a layered security approach.
Internal Network Scan
A truly secure network design is the goal of every MSP. Learn how to effectively manage your client networks with a layered security approach.
Network Security
A truly secure network design is the goal of every MSP. Learn how to effectively manage your client networks with a layered security approach.
How to Improve Network Security
A truly secure network design is the goal of every MSP. Learn how to effectively manage your client networks with a layered security approach.
Wired vs Wireless Network Security
A truly secure network design is the goal of every MSP. Learn how to effectively manage your client networks with a layered security approach.
SolarWinds MSP

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.

Products

  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Threat Monitor
  • SolarWinds Passportal

Solutions

  • How We Help MSPs
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights

About

  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Upcoming Events
  • Privacy
  • Legal
  • Security
  • Subscription Preferences
  • SolarWinds

Support

  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • SolarWinds Take Control
  • SolarWinds MSP Manager
  • Solarwinds Risk Intelligence
  • Solarwinds Threat Monitor
  • SolarWinds Passportal
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Sitemap
  • Service Status