How well do you know your network? Part 3

Understanding Wide Area Networks (WAN):

Connecting Geographically Separated Locations

​Wide area networks or “WAN” is how individual devices and networks communicate with each other across geographically separate locations. WAN requests and receives data from hosted servers or applications such as Google or Spotify. WAN connections are typically internet connections, though they can also be logical links between business sites or data centres.  Essentially any connection that transports data between physically separate points. 

WAN connections come in two distinct flavours; private and public.

  • Private connections
    Favoured by businesses, they offer higher SLA’s and speeds, dedicated infrastructure and are viewed as inherently more secure.
  • Public connections
    Favoured by residential users. Typically cheaper, they are subject to change (in terms of speed and availability) and utilise shared public infrastructure.
    None of these characteristics are particularly good for business use. 

So how do you go about ensuring your connection to the outside world is secure?  

  • Edge security appliances (commonly known as firewalls) are the first line of defence. Through them, you can set security policies for what sort of external sites and IP addresses you don’t wish your users to visit. Additionally, they can be licensed for deep packet inspection features such as the following: Application Awareness, Intrusion Prevention and Anti-Malware (typically referred to as Next Generation Firewall or NGFW features) 
  • Utilise secure VPN when accessing business-critical information stored off-site. A VPN encrypts your data and obfuscates your source IP, making it infinitely harder to steal and use any data you may transmit externally.  It also masks where this data came from, significantly reducing the chance of any would-be external threat knowing where to send their malicious content.
  • WAN architecture also plays an important role in security. There are many ways and concepts for this such as SD-WAN, MPLS and VPLS however the latest emerging technology in this area is SASE – Secure Access Service Edge. This is essentially the convergence of numerous WAN and network security services into a single cloud-based “as a service” model. This gives you access to all the latest security services and advancements, without having to re-architect and re-invest in your network every 12 months. 

All of these factors discussed across these past 3 articles contribute towards your ideal security posture as a business. The Cyber security war will never end, but every small victory in battle is another step gained in keeping your business and your users safe. 

Rob Smith, Pre-Sales Director, iwGROUP