PS LIGHTWAVE’s private network uses industry best practices and standards to ensure the safety of your data and mission-critical applications. It starts with the security awareness of our own staff, the training we use, our configuration management, the maintenance procedures, outage handling and secure and limited access to our infrastructure. We are a facilities-based network, which means we manage the network from A to Z. Our goal is to provide our customers with quality service, and security plays a large part in achieving this goal.
Our network staff undergoes background checks and certification training. Depending on a team member’s role, access to infrastructure on the network is limited. This allows the right access for troubleshooting or configuring a device and reduces the potential for human error.
The network is monitored 24x7x365, and we incorporate ring designs within our network that help avoid service outages if there is physical damage to a fiber optical cable.
“We know most of our customers,” Wulf said. “Those we don’t know we verify with those we do know on the account.” Each customer circuit (network solution) operates on its own separate Virtual Local Area Network (VLAN), which means other customers cannot see or interfere with another customer’s data. “Because we are a facilities-based network, we construct the fiber optic path; we put the end devices in place including switches, and configure the solution from ‘A to Z,’” Wulf said. “It’s all in-house; there is no need for remote or third-party access.”
The Network Edge: Firewalls Offer Protection
Once users leave the PS LIGHTWAVE network and enter the public Internet, there is increased risk. Firewalls are key, Wulf said. “A firewall is a policy enforcement tool and standard today. However, it is just one small part of your security procedure. It alone won’t secure a network,” he said. “Keep up with software patches for all of your applications, institute regular offsite backups, and make security and training of your staff a top priority. Security starts from within.”
“One of our customers had an employee unknowingly carrying a Trojan virus on a company laptop computer. When the employee, who had access to shared network information, connected to the office network, the Trojan was downloaded and all of the company’s files were destroyed. Network security failed in this instance,” Wulf said.
Wulf suggests several ways companies can reduce the risk of exposure to viruses and hacks:
- Employees need adequate firewall protection on company computers.
- Microsoft Windows and software applications need to be updated to the latest version.
- Employees need to be aware that intruders may use false email addresses or mask the email address to make it appear that the email is coming from a company representative.
- Employees should refrain from clicking on links or attachments that appear unusual.
- Consider deploying an Intrusion Detection System.
- Include virus protection on the remote access portal to your shared drive.
- Make passwords difficult for hackers to figure out, and don’t reuse passwords.
- Monitor and audit your network on a regular basis. Test backup procedures.
Recently PS LIGHTWAVE added new monitoring tools to better detect Distributed Denial of Service attacks (DDoS). The security tool analyzes netflow data from our core routers in real-time and detects and issues an alarm based on abnormal activity to alert NOC staff to take a closer look.
Other independent tools monitor trunk links and produce an alarm when a given threshold is breached. “We don’t profile our customers, but we know our customers and can see how much traffic they generate across the network at any given time. We can spot irregularities and investigate if there is an underlining problem.”
If there is a large-scale DDoS attack, the traffic can be instantly dropped with the help of remotely triggered black lists. This gives our team time to analyze the attack and either create a fine-tuned Access Control List (ACL), or we can reach out to a cloud-based mitigation team that can be called in to provide assistance. “They will filter and analyze the attack and send only clean traffic to the customer,” Wulf said.
If you would like to know more about the security of our network, please contact us at firstname.lastname@example.org.