5 Steps to a more secure branch office


Think about it: Wouldn’t you say your branch office would have at least a few connections coming into it? You may have a local Internet connection, a connection to corporate headquarters and some phone lines. Typically, branch offices share buildings, office space and possibly even data closets with other tenants. All of these contact points become potential attack surfaces, making a branch office vulnerable.

Of course, having a security at the branch office entrance may deter thieves but is less effective in deflecting smart IT hackers. Why risk it? Follow this simple 5-step recipe for hardening branch office.


1. Protect the perimeter.

Branch offices connect to corporate headquarters through a telecommunications service provider or an Internet service provider. Whenever something is exposed to the outside world, it is vulnerable to attack. The first line of defense is the network perimeter.


A broad range of security solutions is available to protect the perimeter—where dedicated firewalls, routers, Branch1 medium.jpgintrusion prevention systems and VPN gates are commonly employed. Typically routers like Multi-Services Routers (MSR) provide this functionality with built-in firewall and access control lists (ACL). The routers support multiple schemes of authentication, authorization and accounting (AAA). Finally, a site-to-site VPN tunnel encrypts packets with a highly secure encryption key, securing access between branch office and corporate headquarters over a service provider network.


2. Defend against internal attacks.

A shared building and shared data closets make this a challenge for most branch offices: How do you recognize that the network has been compromised and an unauthorized person has gained access? Such activity inside the network should be contained. Businesses are as much exposed to internal threats as external. According to Ernst & Young's 12th Annual Global Information Security Survey published in 2009, 25 percent of respondents witnessed an increase in internal attacks and 13 percent reported an increase in internally perpetrated fraud.


Protect key assets within your branch with threat management systems like HP Threat Management Services (TMS) zl Module, which can be configured to block threats on each individual wired switch port, or by using HP TippingPoint Intrusion Prevention Systems. These devices can detection network anomaly to take specific action from limiting the rate of traffic flow to drastic measures such as shutting down the port automatically.


3.     Secure wireless networks.

Wireless networking is ubiquitous in branch offices. We all have read about the wireless security breach at TJ Maxx in 2007 that lead to over 45.7 million credit and debit card information being stolen. Businesses expect their wireless networks to be as secure as their wired networks. Organizations in highly regulated industries, such as healthcare (HIPPA) and retail industries (PCI), must ensure the wireless network security. Public companies bound by the Sarbanes Oxley Act must ensure the integrity of their IT systems, including wireless.


A wireless intrusion detection and prevention system can help protect against wireless threats, ensuring Branch5 websmall.pngorganizations comply with these privacy regulations and more.  HP RF Manager v6.0 Wireless IDS/IPS System prevents unauthorized access, provides 24x7 monitoring and prevents unauthorized access points and clients from compromising the corporate network.


4.     Automate security administration.

Multiple security systems and security databases often lead to inconsistent policy administration.  Manual administration and multiple updates can lead to compromising the integrity of security policies. Automate the policies to harden the security of your branch. HP Branch Office Solution enables organizations to define network policies for each employee. The policy follows users wherever they are. IT doesn’t have to intervene and update the network whenever the user moves between departments or branch offices. The HP Identity Driven Manager (IDM) and HP Network Immunity Manager (NIM) provide this function in concert with innovation built into the switches within the branch office solution.


5.     Do not forget communication applications.

As we are seeing the migration of traditional telephony to VoIP and UC&C applications for efficiency and improved cost management, these IP-based applications should be secured as well. HP provides security solutions from its Alliance ONE partners like Avaya. HP Services zl Module for Avaya Aura™ Session Border Controller powered by Acme Packet enables organizations to secure, control and manage branch IP telephony based on Session Initiation Protocol (SIP).


The path to a more secure branch office starts here


You need to look at different points of vulnerability in the branch to make it secure. Following this simple 5-step recipe will set you well on your way. Are there other vulnerability points within your branch? We would like to hear about it.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.