Cyber Security Services / Pillar 3 of 4

Network & Access Controls

Network & access control services.

Firewalls, secure VPN access and network segmentation that stop attackers reaching your systems from the internet, and stop insider threats moving once they're in.

Microsoft Partner Cyber Essentials Certified ICO Registered ISO 27001 Aligned

Get in touch

Fill out the form and one of our security specialists will be in touch. No hard sales, just honest advice.

The Basics

Three things this pillar controls.

Network & Access Controls covers three core areas, protecting against threats from outside the business and from within it.

Perimeter security

Controlling what can reach your network from the public internet, and blocking the crudest attacks at the door.

Wireless security

Making sure wireless networks are encrypted and can't be exploited by anyone in range of the building.

Segmentation

Keeping guests, visitors and untrusted devices separated from the resources that actually matter.

8x

increase in attacks exploiting network edge devices like firewalls and VPNs in a single year

22%

of vulnerability-exploitation breaches now involve firewall or VPN flaws, up from 3%

0

days: the median time attackers take to exploit a newly disclosed edge device vulnerability

Our Approach

A five-level maturity model.

Rather than a one-size-fits-all checklist, we benchmark your network security against five maturity levels, so you know exactly where you stand today. Talk to us to find out how we'd help you close the gap to the next one.

1Level 1: The basics, done everywhere

Puts basic perimeter controls in place so access from the internet is limited to the bare minimum, and wireless networks are encrypted against anyone nearby.

Benchmarks

  • Wireless network encrypted with WPA2 as a minimum, WPA3 preferred
  • Only the minimum ports forwarded to internal devices, with risky protocols like RDP source-restricted
  • Router or firewall admin interface not accessible over the internet
  • Guests and untrusted devices segregated from privileged resources
2Level 2: Controlled and consistent

Removes the next tranche of attack vectors that internet-based attacks rely on, closing off exploitable vulnerabilities and weak credentials on remote access services.

Benchmarks

  • External-facing device is a proper firewall with an active security contract for updates
  • Firewall patched and firmware updated on a regular interval
  • Any remote access VPN uses multi-factor or certificate-based authentication
  • Firewall inspects inbound traffic for known exploits and threats
3Level 3: Stopping command and control

Makes sure that if an attacker does gain a foothold, it can't be remotely controlled, spread further, or used to exfiltrate data, even over encrypted connections.

Benchmarks

  • All web traffic inspected, including encrypted traffic
  • Intrusion prevention applied to all web traffic, including encrypted connections
  • Firewall configured as default-deny outbound, with only a minimal set of rules allowed
  • All significant firewall traffic logged
4Level 4: Active, not passive

Moves from passive management to actively verifying controls are working, detecting attacks in real time, and closing off wireless as an insider threat.

Benchmarks

  • Firewall logs ingested, analysed and responded to
  • Penetration testing performed against externally exposed assets
  • Wireless uses per-device or per-user authentication rather than a shared key that can't be revoked
5Level 5: Tailored to you

By this stage, your approach should be tailored specifically to the risks your organisation actually faces, not a generic template. We'll work through what that looks like with you directly.

What's Included

Network security, managed end to end.

We meet you wherever you currently sit on the maturity model and build you up from there, with the right mix of the following.

  • Firewall management
  • Secure remote access (VPN)
  • Network segmentation
  • Wireless security
  • Encrypted traffic inspection
  • Log monitoring & SIEM
  • External penetration testing
  • Guest network isolation
Talk to a specialist
IT specialist managing network and firewall security
Why Holker IT

Network security done properly.

01

Benchmarked, not guessed

You'll know exactly which of the five maturity levels you're at today, and precisely what closes the gap to the next one.

02

24/7 network monitoring

Firewall logs and unusual traffic are watched around the clock, not just during office hours.

03

Standalone or bundled

Available on its own or as part of our wider four-pillar cyber security service, whatever fits your business.

FAQ

Network & access controls: common questions.

What is a firewall and do I still need one?

A firewall controls what traffic is allowed in and out of your network from the internet. Yes, you still need one, and it needs to be actively patched and updated, since outdated firewalls are increasingly being targeted directly by attackers.

What is network segmentation?

Network segmentation splits a network into separate zones, for example separating guest wifi from the systems your business actually relies on, so that a compromise in one area can't easily spread into another.

Is VPN access still safe to use?

VPNs remain a common target for attackers, which is why remote access should always be protected with multi-factor or certificate-based authentication rather than a username and password alone.

What is SSL or encrypted traffic inspection?

Encrypted traffic inspection allows security tools to check web traffic for threats even when it's encrypted, since attackers increasingly hide malicious activity inside otherwise normal-looking encrypted connections.

What is a SIEM?

A SIEM (security information and event management) system collects logs from firewalls and other devices in one place, so unusual activity can be identified and investigated rather than sitting unnoticed in a log file.

What is penetration testing?

Penetration testing is a controlled, authorised attempt to find and exploit weaknesses in your externally facing systems, showing you exactly what a real attacker could get access to before they do.

Not sure where you stand?

Speak to our team about your current network setup. No jargon, no pressure. Just honest advice against our five-level maturity model.

Scroll to Top