Network Security

To maximize network security and minimize the threat of bad actors TPC implements the following practices at all spaces:

  • We Regularly Review Firewall Rules: We periodically review and refine firewall rules to ensure they align with current security policies and minimize open ports.

  • We Segment High-Risk Devices: We place IoT devices or other high-risk devices on separate VLANs to isolate them from critical systems.

  • We Segment WiFi networks into Guest Access (paid day users) and Members Access (recurring members)

  • We ensure client isolation is enabled by default on all networks

  • We offer Private Office VLANs: Private Office Members are encouraged to segment their network into a dedicated VLAN

  • We ensure all wired Ethernet ports are left in the default off/inactive state unless a work order is submitted with justification

  • We ensure all network hardware is updated and patched monthly

  • We regularly update passwords

  • We perform regular network security audits

  • We educate members on the importance of maintaining secure network practices, for example, banning the sharing of passwords and recommending the use of VPNs

Firewalls

In addition to ISP managed gateway devices, TPC employs business-grade router/firewalls and managed switches at all locations.

How Our Firewalls Protect Users

TPC employs an integrated solution that enhances network security through several features, each aimed at minimizing cyber threats, unauthorized access, and other potential security risks.

1. Stateful Firewall Protection

Our network infrastructure includes a stateful firewall, which monitors active connections and inspects both incoming and outgoing data packets. Here’s how it works:

  • Connection Tracking: The firewall records the state of active connections, such as TCP handshakes and data packets. It knows if an incoming packet corresponds to an established connection or if it’s unsolicited, blocking it accordingly.

  • Traffic Filtering: By filtering based on IP addresses, protocols, and ports, the firewall can block unauthorized attempts to access network resources.

  • Dynamic Rules: Rules are then dynamically adjusted, allowing temporary permissions for specific applications or connections, which are then removed once no longer needed.

2. Deep Packet Inspection (DPI)

Our firewall features DPI, which analyzes the data contained in packets beyond just the headers, enabling advanced filtering and threat identification. This process provides:

  • Application Awareness: DPI identifies and categorizes applications and services in use, allowing administrators to create rules around specific apps.

  • Threat Detection: Suspicious activity, such as potential malware, spyware, or unusual traffic patterns, can be flagged, logged, and blocked automatically.

3. Intrusion Prevention System (IPS) and Intrusion Detection System (IDS)

Our firewall allows configuration of IPS and IDS capabilities which can help identify and prevent attacks. Here’s how:

  • Signature-Based Detection: IPS/IDS compares network traffic against a database of known attack patterns or "signatures" to block harmful traffic before it reaches the internal network.

  • Behavioral Analysis: It also uses heuristic methods to identify unusual network behavior, which may indicate an emerging threat or previously unknown attack type.

  • Automated Responses: Upon detecting malicious activity, IPS can automatically block the offending IP, stopping the attack in its tracks.

4. GeoIP Filtering

With GeoIP filtering, our Pro firewall can restrict or block network traffic based on the geographic location of IP addresses. This feature helps:

  • Prevent Foreign Attacks: By blocking traffic from regions with high attack rates, such as specific countries, you can reduce the risk of international cyberattacks.

  • Limit Network Access: For organizations with no business in certain regions, GeoIP filtering provides an easy way to restrict access to only necessary areas, reducing attack surfaces.

5. Network Segmentation and VLANs

As mentioned above, we are able to create multiple VLANs (Virtual Local Area Networks), which help to segregate traffic and restrict access between different parts of the network. Benefits include:

  • Isolating Critical Systems: Sensitive resources (e.g., servers or IoT devices) can be placed on separate VLANs to protect them from unauthorized access.

  • Guest Networks: VLANs allow for dedicated guest networks that isolate guest traffic from the main network, reducing security risks.

  • Granular Policy Control: You can apply specific firewall rules to each VLAN, limiting interactions between VLANs based on organizational needs.

6. Threat Management Dashboard

Our firewall provides a Threat Management dashboard, which offers real-time insights and analytics on security events. Key features include:

  • Visualization of Threats: A graphical view of detected threats, blocked IPs, and other critical security data.

  • Actionable Alerts: Notifications and alerts are triggered based on the severity of detected threats, enabling quick response.

  • Detailed Logs: Event logs show historical data on blocked and allowed traffic, helping to understand and manage network security over time.

7. Device Authentication and Remote Access

Our firewall solution includes multiple options to secure device access and remote management:

  • Secure Remote Access: Ubiquiti’s UniFi Protect provides secure remote access, allowing administrators to monitor and manage the network while keeping data encrypted.

  • Multi-Factor Authentication (MFA): MFA support ensures that only authorized personnel can access sensitive network settings, even if passwords are compromised.

  • Role-Based Access Control (RBAC): Granular permissions for administrators let you control who can access or change network settings.

8. Threat Intelligence and Regular Updates

Our network infrastructure frequently receives firmware and security updates from the manufacturer, improving protection against emerging threats. These updates are critical for:

  • Patching Vulnerabilities: New firmware versions are release regularly that fix known security issues and improve the firewall’s defensive capabilities.

  • Threat Intelligence: The firewall’s threat detection mechanisms are updated with the latest intelligence, which helps to detect and block new attack vectors.