Network security – Simple ways to lock down your network
Lock It Up!
Network devices provide PCs, Smartphones, printers and other devices a connection to information on servers and a connection to the internet. Any access point that you add to the network is now a touch point that must be managed. These devices are not “set it and forget it” technologies and need to be updated, swapped and managed. Here are some ways to ensure your network is not being accessed maliciously:
- Default passwords – any time you put in equipment, whether it is a router, WiFi, copier or switch, the default passwords need to be changed. All of these units are preconfigured with a default admin username and password that is available on the internet. If you don’t change these credentials, anyone can log into these devices and give access or steal files from hard drives.
- Vulnerability Appliance – It’s important to be notified when a device is connecting to your network. There are many software companies that can put an appliance on your network for a monthly fee and scan for any new devices or vulnerabilities. If a new device gains access, an email is sent to an admin as a “heads up.”
- Firmware Updates – these are Windows Updates for equipment released by the manufacturer to increase performance and to patch security holes. A check should happen at least once a year.
- Ensure Wireless networks are using WPA2 Security Protocol with AES encryption.
- Firewall Lockdown – the firewall is the router that sits between your network and the internet (connected to your ISP). Here are some critical lockdowns that must be done:
- Change default username/password.
- Turn on brute force attack handling to limit the number of connection attempts at a time.
- Close Ports! Think of your firewall as a brick wall. A port is a brick that makes up the wall. Applications run on specific posts, and in order for them to communicate with the internet, ports need to be open. If you must open a port (for email or other communication), ensure you only allow traffic from a specific IP address. For example, if you have a second office that needs access to a program at the main office, setup the port to only allow traffic from the second office’s IP address.
- Update firmware and do yearly penetration testing.
Related Insights
What is vulnerability scanning?
March 29, 2023
Just because you’re not using an application doesn’t mean it’s not vulnerable. Vulnerability scanning is a platform that will look for weaknesses on the systems and hardware that live on your network…. Read more
Is your classic Antivirus Software Protection enough for today’s threats?
March 8, 2023
Endpoint Detection and Response is a next-generation tool similar to Antivirus (AVP) but uses AI features to detect threats on your system and recover from them. This software may also include a… Read more
Why you should off-board former users immediately
November 30, 2022
Why should you off-board users as soon as they are no longer with your organization? This is a very important process that helps keep your company assets secure from unauthorized access. It… Read more