Network security – Simple ways to lock down your network
Lock It Up!
Network devices provide PCs, Smartphones, printers and other devices a connection to information on servers and a connection to the internet. Any access point that you add to the network is now a touch point that must be managed. These devices are not “set it and forget it” technologies and need to be updated, swapped and managed. Here are some ways to ensure your network is not being accessed maliciously:
- Default passwords – any time you put in equipment, whether it is a router, WiFi, copier or switch, the default passwords need to be changed. All of these units are preconfigured with a default admin username and password that is available on the internet. If you don’t change these credentials, anyone can log into these devices and give access or steal files from hard drives.
- Vulnerability Appliance – It’s important to be notified when a device is connecting to your network. There are many software companies that can put an appliance on your network for a monthly fee and scan for any new devices or vulnerabilities. If a new device gains access, an email is sent to an admin as a “heads up.”
- Firmware Updates – these are Windows Updates for equipment released by the manufacturer to increase performance and to patch security holes. A check should happen at least once a year.
- Ensure Wireless networks are using WPA2 Security Protocol with AES encryption.
- Firewall Lockdown – the firewall is the router that sits between your network and the internet (connected to your ISP). Here are some critical lockdowns that must be done:
- Change default username/password.
- Turn on brute force attack handling to limit the number of connection attempts at a time.
- Close Ports! Think of your firewall as a brick wall. A port is a brick that makes up the wall. Applications run on specific posts, and in order for them to communicate with the internet, ports need to be open. If you must open a port (for email or other communication), ensure you only allow traffic from a specific IP address. For example, if you have a second office that needs access to a program at the main office, setup the port to only allow traffic from the second office’s IP address.
- Update firmware and do yearly penetration testing.
July 17, 2018
Cybersecurity is for every company. Cybersecurity isn’t reserved for major corporations that collect huge sets of credit data and personal information. Every company that relies on the internet must be aware of… Read more