Cybersecurity is most effective when there is a synergy between policies, procedures and technology working in sync to provide the maximum available protection. There is generally a lot of focus on endpoint protection as there should be, it is the most common point of infiltration and compromise.
Implementing network security is an essential component in your security architecture and a way of creating layers of security that give some confidence that you have multiple ways of stopping attacks.
2. Notification banner – you should create login notification banners so that all connections to the device are aware that they need to be authorised to access the device
3. Use authentication servers – making use of authentication servers enables proper control and auditing of who is logging in and what they are doing. Authentication servers also have the capability to be quite granular enabling you to be prescriptive about what people can or can’t do when they log in to your network. This is especially useful for tracking any of your contractors
4. Admin access – administrator access should be restricted and monitored, a limited number of users should have administrator access to a system. The administrator access should also be audited via an authentication server. Administrator privileges should immediately be removed for a user who no longer requires them
5. Disable unused services – network devices by default will have a range of services switched on and accessible, most of this is legacy and many of these services are not generally required. Unnecessary services should be disabled as a matter of policy because they can be exploited to compromise your security
6. Access control – access to your network should be controlled, shadow IT is a growing threat to IT security, one way to combat this is to disable unused network ports and limit connections to known devices. In addition, the use of access control lists on routers/firewalls is a must to ensure that you are only allowing traffic that is legitimate. This feature alone could contain the spread of virus/malware across devices
7. Maintain accurate time – ensuring all systems are synced at the same time is good practice for a number of reasons. Incorrect time and date could stop systems from working due to certificate invalidity, in addition, event correlation depends on accurate time so in the event of a breach investigation, precise correlation of events will be impossible
8. Maintain good logging – logging of events provides vital operational information as well as retrospective investigation. Logging is often a blind spot for many organisations – there is no longer an excuse as there are inexpensive solutions available for both on-premises or cloud-based logging services
A common theme about security implementation is that many features available on deployed systems are not enabled for a multitude of reasons, time being the primary one. Many of the features highlighted above are included for free in most business-grade solutions and therefore implementing a good level of network security is actually not too high a mountain to climb.