Jump to content

Network Security

mirixx
By mirixx
in Networking
 Share
Posted

    Hey guys, in my office we're pondering creating a network security checklist. A list that could be used for existing and future employees that can dictate how we keep our network and computers safe. My question to you guys is what do you think should be on that list? anything from strong passwords to email encryption. Just curious what you guys might come up with thanks for the help :).

 

about our office:

 

    Our office is pretty standard we have a data server and a file share server. about 15 employees most with laptops that they take to and from work. we have VPN set up on our router so they can work offsite. emails are a big deal for us, keeping them safe is important. 

Link to comment
https://linustechtips.com/topic/379615-network-security/
Share on other sites
Link to post
Share on other sites
Posted
  • Keep passwords in your head and not on post it notes.
  • Dont tell anybody your passwords.
  • (probs not relevant to small company's) make your staff aware about social engineering and fake requests for information.
  • Have a work USB storage device and a personal one to stop any chance of malware infection into the company domain.

 

All I can think of atm but that should get you started.

Quack 🦆

Link to comment
https://linustechtips.com/topic/379615-network-security/#findComment-5129803
Share on other sites
Link to post
Share on other sites
Posted

A lot of these things you want to enforce.

 

1. Enforce password complexity requirements for computer Passwords.

2. Look at enforcing IPsec for all communication on the network (this is pretty straight forward on an AD network).

3. With emails, assuming you have an o365 subscription, look at enabling single sign on.

4. VPN access, restrict to only the employees who actually require it, and even then look IKEv2 with forced encryption.

5. deploy an enterprise Anti-Virus suite. I personally like Sophos, as it also lets me restrict CD/DVD/USB/floppy drives that are authorized to be used on our network - general rule of thumb is nothing ever, unless your a c-level exec, then give the request in writing so I can cover my ass in 5 months time when stuff hits the fan.

6. Setup App locker and block every executable running from the %appdata% directory. This is important as it will stop your accounts payable person getting emailed invoice5.exe which is actually cryptowall. I would also be blocking basically every attachment in every email, you can go through them on a test system to check if they are legitimate. Email is not a file transfer protocol, you can setup a FTP server for that.

7. Lock down your gateway, black list everything and only whitelist ports as needed. goes without saying the uPNP should be turned off.

8. make sure that no-one everyday computer login is a local or domain admin account, even the IT guys.

9. look at Segregating your network. VLANs are good.

 

This assumes your a windows shop, and even then it only barley scratches the surface.

Link to comment
https://linustechtips.com/topic/379615-network-security/#findComment-5134156
Share on other sites
Link to post
Share on other sites
Posted

not really a networking topic, more just a general security topic...

Networking is still the most appropriate section for posts like this.

15" MBP TB

AMD 5800X | Gigabyte Aorus Master | EVGA 2060 KO Ultra | Define 7 || Blade Server: Intel 3570k | GD65 | Corsair C70 | 13TB

Link to comment
https://linustechtips.com/topic/379615-network-security/#findComment-5135750
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×