Defensive Security: Network Hardening

Posted by bigbraindata on

Securing Networks is a dynamic and continuous challenge to any size business. This guide will give you the most up to date recommendations by BigBrainData.

Default Settings

Default settings are inherently insecure and yet many companies continue to keep them, especially those that keep all network configuration in house. An example of a vulnerability in default settings is as basic as the router access password which will be the ‘default’ for the model – and thus accessible by anyone with access to google.

Default settings tend to mean default firmware too – as such a company on default settings could be running vulnerable firmware on all network connected devices and like default passwords – the details of these vulnerabilities are accessible to anyone with an internet connection and a search engine.

BigBrainData Recommends

  • Login to your Network as an Administrator and make a list of the connected devices to your network. Now verify these devices by their device name/mac/ip address and ensure there are no unknown & unverified devices connected to the network.
  • Change your default Router password. Keep to standard password practice and ensure an encryption level of WPA2-AES. Remember to change Network passwords periodically.
  • Change your default administrator password. Again, standard password practice as well as regular periodic changes.
  • Check for any Security updates or Software patches for your network devices and apply them along with client side hardware & software.

Physical security 

It is important to consider the threat of physical access to your network devices as experienced attackers can intrude your network given physical access to your devices.

BigBrainData Recommends

  • Keep server rooms locked down with physical locks or authentication-required entry methods.
  • Keep all routers away from public access to avoid the threat of a default-reset.
  • Prevent terminal access and manage USB access.

Logical security

Logical security goes beyond the general administrative practices of default settings and covers areas of your network such as access points, open ports and firewalls.

There are access points that if left open can pose a threat to the network, similarly access points need to be secured & a firewall acts as a wall between your network and the outside world – thus one of the most important security elements you can implement.

BigBrainData Recommends

  • Implementing a good firewall or getting your tech team to should be the first step as this will be your way of managing port access. Common practice is to block all inbound ports, and either white list those outbound ports as necessary or ‘punch through’ the network with a dedicated VPN. Having all ports closed but the absolutely necessary will ensure that you do not become vulnerable as the landscape changes.
  • Giving clients access to WiFi should only be done so on a ‘Guest Network’ set-up, too many business still allow the customers and clients direct access to the internal network which is greatly increases the potential attack vector routes for a nefarious attacker.
  • Ensure your Guest WiFi uses a gateway which will force visitors to at least go through some form of authentication and likewise allowing you to set up firewalls, content filters and the extra bonus of additional legal coverage thanks to obligatory TOS.
  • Guest Wifi must follow all the same security practices as the internal network along with the additional implementations you choose. Another consideration is perimeter security and ensuring that your Wifi Signal is only reachable within a specific area to avoid drive-by attacks.

Following these recommendations if not previously implemented will go a considerable way to fortifying your network and protecting your most vulnerable assets however the landscape of security and attacks on business enterprises is an ever changing one and so vigilance and a keen eye on the most up to date industry standards is the best way to stay ahead of the game. Too many businesses are left on the back foot when commonly used software or hardware becomes widely vulnerable, and being able to respond in a timely coherent way ensures minimum downtime and maximum security for you and your clients.