Header Ads

7 best practices to secure network devices.

No one can deny the almost universality of networking devices. There isn’t a home, office, or building without a hub, switch, router or wireless access point. As a result, special emphases must be placed on network device usage in order to help create a secure network environment. Here are some essential steps for network device security.

   1)      Keep Devices in secure location: Make sure that servers and networking devices such as routers and switches are kept in a secure location such as a server room. This room should have access control restrictions (preferably by biometric devices).

   2)      Get rid of legacy equipment such as hubs: Hubs forward network traffic to all ports and this presents a security risk as someone connected on one of the ports can easily view all the traffic sent across the network. Hence, switches are preferable to hubs as they filter traffic based on MAC address and send to only the intended node.

   3)      Configure Passwords: Make sure you configure passwords on all your devices. Most networking devices such as routers and switches allow you to configure passwords on the device, which lets you control who can have access to administer the device. Cisco routers and switches have a number of different passwords such as a console port password, auxiliary port password, and Telnet passwords. Be sure to configure each of these passwords by using a complex password.
   4)      Secure Ports: Ports on switches that are not being used should be disabled. In environments that require heightened security, ports should be configured to allows only specific MAC addresses. This practice which is known as Port Security is a preventive measure against Mac Flooding (a situation in which a malicious user confuses a switch into flooding all frames to all ports by sending frames to a switch which contain different source MAC addresses).

   5)      Use VLANs: Virtual LANs are logical network that reside within physical networks. They are an excellent way of creating communication boundaries on a network as systems in one VLAN cannot communicate with systems in another VLAN. This can be used to segregate and apply security controls to certain systems without having to buy additional networking devices.

   6)      Practice Proper Cable management: In highly secure environments consider using fiber optic cables as they are not susceptible to interference from other electrical devices, or leakage since it uses pulses of light and does not easily lend itself to tapping. Also, when working with large networks that contain both protected and unprotected systems, use different colored cables to differentiate them. That protected network that is not connected to the internet can use red cables, while the unprotected network that is connected to the internet can use blue cables.

   7)      Use Secure Protocols: Always use the secure version of a protocol instead of the unsecured equivalent. For example, use HTTPS instead of HTTP, SSH instead of Telnet, SFTP instead of FTP. Also use the most secure version of a protocol, for example all versions of SSL are now considered inadequate for protecting communications. TLS 1.2 or newer is now recommended instead of SSL.

No comments

Powered by Blogger.