As explained in the previous section, auditing is an integral part of securing the network. It helps in checking out the possible problems in your current network. Once identified, network engineers can alter the network design or use special software/hardware to eliminate the problems. Auditing can be done in several ways. The best method is logging, which is where the admins can study the behavior of each component in the network and log it in different files. The files should never be stored on the main server or on any computer connected to the network. The best method is to store these logs on a standalone computer so that no one can access it except the network admins. Plenty of software exists to make auditing easier. Check out this review of GFI LANGuard and see if it meets your audit needs.
Network printers often contain Telnet, FTP, and WEB as part of their firmware. These can easily be exploited. Most admins neglect this factor as they do not think that the printers can be exploited. But hackers can damage the entire network if they gain access to the firmware. It is always better to block the printer ports using a boundary firewall thereby reducing the chances of exploitation. If these services are not required, the best way is to turn them off.
Network Perimeters and Firewalls are an important part of any network and hence, admins should stress more security on these factors. These serve as the primary line of defense so they should be more tightened to reduce infiltration possibilities. Some of the basic tips while dealing with these defense lines are:
- Close down any unnecessary TCP/UDP servers on the router/firewalls;
- For active servers employing TCP/UDP, you need to ensure that the access is very limited – only to the highest level of network administration;
- Check out the services on the active servers. Shut down any service that is not required. These include source routing, remote configuration, etc;
- Keep a watch on all the interfaces of the router/firewalls. Shut down any un-used interface. Provide ample protection to the active interfaces to prevent exploitation – both from within and outside the organization;
- Most importantly, make sure that the password on each of the pioneer defense lines (routers/firewall) are set to expire at regular intervals.
While these can be considered best network security practices, please read our article on Limitations of Firewalls to understand that you also need to keep a manual watch on these interfaces.
Please turn to next page for more general but important tips for maximum network security.