- Perform auditing and mapping. Understand the entire network infrastructure: vendor/model, location, configuration of firewalls, routers, switches, Ethernet cabling and ports and wireless access points.
- Keep the network up-to-date. Start with your network and check for any updates, password changes and settings. Then tackle any computers and devices for passwords, firewall and antivirus programs and driver updates.
- Physically secure the network. Evaluate the physical security of your operation and building. Are components secured from both public and unauthorized employees? Verify Ethernet cabling is run out of site and not accessible and disconnect unused ports.
- Consider MAC address filtering. As Mr. Geier points MAC addressing can be bypassed by determined hackers, but it is still a first layer of security and can provide some control over which devices are on the network.
- Implement VLANs to segregate traffic. To do this your routers and switches must support it. Mr. Geier writes to look for the IEEE 802.1Q support in the product specs.
- 802.1X for authentication. Not protecting the wired side can allow a hacker or outsider to simply plug in and get started. 802.1X stops sending via the network or accessing resources until they have entered a login.
- Network encryption and the use of VPNs. Although you could technically encrypt the whole network there are certain factors to be weighed such as issues with latency and overhead. Think about analyzing your entire network and determine which traffic is sensitive and which is not, then come up with a tailored plan instead of one-size-fits-all to protect.
Share your thoughts about network security.