We often focus on wireless network security and neglect to consider that insider threats, targeted attacks from the outside and hackers using social engineering create vulnerable corporate networks. Specifically, susceptible employees may become victims of carefully plotted psychological manipulation into divulging confidential information. In this article, we consider some of the top measures to improve wired network security for either a small business or a large enterprise.
- Perform auditing and mapping
It is essential to do some auditing and mapping of your network. This includes having a clear map of your entire network infrastructure, from your vendor/model, location, and the basic configuration of firewalls, routers, switches, Ethernet cabling and ports to wireless access points. You need to determine exactly what servers, computers, printers, and any other devices are connected, where they are connected, and their connectivity path throughout the network. Take note of specific security vulnerabilities and consider ways in which to increase your security, performance and reliability. Vulnerabilities may include an incorrectly configured firewall or physical security threats. If your network is small enough, you may want to create a visual map on a paper. For larger networks, auditing and mapping programs are available to scan the network and produce a network map or diagram.
- Keep the network up-to-date
Once a network audit has been completed and a network map is in place, check for firmware or software updates on all network infrastructure components. Change default passwords and review the settings for any insecure configuration. Identify other security features or functionalities you may want to introduce.
Consider all the work-stations and devices on your network and determine if, for example, OS and driver updates and personal firewalls are active, and whether the antivirus is running and updated, and passwords are set. You may also want to introduce password change cycles to improve security.
- Physically secure the network
You need to protect your network against local threats since the physical security of the network is as crucial as your Internet facing firewall. For example, a hacker or even an employee in the vicinity may gain access to your network wirelessly by plugging a wireless router into an open Ethernet port. Hence do not make an open Ethernet port visible or disconnect it to prevent unwanted access.
Prevent outsiders from entering your premises and have a good building security plan in place. Lock all wiring closets and remove network infrastructure components from public and employee discernibility.
- Consider MAC address filtering
Due to the lack of a quick and easy authentication and/or encryption method of a wired network, people can just plug in and use it, making it one of the major security issues of a wired network. Controlling access by using a MAC filtering system is a viable option since it allows you to choose which devices can connect to your network. While it can also improve control, you should not be lulled into a false sense of security. It won’t completely stop a hacker, but can act as the first layer of security. It can help you prevent an employee, for instance, from causing a potentially serious security hole, like allowing a guest to plug into the private network. It is important to keep the approved MAC address list up-to-date.
To maximise your network security, ask yourself how many of these 12 security measures you have used to secure your wireless network.