Secure Networks
ITTechForum :: ITTech :: Networking
Page 1 of 1
Secure Networks
by Admin Fri Nov 04, 2016 8:07 pm
Some ideas for you. All of these layers prevent plagues, especially LUA:
_______________________________________________________________________
FREE AND A FEW MINUTES TO ENCORPORATE:
Most amdinistrators don't advocate what I am about to tell you. Windows firewall is a good software firewall if configured to work properly with the domain. That's the key to success with WF is configuring it. WF adds another layer to IT sec, it's free and centrally managed through group policy.
A more prolific firewall will be ISA firewall. This is as good as it gets for securing an internal network. However, you have to manually configure it to make sure it doesn't block the ideal ports.
In either case, both of them are centrally managed through group policies, they block uneeded ports, and add a huge layer to IT sec. I definately recommend a software firewall that you can manage centrally.
_________________________________________________________________________
I ASSUME YOU ALREADY HAVE THIS:
I already assume you are behind a NAT/hardware firewall. That's another layer.
_________________________________________________________________________
FREE AND TAKES A FEW MINUTES TO DO:
Strong encrypted passwords enforced by group policy will prevent direct hacks or guessed authentication. That's another layer.
Take, for example, this worm: http://vil.nai.com/vil/content/v_100611.htm
It spreads and infects on the basis of a week or well known password. That seems to be a trend today. Conficker worms do the same thing.
______________________________________________________________________
FREE but TIME CONSUMING:
Least User Authentication is something I am most keen on. The lease amount of permissions your users have, the more protected you are. It is said that LUA can prevent over 98% of malware infections!!!
http://www.experts-exchange.com/Web_Development/Internet_Marketing/E-Commerce/E-Commerce_Security/Q_24438319.html
______________________________________________________________________
$$ AND TIME:
Web proxies:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24438346.html
____________________________________________________________________
$$$$ AND TIME:
Auditing for security vulnerabilities:
http://harris.com/view_pressrelease.asp?act=lookup&pr_id=239
_________________________________________________________
FREE and may take a day to set up:
Updates and security patches. Don't forget to update and patch your systems with the latest updates.
http://technet.microsoft.com/en-us/wsus/default.aspx
__________________________________________________________
Free with managed switches and VLANS:
Consider VLANS that separate your servers and confidential files from the domain users as well as adds an extra layer between you and the outside world. This is complicated to set up, but will enhance security. This will require managed switches to do.
_______________________________________________________________
This is free, and relatively easy to set up:
Your best line of defense is a Knowledge!! Teach your network admins what to look for, and what not to do.
Set up your own web site that can teach people how to prevent from walking into what I call e-traps.
When I was a victim of ID fraud, I learned how to prevent this from happening again. Most people are under the false impression that a good AV program and software firewall protect them. THEY ARE DILUSIONAL. THAT'S BARELY THE START. Your users and admins should know what to do on the internet and with email. So, set up a mandatory IT security class, or provide a web page that they can be tested on. Here is one of these web pages they should look at. It would take, what... 15 minutes to type up a 15 problem test on this site? This site offers what different types of malware are out there, as well as the does and don'ts. See how this comes in handy?!?!
http://www.lookstoogoodtobetrue.com/
___________________________________________________________________________
TO SUM THIS UP FROM BEST TO WORST:
educated users and administrators
Least user authentication
Strong password enforcement
Hardware firewall
Windows UPdates and security patches
ANTI SPYWARE software
Anti Spam Software
Software firewall
Anti virus software
Web proxy.
WHY IS ANTIVIRUS SOFTWARE ALMOST DEAD LAST, YOU ASK??? First off, LUA and strong passwords will prevent most viruses from running in the first place. But, you can see the real reason why I think Antivirus software just doesn't cut it by looking at this article I wrote. It's called "What is the Best Antivirus Software for Your Domain"
http://www.experts-exchange.com/articles/Virus_and_Spyware/Anti-Virus/The-Best-AV-package-for-your-domain.html
_______________________________________________________________________
FREE AND A FEW MINUTES TO ENCORPORATE:
Most amdinistrators don't advocate what I am about to tell you. Windows firewall is a good software firewall if configured to work properly with the domain. That's the key to success with WF is configuring it. WF adds another layer to IT sec, it's free and centrally managed through group policy.
A more prolific firewall will be ISA firewall. This is as good as it gets for securing an internal network. However, you have to manually configure it to make sure it doesn't block the ideal ports.
In either case, both of them are centrally managed through group policies, they block uneeded ports, and add a huge layer to IT sec. I definately recommend a software firewall that you can manage centrally.
_________________________________________________________________________
I ASSUME YOU ALREADY HAVE THIS:
I already assume you are behind a NAT/hardware firewall. That's another layer.
_________________________________________________________________________
FREE AND TAKES A FEW MINUTES TO DO:
Strong encrypted passwords enforced by group policy will prevent direct hacks or guessed authentication. That's another layer.
Take, for example, this worm: http://vil.nai.com/vil/content/v_100611.htm
It spreads and infects on the basis of a week or well known password. That seems to be a trend today. Conficker worms do the same thing.
______________________________________________________________________
FREE but TIME CONSUMING:
Least User Authentication is something I am most keen on. The lease amount of permissions your users have, the more protected you are. It is said that LUA can prevent over 98% of malware infections!!!
http://www.experts-exchange.com/Web_Development/Internet_Marketing/E-Commerce/E-Commerce_Security/Q_24438319.html
______________________________________________________________________
$$ AND TIME:
Web proxies:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_24438346.html
____________________________________________________________________
$$$$ AND TIME:
Auditing for security vulnerabilities:
http://harris.com/view_pressrelease.asp?act=lookup&pr_id=239
_________________________________________________________
FREE and may take a day to set up:
Updates and security patches. Don't forget to update and patch your systems with the latest updates.
http://technet.microsoft.com/en-us/wsus/default.aspx
__________________________________________________________
Free with managed switches and VLANS:
Consider VLANS that separate your servers and confidential files from the domain users as well as adds an extra layer between you and the outside world. This is complicated to set up, but will enhance security. This will require managed switches to do.
_______________________________________________________________
This is free, and relatively easy to set up:
Your best line of defense is a Knowledge!! Teach your network admins what to look for, and what not to do.
Set up your own web site that can teach people how to prevent from walking into what I call e-traps.
When I was a victim of ID fraud, I learned how to prevent this from happening again. Most people are under the false impression that a good AV program and software firewall protect them. THEY ARE DILUSIONAL. THAT'S BARELY THE START. Your users and admins should know what to do on the internet and with email. So, set up a mandatory IT security class, or provide a web page that they can be tested on. Here is one of these web pages they should look at. It would take, what... 15 minutes to type up a 15 problem test on this site? This site offers what different types of malware are out there, as well as the does and don'ts. See how this comes in handy?!?!
http://www.lookstoogoodtobetrue.com/
___________________________________________________________________________
TO SUM THIS UP FROM BEST TO WORST:
educated users and administrators
Least user authentication
Strong password enforcement
Hardware firewall
Windows UPdates and security patches
ANTI SPYWARE software
Anti Spam Software
Software firewall
Anti virus software
Web proxy.
WHY IS ANTIVIRUS SOFTWARE ALMOST DEAD LAST, YOU ASK??? First off, LUA and strong passwords will prevent most viruses from running in the first place. But, you can see the real reason why I think Antivirus software just doesn't cut it by looking at this article I wrote. It's called "What is the Best Antivirus Software for Your Domain"
http://www.experts-exchange.com/articles/Virus_and_Spyware/Anti-Virus/The-Best-AV-package-for-your-domain.html
Admin- Admin
- Posts : 18
Join date : 2016-11-04 -
ITTechForum :: ITTech :: Networking
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|