I need input on how to make a network secure... I've just started at a new company, and their current network isn't secure at all - and they're worried past employees, or the public can access their files and internet connection via it. So here's a list of what security is currently in place: - Password access to certain folders/files - Password access for specific users - Sign-out sheet for digital cameras - Symantec/Norton Virus protection - Microsoft AntiSpyWare - Daily backups to secondary hard drive - Weekly backups to removable hard drive (stored in the safe) Here's a list of what I reckon needs putting in place: - Change all existing passwords - Re-configure all shared folders on fileserver - Additional passwords if appropriate - Data encryption on wireless network(s) - Hardware log (detailed documentation of every piece of hardware) - Sign-out sheet (for laptops, peripherals as well as digital cameras) - Monitor Network activity on a daily basis (including shares and IPs connected) - Hardware or Software firewall I know this concerns more than networks, but I am looking specifically at making the physical network secure. It is comprised of both wired and wireless access. Does anyone have any other suggestions?
i have some things i would do to help out }mac filtering for the wireless and drop wpa or wep }static ip address on a domain }each user has a roaming profile with a password (this way you don't need to back up every pc on your network just back up the domain and the fileserver.) }a linux firewall (poss smoothwall) }a nighty or weekly ant virus scan as well as an ant spyware scan. monthly windows updates }setup content advisor with a password. }lock the Bios so they can't make chages to it and set it up so when it boots up it only looks for the harddrive only. this way they can't use knopix or something so they can't make changes to the pc. }run firefox and disable ie
Roaming profiles and a daily virus/spyware scan exist, but the other points I'll definately look into today - many thanks!!!
DO NOT drop WPA or WEP encryption for MAC filtering. MAC addresses can easily be spoofed. It may help to enable mac filtering in addition to encryption, as an extra form of security, but encrypting the network is much more secure than relying solely on mac filtering. I would highly suggest using WPA over WEP. WEP encryption is very easy to break. In a corporate environment, a person would be able to crack it within minutes with all the data travelling back and forth. WPA or WPA2 is your best option, it is much harder to break than WEP. An important step that seems to be overlooked is to teach your co-workers to be more secure. Encourage them not to use short or simple passwords. Dictionary words are a bad idea. A long combination of letters and numbers or even a pass-phrase is much more secure. At my dad's office, he's been given a small RFID device (RSA SecurID) that updates every few minutes. I'm not exactly sure about the technology, but it works at home and on the road. A randomly-generated password is shown on the device's display screen that is needed to log in to the VPN in addition to his normal static password. If you're company is willing to invest in them, I think they may prove to be a very secure way of keeping other people off the network. edit: Also I'm not too sure about monitoring network activity. Depending on the size of your company, that may prove to be a very daunting task. Maybe scanning logs for unusual activity might help, but constantly keeping track of everyone and everything travelling over the network isn't exactly practical. Installing a hardware firewall is a very good idea, I'm surprised the company doesn't already have something set up. A hardware firewall will be much more efficient and safer than a software firewall. Software firewalls tend to be a pain and are easier to get past than a hardware solution.
My dads work is the same way and that is a brilliant piece of technology generates a 9 digit number that changes every minute brillant i suggest getting them for the company
