Cybersecurity Video Tips: Network Hardening

Welcome, I am Maria Sole Scollo, one of the
member of GARR cyber security team. In this video I will cover ways how to harden
your networks. Network hardening is the process of securing
a network by reducing its potential vulnerabilities through configuration changes, and taking
specific steps. So let’s see what these steps are – Traffic monitoring
– router configuration – network segmentation
– Firewall installation – Enabling wireless security
– Using secure protocol – Updating software and Hardware A very important component of network security
is monitoring and analyzing traffic on your network. Because in order to know what unusual or potential
attack traffic looks like, you need to know what normal traffic looks like. You can do this through network traffic monitoring
and logs analysis. This will highlight potential intrusions,
signs of malware infections or atypical behaviour. You’d want to analyse things like firewall
logs, authentication server logs, and application logs. It’s important to configure router appropriately
with Access Control List (like anti-spoofing filters and other)
Networks would be much safer if you disable access to network services that aren’t needed,
and enforce access restrictions. Implicit deny is a network security concept
where anything not explicitly permitted or allowed should be denied. Instead of requiring you to specifically block
all traffic you don’t want, you can just create rules for traffic that you need to go through. This is a much more secure configuration. The first line of defence should involve a
firewall between the network and the internet. Other options include the use of Network Address
Translation (NAT) and access control lists (ACLs). Authorized remote access should be enabled
through the use of secure tunnels and virtual private networks. here is a diagram how to segment the network
into separate subnets, applying, in relation to the context, the most rigorous policies: a DMZ subnet exposed to the internet (DNS,
web server, mail server) a wifi access point protected by a firewall and some private subnet behind a firewall
with NAT function: a Subnet for Management and Administration
a Subnet for didactics and laboratories a Subnet for students and guests (BYOD: smartphone,
tablet, notebook) a Subnet for IoT devices, printers, etc. Wireless networks must be configured to highest
available security level. So:
– Use the strongest encryption protocol available (WPA2/WPA3)
– Change the router’s default administrator password
– Change the default Service Set Identifier (SSID)
– Disable WiFi Protected Setup (WPS) – Reduce wireless signal strength
– Turn the network off when not in use (or configure a wireless schedule)
– Disable Universal Plug and Play (UPnP) when not needed
– Keep all router and network devices updated to the latest firmware version
– Disable remote management – Monitor for unknown device connections Network security protocols are used to protect
computer data and communication in transit. Some of the popular network security protocols
include Secure File Transfer Protocol (SFTP), Secure
Hypertext Transfer Protocol (HTTPS), Secure Socket Layer (SSL), etc.. An important part of network hardening involves
an ongoing process of ensuring that all networking software together with the firmware in routers
are updated with the latest vendor supplied patches and fixes. When we talk about securing networks, an important
component is securing the data center that the network resides in. Hacking into network systems is not the only
way that sensitive information can be stolen or used against an organization. Physical security must be implemented correctly
to prevent attackers from gaining physical access and take what they want. All the firewalls, cryptography and other
security measures would be useless if that were to occur. Keep your server and other equipment in its
own dedicated room, (even if it’s little more than a closet.) Make sure to keep that room locked whenever
it’s not in use, and limit access to a small number of people who need a key. Thanks everyone

Leave a Reply

Your email address will not be published. Required fields are marked *