Maintenance tasks to keep our network secure

Many times we have security problems because we do not carry out checks from time to time to keep our network safe, these are a few small tips that we must always keep in mind so as not to create unnecessary gaps in the security of our network. Today in RedesZone we are going to explain what security measures to take so that our network remains as well protected as possible, and we do not have security problems. These tasks should be reviewed from time to time, to check that everything is correct and that they follow all the rules in force.

Define appropriate user permissions for different tasks

Users with administrator privileges can perform activities that could be harmful, such as:

  • Without realizing it, they can make changes that decrease the general level of network security, modify the level of privacy of a browser, include exceptions in the firewall or open inappropriate ports, they are an example of this type of modification that can have dire consequences for our network and the computers that are connected to it.
  • It can fall into traps for the execution of malicious programs that would adopt the user’s administrator privileges and thus lose critical information or cause a decrease in resources for the system.
  • Accept malicious connections that lead to theft of access data, which would allow third parties to start a session and carry out dangerous actions.

To increase security, ensure that each user has the appropriate level of privilege for the tasks they must perform within the network, and minimize the number of users with administrator names and passwords. As well as denying any action on the days when said people should not be active within the network.

Download files from trusted sites

Many files can be downloaded from numerous locations on the Internet, but not all locations are likely to be well-meaning. Some are safer than others and some are not at all. Make sure content is only downloaded from trusted sites, which are typically manufacturer or company-owned websites and not file-sharing, generic, or third-party websites. Also consider who needs to download files and applications from websites, consider limiting download permissions to trusted users who need to download files as part of their job and make sure they know how to do it safely, as well as completely deny permission to perform them.Do not allow the installation on the computer of any downloaded program.

Audit network shares

Many malicious programs spread across local networks with typical network shares. Typically, this is because security for network shares is minimal or non-existent. Eliminate unnecessary shares and protect others and connections to limit the spread of network malware. Do not share all the units with all the users, only give access to the units strictly necessary for each one of them.

Monitor network connections

When computers connect to networks, they can adopt the security settings of that network during that specific session. If the network is external or outside the administrator’s control, the security options may be insufficient, thus putting computers within the network at risk. Consider preventing users from connecting the computer to unauthorized domains or networks, in most cases, many users only need to connect to the main company network. Deny access to external networks when they are not needed for anything within the user’s activity.

Modify the default IP address range

Networks often use standard IP address ranges, such as 10.1.xx or 192.168.xx. This standard implies that computers or devices configured to search for this range may accidentally connect to a network that is beyond our control. By changing the default IP range, computers are less likely to find similar ranges and connect to computers belonging to them, even if accidentally. You can also add firewall rules as an extra precaution, allowing only approved users to connect.

Control open ports and block unused

The ports are like any access to our house, whether they are doors or windows. If we leave them open for a long time without controlling them in the least, the chances of uninvited intruders getting inside it increases. If ports are left open, they can be used by Trojans and worms and other malicious software to communicate with unauthorized third parties. Make sure all ports are checked frequently and unused ports are blocked without exception.

Periodically control the access points to our network

Networks are continually changing in shape and size, so it is important to monitor all routes that lead to our network on a regular basis. We have to keep in mind that all the entry points are the same. We will consider how to best secure paths to prevent unsolicited files and applications from being entered undetected, or from leaking confidential information that could lead to the loss of critical information.

Place systems with critical information on different networks

When critical systems on our network are affected, they can slow down other processes within the network significantly. To better protect them, it is convenient that the most important systems for us or those with the most critical information, are located on a different network from the network used for day-to-day activities.

Test new programs on a virtual network

Although most software developers perform all the necessary tests to ensure the complete security of their programs, it is unlikely that they will have the same settings and options that we have for our network. To ensure that new installations or updates do not cause problems, we will test them in virtual sites outside of any network to verify their effects before using them in the real network.

Disable the USB ports that we are not using

Practically all devices when connected to a USB port, will be automatically detected and considered as removable disks or another type of device. USB ports can also allow devices to automatically run any software within them as soon as they are connected to those ports. Most users are unaware that even the most secure and trusted devices can introduce malicious programs onto the network without displaying any kind of alert. To avoid any problems, it is much safer to disable all unused ports and thus avoid these problems.

If we follow these tips we will keep our network safe, they are security measures that seem obvious and that is why there are times that we ignore them, a routine review of these points can avoid unpleasant surprises and greater evils.

Leave a Reply

Your email address will not be published.

Back to top button