VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
6 Steps to Secure Network Devices
1. 6 STEPS TO SECURE
NETWORK DEVICES
Simple steps to lower risk and
enhance your organizational security
posture.
1
Lisa Kearney - Cybersecurity Expert & Evangelist
2. STEPS TO NETWORK DEVICE SECURITY
Harden network devices
Limit unnecessary lateral communications
Secure access to infrastructure devices
Segment and segregate networks and functions
Perform Out-of-Band network management
Validate integrity of hardware and software
2
Lisa Kearney - Cybersecurity Expert & Evangelist
3. HARDEN NETWORK DEVICES1
3
Lisa Kearney - Cybersecurity Expert & Evangelist
Use baseline secure configuration for devices. Many manufacturers provide documentation
on best practices to secure and harden network devices.
Implement recommended configuration based on local laws, regulation, company polices and
standards.
Disable unnecessary services and protocols.
Disable unencrypted admin access such as telnet and ftp.
Disable default accounts. Change password.
Create ACL for remote access to devices and use a jump box to segregate management of
network devices.
Protect configuration files by encrypting and limit access based on business need and role.
Use strong passwords when creating accounts.
Restrict physical access to network devices.
Perform secure backups offsite.
Perform periodic testing of configuration file.
Create alerts for notification of device configuration changes.
4. 4
Lisa Kearney - Cybersecurity Expert & Evangelist
Use host-based firewall rules to restrict access and deny the flow of packets from other hosts in
the network.
Firewall rules can be filtered based on device, user, program, or IP address which limits access to
services and systems.
Implement a VLAN Access Control List (VACL) to limit access to and from VLANs.
Logical segregation of the physical or virtual segments allows network administrators to isolate
critical devices onto network segments in the event of an incident.
LIMIT UNNECESSARY LATERAL COMMUNICATIONS2
5. SECURE ACCESS TO INFRASTRUCTURE DEVICES
5
Lisa Kearney - Cybersecurity Expert & Evangelist
Implement MFA for access to network devices.
Create an ACL to limit access for management users. Place them in a management VLAN
and use jump box to further secure access.
Enable logging on network devices.
Setup alerts for changes to network equipment.
Use AAA (Authentication, Authorization and Accounting).
Manage admin credentials by encrypting passwords with salt in restricted monitored database.
Enforce strong password policies.
Store backup off-site of backup passwords. Such as a safe.
3
6. Create zones using VLANS to segregate network segments.
Segmentation can be based on business role or function.
Separate sensitive data from least critical data. This will limit impact of network intrusions and
attacks.
Implement principals of least privilege and need to know when assigning permissions to each
segment.
Place routers between segments to create boundaries or use VRT (Virtual Routing and
Forwarding).
Increase broadcast domains and effectively filter broadcast traffic to limit access.
This allows you to restrict or shut down segments during an intrusion and thereby restrict the
attackers access.
6
Lisa Kearney - Cybersecurity Expert & Evangelist
SEGMENT AND SEGREGATE NETWORKS AND FUNCTIONS4
7. PERFORM OUT-OF-BAND NETWORK MANAGEMENT
Implement an out-of-band (OoB) or dedicated channel for management of network devices.
Usually this is outside the production network which uses ethernet such a fibre channel.
Deploy encryption of management channels.
Use dedicated server for access to management of devices.
Ensure management server is hardened according to industry best practices as mentioned
above. This limits access and separates traffic from the production network and management
network.
OoB allows for enhanced monitoring and for a network administrator to take corrective action
without the adversary being able to observe the changes.
Enable logging of host and send to syslog server.
Enable alerting with notifications sent to senior network security personnel or mailing list.
7
Lisa Kearney - Cybersecurity Expert & Evangelist
5
8. VALIDATE INTEGRITY OF HARDWARE AND SOFTWARE
8
Lisa Kearney - Cybersecurity Expert & Evangelist
Validate your hardware and software purchases to ensure it is from authorized retailers.
Counterfeit devices and software is increasing and they present an amplified threat to users
and data.
Supply chain threat is a serious consideration as illegitimate hardware and software may
contain hidden back doors and or be transmitting data to malicious sources.
Throughout my career I’ve discovered multiple trojans built into software which was unknown
by the client or dealer. Therefore, it is also important to ask a retailer what integrity checks
they perform to ensure the validity of their merchandise.
Download updates from authorized sites.
Check hash and compare for validation of software.
Perform physical check of hardware upon arrival tor any signs of tampering. Check serial
numbers.
Verify network configuration of devices on a regular schedule.
Monitor and log changes.
6