SlideShare una empresa de Scribd logo

6 Steps to Secure Network Devices

Descargar como PPTX, PDF
Lisa Kearney
Lisa Kearney

Simple steps to lower risk and enhance your organizational security posture.

Dispositivos y hardware
1 de 9
6 STEPS TO SECURE NETWORK DEVICES Simple steps to lower risk and enhance your organizational security posture. 1 Lisa Kearney - Cybersecurity Expert & Evangelist
STEPS TO NETWORK DEVICE SECURITY  Harden network devices  Limit unnecessary lateral communications  Secure access to infrastructure devices  Segment and segregate networks and functions  Perform Out-of-Band network management  Validate integrity of hardware and software 2 Lisa Kearney - Cybersecurity Expert & Evangelist
HARDEN NETWORK DEVICES1 3 Lisa Kearney - Cybersecurity Expert & Evangelist  Use baseline secure configuration for devices. Many manufacturers provide documentation on best practices to secure and harden network devices.  Implement recommended configuration based on local laws, regulation, company polices and standards.  Disable unnecessary services and protocols.  Disable unencrypted admin access such as telnet and ftp.  Disable default accounts. Change password.  Create ACL for remote access to devices and use a jump box to segregate management of network devices.  Protect configuration files by encrypting and limit access based on business need and role.  Use strong passwords when creating accounts.  Restrict physical access to network devices.  Perform secure backups offsite.  Perform periodic testing of configuration file.  Create alerts for notification of device configuration changes.
4 Lisa Kearney - Cybersecurity Expert & Evangelist  Use host-based firewall rules to restrict access and deny the flow of packets from other hosts in the network.  Firewall rules can be filtered based on device, user, program, or IP address which limits access to services and systems.  Implement a VLAN Access Control List (VACL) to limit access to and from VLANs.  Logical segregation of the physical or virtual segments allows network administrators to isolate critical devices onto network segments in the event of an incident. LIMIT UNNECESSARY LATERAL COMMUNICATIONS2
SECURE ACCESS TO INFRASTRUCTURE DEVICES 5 Lisa Kearney - Cybersecurity Expert & Evangelist  Implement MFA for access to network devices.  Create an ACL to limit access for management users. Place them in a management VLAN and use jump box to further secure access.  Enable logging on network devices.  Setup alerts for changes to network equipment.  Use AAA (Authentication, Authorization and Accounting).  Manage admin credentials by encrypting passwords with salt in restricted monitored database.  Enforce strong password policies.  Store backup off-site of backup passwords. Such as a safe. 3
 Create zones using VLANS to segregate network segments.  Segmentation can be based on business role or function.  Separate sensitive data from least critical data. This will limit impact of network intrusions and attacks.  Implement principals of least privilege and need to know when assigning permissions to each segment.  Place routers between segments to create boundaries or use VRT (Virtual Routing and Forwarding).  Increase broadcast domains and effectively filter broadcast traffic to limit access.  This allows you to restrict or shut down segments during an intrusion and thereby restrict the attackers access. 6 Lisa Kearney - Cybersecurity Expert & Evangelist SEGMENT AND SEGREGATE NETWORKS AND FUNCTIONS4
PERFORM OUT-OF-BAND NETWORK MANAGEMENT  Implement an out-of-band (OoB) or dedicated channel for management of network devices. Usually this is outside the production network which uses ethernet such a fibre channel.  Deploy encryption of management channels.  Use dedicated server for access to management of devices.  Ensure management server is hardened according to industry best practices as mentioned above. This limits access and separates traffic from the production network and management network.  OoB allows for enhanced monitoring and for a network administrator to take corrective action without the adversary being able to observe the changes.  Enable logging of host and send to syslog server.  Enable alerting with notifications sent to senior network security personnel or mailing list. 7 Lisa Kearney - Cybersecurity Expert & Evangelist 5
VALIDATE INTEGRITY OF HARDWARE AND SOFTWARE 8 Lisa Kearney - Cybersecurity Expert & Evangelist  Validate your hardware and software purchases to ensure it is from authorized retailers. Counterfeit devices and software is increasing and they present an amplified threat to users and data.  Supply chain threat is a serious consideration as illegitimate hardware and software may contain hidden back doors and or be transmitting data to malicious sources.  Throughout my career I’ve discovered multiple trojans built into software which was unknown by the client or dealer. Therefore, it is also important to ask a retailer what integrity checks they perform to ensure the validity of their merchandise.  Download updates from authorized sites.  Check hash and compare for validation of software.  Perform physical check of hardware upon arrival tor any signs of tampering. Check serial numbers.  Verify network configuration of devices on a regular schedule.  Monitor and log changes. 6
Enquires 9 Lisa Kearney - Cybersecurity Expert & Evangelist Partial Credit: NCCIC

Recomendados

"EL ATAQUE INTERNO"
"EL ATAQUE INTERNO""EL ATAQUE INTERNO"
"EL ATAQUE INTERNO"Jose Luis Balbiano
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
 
TSS_Overview
TSS_OverviewTSS_Overview
TSS_OverviewOwen Gonzalez
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_usersCristian Garcia G.
 
Cdi federal 2019
Cdi federal 2019Cdi federal 2019
Cdi federal 2019Communications Devices Inc.
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...BeyondTrust
 

Recomendados

"EL ATAQUE INTERNO"
"EL ATAQUE INTERNO""EL ATAQUE INTERNO"
"EL ATAQUE INTERNO"Jose Luis Balbiano
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
 
TSS_Overview
TSS_OverviewTSS_Overview
TSS_OverviewOwen Gonzalez
 
Datasheet over privileged_users
Datasheet over privileged_usersDatasheet over privileged_users
Datasheet over privileged_usersCristian Garcia G.
 
Cdi federal 2019
Cdi federal 2019Cdi federal 2019
Cdi federal 2019Communications Devices Inc.
 
Firewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewFirewall, Router and Switch Configuration Review
Firewall, Router and Switch Configuration ReviewChristine MacDonald
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...
Sudo Mode (part 2): How Privilege Mistakes could Dismantle your Entire Enterp...BeyondTrust
 
Ekran 4.1
Ekran 4.1Ekran 4.1
Ekran 4.1Oleg Shomonko
 
Service providers presentation
Service providers presentationService providers presentation
Service providers presentationCommunications Devices Inc.
 
SECURE Out-of-Band Management
SECURE Out-of-Band ManagementSECURE Out-of-Band Management
SECURE Out-of-Band ManagementCommunications Devices Inc.
 
6 reasons to switch to fluidic ui - Network Configuration Manager
6 reasons to switch to fluidic ui - Network Configuration Manager6 reasons to switch to fluidic ui - Network Configuration Manager
6 reasons to switch to fluidic ui - Network Configuration ManagerManageEngine, Zoho Corporation
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nacAdriana Cardona
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseBeyondTrust
 
NetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Technologies Pvt. Ltd.
 
What is NAC
What is NACWhat is NAC
What is NACIsrael Marcus
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & RulesMuhammad Abdel Aal
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solutionmatthew.maisel
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsIncheon Park
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)cyberlocke
 
Presciense InterQuest IoT Talk
Presciense InterQuest IoT TalkPresciense InterQuest IoT Talk
Presciense InterQuest IoT TalkJonathan Lishawa
 
New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 Cyd Isaak Francisco
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2Nguyen Binh
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Solution note-cryptoflow-lan
Solution note-cryptoflow-lanSolution note-cryptoflow-lan
Solution note-cryptoflow-lancnnetwork
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 
MasterCapstoneV9
MasterCapstoneV9MasterCapstoneV9
MasterCapstoneV9Tracy Payne
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxcockekeshia
 

Más contenido relacionado

La actualidad más candente

6 reasons to switch to fluidic ui - Network Configuration Manager
6 reasons to switch to fluidic ui - Network Configuration Manager6 reasons to switch to fluidic ui - Network Configuration Manager
6 reasons to switch to fluidic ui - Network Configuration ManagerManageEngine, Zoho Corporation
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseBeyondTrust
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsAnthony Daniel
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solutionmatthew.maisel
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsIncheon Park
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)cyberlocke
 
Presciense InterQuest IoT Talk
Presciense InterQuest IoT TalkPresciense InterQuest IoT Talk
Presciense InterQuest IoT TalkJonathan Lishawa
 
New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 Cyd Isaak Francisco
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2Nguyen Binh
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Solution note-cryptoflow-lan
Solution note-cryptoflow-lanSolution note-cryptoflow-lan
Solution note-cryptoflow-lancnnetwork
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesKim Bookout
 

La actualidad más candente (20)

Ekran 4.1
Ekran 4.1Ekran 4.1
Ekran 4.1
 
Service providers presentation
Service providers presentationService providers presentation
Service providers presentation
 
SECURE Out-of-Band Management
SECURE Out-of-Band ManagementSECURE Out-of-Band Management
SECURE Out-of-Band Management
 
6 reasons to switch to fluidic ui - Network Configuration Manager
6 reasons to switch to fluidic ui - Network Configuration Manager6 reasons to switch to fluidic ui - Network Configuration Manager
6 reasons to switch to fluidic ui - Network Configuration Manager
 
Presentacion nac
Presentacion nacPresentacion nac
Presentacion nac
 
Unearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your EnterpriseUnearth Active Directory Threats Before They Bury Your Enterprise
Unearth Active Directory Threats Before They Bury Your Enterprise
 
NetGains Infrastructure Security
NetGains Infrastructure SecurityNetGains Infrastructure Security
NetGains Infrastructure Security
 
What is NAC
What is NACWhat is NAC
What is NAC
 
IBM QRadar BB & Rules
IBM QRadar BB & RulesIBM QRadar BB & Rules
IBM QRadar BB & Rules
 
Enterprise firewalls feature and benefits
Enterprise firewalls feature and benefitsEnterprise firewalls feature and benefits
Enterprise firewalls feature and benefits
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
 
Network Control Access for Non-IT Professionals
Network Control Access for Non-IT ProfessionalsNetwork Control Access for Non-IT Professionals
Network Control Access for Non-IT Professionals
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Network access control (nac)
Network access control (nac)Network access control (nac)
Network access control (nac)
 
Presciense InterQuest IoT Talk
Presciense InterQuest IoT TalkPresciense InterQuest IoT Talk
Presciense InterQuest IoT Talk
 
New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016 New VIPRE_DS_EndpointSecurity_2016
New VIPRE_DS_EndpointSecurity_2016
 
ICS case studies v2
ICS case studies v2ICS case studies v2
ICS case studies v2
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
Solution note-cryptoflow-lan
Solution note-cryptoflow-lanSolution note-cryptoflow-lan
Solution note-cryptoflow-lan
 
Hyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challengesHyper Secure Converged Infrastructure solves architectural challenges
Hyper Secure Converged Infrastructure solves architectural challenges
 

Similar a 6 Steps to Secure Network Devices

MasterCapstoneV9
MasterCapstoneV9MasterCapstoneV9
MasterCapstoneV9Tracy Payne
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxcockekeshia
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxgriffinruthie22
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Richard Sullivan
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfImamBahrudin5
 
ISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxYaser330700
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSMuhammad FAHAD
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attackAnalynk Wireless, LLC
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsMiller Energy, Inc.
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackCTi Controltech
 
Seven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securitySeven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securityCTi Controltech
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysisCARMEN ALCIVAR
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security ChecklistSimform
 
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docxvickeryr87
 

Similar a 6 Steps to Secure Network Devices (20)

MasterCapstoneV9
MasterCapstoneV9MasterCapstoneV9
MasterCapstoneV9
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docxWorksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01
 
Lumeta IPsonar Aligned to ITIL v3
Lumeta IPsonar Aligned to ITIL v3Lumeta IPsonar Aligned to ITIL v3
Lumeta IPsonar Aligned to ITIL v3
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdf
 
ISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptxISE_2.1_BDM_v3a.pptx
ISE_2.1_BDM_v3a.pptx
 
ICEIC_2017_20161013
ICEIC_2017_20161013ICEIC_2017_20161013
ICEIC_2017_20161013
 
CompTIA Security Plus Overview
CompTIA Security Plus OverviewCompTIA Security Plus Overview
CompTIA Security Plus Overview
 
CISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICSCISA GOV - Seven Steps to Effectively Defend ICS
CISA GOV - Seven Steps to Effectively Defend ICS
 
Defending industrial control systems from cyber attack
Defending industrial control systems from cyber attackDefending industrial control systems from cyber attack
Defending industrial control systems from cyber attack
 
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control SystemsNCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
NCCIC - Seven Steps for Achieving Cybersecurity for Industrial Control Systems
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Seven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber securitySeven recommendations for bolstering industrial control system cyber security
Seven recommendations for bolstering industrial control system cyber security
 
Defending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From CyberattackDefending Industrial Control Systems From Cyberattack
Defending Industrial Control Systems From Cyberattack
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
 
Packet capture and network traffic analysis
Packet capture and network traffic analysisPacket capture and network traffic analysis
Packet capture and network traffic analysis
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security Checklist
 
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
2.· Unshielded Twisted Pair (UTP) Cables· Shielded Twisted Pai.docx
 
Find the key features of an advanced firewall
Find the key features of an advanced firewallFind the key features of an advanced firewall
Find the key features of an advanced firewall
 

Último

Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...ranjana rawat
 
NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...
NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...
NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...Amil baba
 
Dubai Call Girls O528786472 Call Girls In Dubai Wisteria
Dubai Call Girls O528786472 Call Girls In Dubai WisteriaDubai Call Girls O528786472 Call Girls In Dubai Wisteria
Dubai Call Girls O528786472 Call Girls In Dubai WisteriaUnited Arab Emirates
 
Call Girls Chikhali Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chikhali Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chikhali Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chikhali Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)kojalkojal131
 
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...Call Girls in Nagpur High Profile
 
Develop Keyboard Skill.pptx er power point
Develop Keyboard Skill.pptx er power pointDevelop Keyboard Skill.pptx er power point
Develop Keyboard Skill.pptx er power pointGetawu
 
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...Suhani Kapoor
 
High Profile Call Girls In Andheri 7738631006 Call girls in mumbai Mumbai ...
High Profile Call Girls In Andheri 7738631006 Call girls in mumbai Mumbai ...High Profile Call Girls In Andheri 7738631006 Call girls in mumbai Mumbai ...
High Profile Call Girls In Andheri 7738631006 Call girls in mumbai Mumbai ...Pooja Nehwal
 
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样qaffana
 
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai Gaped
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai GapedCall Girls Dubai Slut Wife O525547819 Call Girls Dubai Gaped
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai Gapedkojalkojal131
 
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Pooja Nehwal
 
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...Call Girls in Nagpur High Profile
 

Último (20)

Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
Book Paid Lohegaon Call Girls Pune 8250192130Low Budget Full Independent High...
 
NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...
NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...
NO1 Verified Amil Baba In Karachi Kala Jadu In Karachi Amil baba In Karachi A...
 
Dubai Call Girls O528786472 Call Girls In Dubai Wisteria
Dubai Call Girls O528786472 Call Girls In Dubai WisteriaDubai Call Girls O528786472 Call Girls In Dubai Wisteria
Dubai Call Girls O528786472 Call Girls In Dubai Wisteria
 
Call Girls Chikhali Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chikhali Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chikhali Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chikhali Call Me 7737669865 Budget Friendly No Advance Booking
 
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
(=Towel) Dubai Call Girls O525547819 Call Girls In Dubai (Fav0r)
 
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
VVIP Pune Call Girls Kalyani Nagar (7001035870) Pune Escorts Nearby with Comp...
 
Develop Keyboard Skill.pptx er power point
Develop Keyboard Skill.pptx er power pointDevelop Keyboard Skill.pptx er power point
Develop Keyboard Skill.pptx er power point
 
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Bhavna Call 7001035870 Meet With Nagpur Escorts
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service
(SANA) Call Girls Landewadi ( 7001035870 ) HI-Fi Pune Escorts Service
 
Call Girls In Vaishali 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Vaishali 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In Vaishali 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In Vaishali 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
VIP Call Girls Kavuri Hills ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With ...
 
High Profile Call Girls In Andheri 7738631006 Call girls in mumbai Mumbai ...
High Profile Call Girls In Andheri 7738631006 Call girls in mumbai Mumbai ...High Profile Call Girls In Andheri 7738631006 Call girls in mumbai Mumbai ...
High Profile Call Girls In Andheri 7738631006 Call girls in mumbai Mumbai ...
 
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
哪里办理美国宾夕法尼亚州立大学毕业证(本硕)psu成绩单原版一模一样
 
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai Gaped
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai GapedCall Girls Dubai Slut Wife O525547819 Call Girls Dubai Gaped
Call Girls Dubai Slut Wife O525547819 Call Girls Dubai Gaped
 
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(ANIKA) Wanwadi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
young call girls in Sainik Farm 🔝 9953056974 🔝 Delhi escort Service
young call girls in Sainik Farm 🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Sainik Farm 🔝 9953056974 🔝 Delhi escort Service
young call girls in Sainik Farm 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
Call Girls in Thane 9892124323, Vashi cAll girls Serivces Juhu Escorts, powai...
 
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Sakshi Call 7001035870 Meet With Nagpur Escorts
 
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
VVIP Pune Call Girls Balaji Nagar (7001035870) Pune Escorts Nearby with Compl...
 

6 Steps to Secure Network Devices

  • 1. 6 STEPS TO SECURE NETWORK DEVICES Simple steps to lower risk and enhance your organizational security posture. 1 Lisa Kearney - Cybersecurity Expert & Evangelist
  • 2. STEPS TO NETWORK DEVICE SECURITY  Harden network devices  Limit unnecessary lateral communications  Secure access to infrastructure devices  Segment and segregate networks and functions  Perform Out-of-Band network management  Validate integrity of hardware and software 2 Lisa Kearney - Cybersecurity Expert & Evangelist
  • 3. HARDEN NETWORK DEVICES1 3 Lisa Kearney - Cybersecurity Expert & Evangelist  Use baseline secure configuration for devices. Many manufacturers provide documentation on best practices to secure and harden network devices.  Implement recommended configuration based on local laws, regulation, company polices and standards.  Disable unnecessary services and protocols.  Disable unencrypted admin access such as telnet and ftp.  Disable default accounts. Change password.  Create ACL for remote access to devices and use a jump box to segregate management of network devices.  Protect configuration files by encrypting and limit access based on business need and role.  Use strong passwords when creating accounts.  Restrict physical access to network devices.  Perform secure backups offsite.  Perform periodic testing of configuration file.  Create alerts for notification of device configuration changes.
  • 4. 4 Lisa Kearney - Cybersecurity Expert & Evangelist  Use host-based firewall rules to restrict access and deny the flow of packets from other hosts in the network.  Firewall rules can be filtered based on device, user, program, or IP address which limits access to services and systems.  Implement a VLAN Access Control List (VACL) to limit access to and from VLANs.  Logical segregation of the physical or virtual segments allows network administrators to isolate critical devices onto network segments in the event of an incident. LIMIT UNNECESSARY LATERAL COMMUNICATIONS2
  • 5. SECURE ACCESS TO INFRASTRUCTURE DEVICES 5 Lisa Kearney - Cybersecurity Expert & Evangelist  Implement MFA for access to network devices.  Create an ACL to limit access for management users. Place them in a management VLAN and use jump box to further secure access.  Enable logging on network devices.  Setup alerts for changes to network equipment.  Use AAA (Authentication, Authorization and Accounting).  Manage admin credentials by encrypting passwords with salt in restricted monitored database.  Enforce strong password policies.  Store backup off-site of backup passwords. Such as a safe. 3
  • 6.  Create zones using VLANS to segregate network segments.  Segmentation can be based on business role or function.  Separate sensitive data from least critical data. This will limit impact of network intrusions and attacks.  Implement principals of least privilege and need to know when assigning permissions to each segment.  Place routers between segments to create boundaries or use VRT (Virtual Routing and Forwarding).  Increase broadcast domains and effectively filter broadcast traffic to limit access.  This allows you to restrict or shut down segments during an intrusion and thereby restrict the attackers access. 6 Lisa Kearney - Cybersecurity Expert & Evangelist SEGMENT AND SEGREGATE NETWORKS AND FUNCTIONS4
  • 7. PERFORM OUT-OF-BAND NETWORK MANAGEMENT  Implement an out-of-band (OoB) or dedicated channel for management of network devices. Usually this is outside the production network which uses ethernet such a fibre channel.  Deploy encryption of management channels.  Use dedicated server for access to management of devices.  Ensure management server is hardened according to industry best practices as mentioned above. This limits access and separates traffic from the production network and management network.  OoB allows for enhanced monitoring and for a network administrator to take corrective action without the adversary being able to observe the changes.  Enable logging of host and send to syslog server.  Enable alerting with notifications sent to senior network security personnel or mailing list. 7 Lisa Kearney - Cybersecurity Expert & Evangelist 5
  • 8. VALIDATE INTEGRITY OF HARDWARE AND SOFTWARE 8 Lisa Kearney - Cybersecurity Expert & Evangelist  Validate your hardware and software purchases to ensure it is from authorized retailers. Counterfeit devices and software is increasing and they present an amplified threat to users and data.  Supply chain threat is a serious consideration as illegitimate hardware and software may contain hidden back doors and or be transmitting data to malicious sources.  Throughout my career I’ve discovered multiple trojans built into software which was unknown by the client or dealer. Therefore, it is also important to ask a retailer what integrity checks they perform to ensure the validity of their merchandise.  Download updates from authorized sites.  Check hash and compare for validation of software.  Perform physical check of hardware upon arrival tor any signs of tampering. Check serial numbers.  Verify network configuration of devices on a regular schedule.  Monitor and log changes. 6
  • 9. Enquires 9 Lisa Kearney - Cybersecurity Expert & Evangelist Partial Credit: NCCIC