What about it? You can just put a firewall and here you are! Completely Safe!
A few years ago maybe… But in nowadays the things are little bit different. Instant messaging, P2P networks, in-house web and mail services, streaming, Trojans, worms, and many more, can open temporary or even permanent “doors” inside your network; even if you have a firewall installed. You should think your network security as a whole! You cannot consider your network safe if:
- everybody has administrative rights
- you have an expired antivirus
- you do not have a perimeter security device
- you have not reduced your “attack surface”
- you have not designed your “defense in depth” strategy appropriately
- you use weak passwords
- you do not use web filters
- you do not patch your applications and O/S
- you have not trained your users
Rule #1: Administrative Permissions Are Your Enemy
The first thing I do when I am hired by a company to secure their network, is to limit administrative permissions. Including from users’ workstations. These workstations are vulnerable when executing processes, like the Internet explorer, with administrative rights. But you have to take care of two things beforehand:
- Users’ reactions! Most users won’t like that kind of restriction. I always explain why I am proceeding to a such action, in order to avoid inconvenience. I also explain that I will take care of any special requests that may arise.
- Legacy software side effects. You have to make sure that everything is working as expected.
Rule #2: Weak Passwords, Just Make You Weak
Weak passwords is a common practice by many companies. Most users use a simple 4-8 character password; like their birthday, a simple word, etc. On the other hand, if you enforce long passwords with complexity, you will probably end up with stickers of hand written passwords on each of your users’ monitors.
In case you have the budget, try to introduce smartcards, biometrics or OTP tokens. If you can’t, train your users to use passwords that comprise of long phrases like “I like to go for shopping 5 times a week!”. These are strong and easy to remember.
Rule #3: Defense!
You have to reduce your attack surface:
- Uninstall unnecessary software
- Disable unnecessary services
- Limit the accounts that are members of the domain admins group
- Configure local firewalls to servers
- Configure local Intrusion Prevention Systems to servers (usually it is a part of a firewall)
- Take care of expired antivirus and antispyware systems
- Regularly patch your applications and O/S
Rule #4: Another Brick On The Wall
Choose your security devices wisely. Many enterprise products look like a safe choice. For large organizations! For SMBs may not be the case.
Why?
Budget! If you decide to install an enterprise-class device, you may get an excellent stateful firewall, for example. From that point forward, you have to add web filtering, antivirus, antispyware, IPS at an extra cost. If you can, it may be an excellent choice with unique capabilities! If you can’t, it may be wiser to purchase an all-in-one solution, even if it is not a state of the art.
Rule #5: Limit The Noise
Try to reduce the dropped packets “noise” from your firewall logs. Just set some simple filtering rules to you Internet routers:
-
Drop private networks, broadcasts and multicasts.
-
Setup NAT and/or PAT to your public interface
Rule #6: Test, Test and Test
-
Purchase a software and run security audits to your servers and workstations
-
Purchase a software and try to penetrate your firewalls from the inside and from the outside
-
Check the logs of your perimeter security devices. Is there anything unusual?
-
Check the logs of your local firewalls. Is there anything unusual?
-
Compare perimeter and local firewalls’ logs. Is something passing through the perimeter device and logged into the local firewall?
Rule #7: Train Your Users
Simple rules like don’t open “strange” email messages and don’t press yes to any warnings that may appear to your screen can make a difference.
Rule #8: Don’t forget to backup
It is wise to backup the latest configuration state of your devices and your data regularly. If your firewall crashes it would be much easier to restore its configuration file than to set it up from scratch.
On the other hand, imagine what will happen if a HDD crashes or a user accidentally deletes a shared directory? You will definitely benefit from the latest backup of your files!
Rule #9: Check the latest security best practices
Update your security strategy regularly by checking the latest best practices. You can find appropriate info at www.cert.org, www.sans.org, www.cisecurity.org, www.w3.org/security.