To Have A Secure Network

-

To secure the network:

Enable Brute Attack: If your server such as camera server has a protection for brute attack. It should be enabled!
Login Lockout: If your server has login lockout while the password was typed wrong several times. It should be enabled!

  • 2 Step Verification: It should be forced to the network admin team.
  • Firewall Ports: All external ports should be closed! To login your firewall, you can use SSL VPN. (Sonicwall NetExtender for Sonicwall).
  • Firewall Settings: IDS and IPS settings should be done!
  • Filter: The malicious websites should be blocked! And keep an eye on it! Watch the traffics.
  • VLANs: You should have VLANs which has restriction on them. For example; student or guest vlan shoul not connect to main devices' vlan.
  • Passwords: They should be at least 13 digit for main devices such as server, firewall and contains uppercase,lowercase,number, and special characters. Check your password strength: https://howsecureismypassword.net/ (Put a similar password)
    DO NOT leave default password on any machine including 
    • Printers
    • Cameras (the camera itself)
    • AP (the AP itself)
    • Switches (the switches itself)
  • Data Security: The data should not be shared with everyone. The server room should not be opened anyone except IT staff. The passwords can be saved with a software such as LastPass.
  • Training: The staff should be trained such as lock the computer, phishing emails, websites, password safety, not sharing computer or wifi password with anyone.
  • Watch Internet traffic: The traffic should be watched by filter. Should set up automatic emails such as report (iBoss) or sending emails once the cable is plugged or unplugged (meraki)
  • Physical Network: If the wall jack is not being used, the cable should be blank from server rank. So, no one will able to plug another device.
  • Update: Updating fixes the most device and security issues. Don't forget to update the followings periodically.
    • Firewall
    • AD, DNS Server
    • Switches, AP
    • Camera Server (Apache Server)
    • Phone Server
    • App Servers such as Papercut
    • Other Important Hosts such as Security System Desktop, Proctor Cache Computer... vs
  • SSL certificate: To have SSL certificate http websites (sonicwall device, iboss device) especially for external devices. If you open papercut external, the website of papercut should have SSL certification. Otherwise, packet can be collected and the password can be found easily via some softwares such as Wireshark.

Comments

Post a Comment

Popular posts from this blog

MCAS ProctorCache Setup

-
Image
I would like to share my experience with MCAS proctorcache computer. If you need to setup second precaching computer;  You need to add a precaching computer after choose your school on MCAS PAN website. (Setup>TestNav Configurations>Search(Show All Results) >Choose your school>Select Task(Create/Edit TestNav Configurations)>Press Start button. To precache of the test; Login PAN website! Navigate Testing>Session>Search(Show all results)> Choose your test> See picture below> and the new page. Click on the Precache. The protoctorcache computer's firewall's port 4480 and 4481 should be opened! If you couldn't open those ports, just turn off the precaching computer's firewall. How to open a port on a computer?  http://www.myiteducation.org/2018/03/general-computer-tips.html Don't forget to change the proctor cache sleeping time  to never. The proctor cache password is  t35t1n6 =====================================
Read more

My CCNA Useful Links

-
Summary of All Topics-1 Click on the "Sections (Theory)" part. Summary of All Topics-2 Summary of All Topics-3 Cisco Networking All-in-One Cheat Sheet GENERAL INFO&TERMS IPv4 IPv6 ROUTING OSPF Explanation Video OSPF Lab - 1 OSPF Lab - 2 EIGRP Explanation Video EIGRP Lab - 1 EIGRP Lab - 2 Troubleshooting: Check AS, networks must be configured under eigrp (check the interface ip to see there is any missing network), metric values must be same. Static and Default Route Lab HSRP Vs VRRP Vs GLBP Redundancy Protocols How to Break Cisco Routers Password Using Rommon Mode Don't forget to go rommon mode back and start your router with default register value which is 0x2102. This part is not in the video. SWITCHING STP VTP STACKABLE SWITCH ETHERCHANNEL VLAN HOW TO CONFIGURE ROUTER ON A STICK - 802.1Q TRUNK TO CISCO ROUTER How to Confi gure Port Security on a Cisco Switch   OTHER ACL Router1(config)#access-list 101
Read more