To Have A Secure Network
To secure the network:Enable Brute Attack: If your server such as camera server has a protection for brute attack. It should be enabled!
Login Lockout: If your server has login lockout while the password was typed wrong several times. It should be enabled!
- 2 Step Verification: It should be forced to the network admin team.
- Firewall Ports: All external ports should be closed! To login your firewall, you can use SSL VPN. (Sonicwall NetExtender for Sonicwall).
- Firewall Settings: IDS and IPS settings should be done!
- Filter: The malicious websites should be blocked! And keep an eye on it! Watch the traffics.
- VLANs: You should have VLANs which has restriction on them. For example; student or guest vlan shoul not connect to main devices' vlan.
- Passwords: They should be at least 13 digit for main devices such as server, firewall and contains uppercase,lowercase,number, and special characters. Check your password strength: https://howsecureismypassword.net/ (Put a similar password)
DO NOT leave default password on any machine including
- Cameras (the camera itself)
- AP (the AP itself)
- Switches (the switches itself)
- Data Security: The data should not be shared with everyone. The server room should not be opened anyone except IT staff. The passwords can be saved with a software such as LastPass.
- Training: The staff should be trained such as lock the computer, phishing emails, websites, password safety, not sharing computer or wifi password with anyone.
- Watch Internet traffic: The traffic should be watched by filter. Should set up automatic emails such as report (iBoss) or sending emails once the cable is plugged or unplugged (meraki)
- Physical Network: If the wall jack is not being used, the cable should be blank from server rank. So, no one will able to plug another device.
- Update: Updating fixes the most device and security issues. Don't forget to update the followings periodically.
- AD, DNS Server
- Switches, AP
- Camera Server (Apache Server)
- Phone Server
- App Servers such as Papercut
- Other Important Hosts such as Security System Desktop, Proctor Cache Computer... vs
- SSL certificate: To have SSL certificate http websites (sonicwall device, iboss device) especially for external devices. If you open papercut external, the website of papercut should have SSL certification. Otherwise, packet can be collected and the password can be found easily via some softwares such as Wireshark.