Network security threats take many names and forms. A lot has been written about these threats and the risks they pose. They are constantly evolving, and becoming smarter by the day. It is essential that you take the required steps to help protect your network. Here are some tips to help you manage network security.
1. Be smart with your password
Make sure you are not using the straight-from-the-box password. Pick a complex passphrase. All those articles insisting you pick a random password with upper and lower case, numbers, and symbols bear wisdom.
2. Disable WPS
Check if your router is using Wi-Fi Protected Setup (WPS), disable it. This was an optional feature in routers to make it easier for devices to connect to the Wi-Fi without needing to enter the passphrase.
3. Hide your SSID
Opt not to broadcast you SSID (network name). Set up your connection and give the SSID and the passphrase to people who would need to connect on a regular basis. Otherwise, give them the guest network.
4. Set up a guest network
Create a separate wireless network under a second SSID so your guests can connect to it without being on the main “work” network. Routinely changing the password to this network will not affect those who are connected to your main one.
5. Consider MAC address filtering on your main network
MAC address filtering means you have to add every device (computers, laptops, tablets, mobile phones) to the network before they can access it. It may take time to add all devices in but it will help you limit who can access your network.
There is an on-going debate about the usefulness of using MAC address filtering since MAC addresses can be spoofed. If you do encounter a MAC address spoof, there are ways to track it. In this case, this is more of a cure than it is prevention.
6. Don't allow admin access from a wireless network
This makes any changes to your Wi-Fi router to be done using a wired local area connection.
7. Be clear with your internet use policies
Clearly define what is considered internet abuse and enforce the rules against it. This may include accessing social networks, NSFW sites, using email address for non-work related emails, P2P, and IM.
8. Know the threats
Research what internal network threats your company is susceptible to. Learn what form they may take, and how they may access your network (virus, spyware, malware, RATs, etc.)
9. Invest in a good antivirus
Add an antivirus on your computers and on the gateway. Installing an antivirus on your computer will help you avoid getting malicious software, adding an antivirus on your gateway will help prevent everyone who is connected to your network from getting infected and spreading them.
9. Raise your spam guard
Aside from getting tons of annoying emails from a politician in a faraway land needing of financial help to regain his Swiss bank account, spam can have offensive content and can be dangerous. Aside from implementing a spam filter, only open attachments from people you know, and be cautious of clicking links in email and IM.
10. Create a strong firewall security policy
Review your firewall rules, and monitor regularly for vulnerabilities to threat coming from inside and outside your network.
The tips above will help create a more protected environment for you and the users connected to your network but it will not give you 100% protection. Unfortunately there isn’t a way to completely secure your network from external and internal threats. Always be vigilant and cautious.