Our CCIE technical staff offer advice on how network engineers can better secure enterprise networks from malware, intruders and spam.
Define limited rights for users
Never assign complete administrator rights to users, in this case chances of performing harmful activities exist, such as:
- running malware, which would take control of user’s administrator rights
- accidentally removing network security shells
- stolen logon details would allow hackers to log in and performing damaging actions
Download files from trusted sites only
Computer software and document files can be downloaded from multiple websites on the Internet, but not all websites are safe. Make sure that your users only download from trusted sites. Also consider to assign downloading rights to only those trusted users who are required to download data files as part of their routine tasks, and ensure that these selected users are educated enough in how to download files safely.
Malware in network shares
Network shares are major source of malware transfer within networks. This is commonly done due to not sufficient security on network shares. Share network resources only with the users who require that network resource in performing their tasks.
Change the default IP range for your network
In networks, most commonly standard IP ranges are used, such as 10.1.x.x or 192.168.x.x. This standardization means most the computing machines are configured with such IP range that may accidentally connect to a network outside your control. Change your network’s default IP range, this will reduce chances to find a similar range.
Keep an eye on the entry points in your network
Network structure is mostly changed for facilitating users, so it is very crucial to keep an eye on all the entry points of your network on daily basis. Be aware of all network routes. Learn how to secure the entry points to stop unwanted files and applications.
Consider business backup on a different network
When business critical data systems are affected, they can slow down business processes. To increase their protection level, consider having a backup system on a different network.
Disable unused USB ports
USB ports allow devices to auto run any software connected to it. Most users don’t know that even the safest and most trusted USB drives or other devices can introduce malware into the network. To prevent such kind of accidents, it is required to disable all unused ports.
Visit the TheNetworkHardware website to explore our range of networking hardware and find the right one for you.