It is never too soon to start. Protecting the network and the data that resides in it and is transmitted over the network should be baked into the design of the network from the beginning.
On the other hand, it is never too late to start, either. Here are some basic principles to protect your network.
1) Password discipline is arguably the most common problem found in most networks. You can purchase the most expensive firewall in the world, and have the most elaborate security precautions possible in place, but if someone wants to gain access to your network and has the correct password or passwords, the expensive firewalls don’t do any good.
The phrase, “Social Engineering,” describes one aspect of the problem of password discipline. The person desiring to gain access to a network or a network resource simply gets to know someone with the desired access and observes when they key in their password.
Another aspect of poor password discipline, which lends itself to social engineering, is the tendency for individuals to choose passwords that are easy to remember, such as 1234abcd, or the name of a pet, or a family member, or birthdays, or combinations of any of the above.
Choosing passwords that are easy to remember is still possible while also having a strong password. Use longer passwords. Use upper and lower case letters, numbers, and special characters such as !@#$%&. Here is an example, nuM&3r0n3, using a combination of upper and lower case letters, numbers, and special characters to spell the word “numberone.”
Another tendency is to keep the same password for long periods of time instead of changing them periodically. A good rule of thumb is to change passwords every two or three months. There are apps out there (yes, there is an app for that) that can help you keep track of your passwords. Using such an app means that you only have to remember the password for the app which will then give you access to all of your passwords when you need to use them.
Another password-related issue is to use the same password for everything, sort of a “One Size Fits All” approach. Once someone learns that one password, they then have access to everything their target has access to: Bank accounts, secure websites, email, and so on. This is where one of those password keeping apps can come in handy!
2) Don’t advertise your wireless network’s SSID (Service Set Identifier), which is the primary name assigned to a wireless network, for the world to see.
3) Change the names to protect the innocent. Another layer of protection, slightly more complex, is to use substitute IP addressing, known as Network Address Translation, or NAT, to protect devices inside your network from the rest of the internet.
4) Firewalls can be used to protect sensitive information. Windows users can use the software based firewall provided with Windows for basic protection. More robust firewall solutions which are also software based are available from Norton, Sophos, ZoneAlarm, and numerous others. The downside to software firewalls is that they will only protect the computer they are installed on, not a network, so each computer will need to have a software firewall installed on it. Like hardware firewalls there is a vast number of software firewalls to choose from.
5) A simple process to lock down your hardware firewalls to protect your network right now is to incorporate a so-called “any any any deny” rule or policy. This would be a final rule at the bottom of your firewall’s rule set which would specify traffic coming from any source IP address to any destination address on any port and then deny that traffic. In other words, if the traffic is not specifically allowed in a previous rule listed above the “any any any deny” rule, it will be denied.
