Security tips for network administrators

<h1>Security tips for network administrators - Enterprise</h1>Author: <a title="MFrizzi" href="http://www.articlesbase.com/authors/mfrizzi/275505.htm">MFrizzi</a> 1. Define correct user rights for the correct task Users who have administrator rights have the ability to perform activities that could be damaging, such as <ul> <li> accidentally making changes that decrease the overall level of network security </li> <li> being fooled into running malware, which would adopt user's administrator privileges </li> <li> having logon details stolen, which would allow third parties to log in and carry out damaging actions </li> </ul> To increase security, ensure that your users have the appropriate privilege level for the task at hand, and limit the number of users that have administrator usernames and passwords to a minimum. 2. Download files from trusted sites only Many files can be downloaded from multiple locations on the internet, but not all locations are created equal. Some are more secure than others. Ensure that your users only download from trusted sites, which are often main source websites rather than file-sharing or generic websites. Also consider who in the company needs to download files and applications from a website: consider restricting this permission to only those trusted users who are required to download files as part of their day-to-day activities, and ensure that these select few are educated in how to download files safely. 3. Undertake an audit of network shares A lot of malware can spread via networks. This is commonly due to there being little or no security on network shares. Remove unnecessary shares and secure the others and their contents to limit network-aware malware from spreading. 4. Control network connections When computers connect to networks, they can adopt that network's security settings during that specific session. If this network is external or outside the administrator's control, the security settings may be insufficient and put the computer at risk. Consider restricting users from connecting computers to unapproved domains or networks - in most instances, most users need only connect to the main corporate network. 5. Change the default IP range for your network Networks often use standard IP ranges, such as 10.1.x.x or 192.168.x.x. This standardization means that machines configured to look for this range may accidentally connect to a network outside your control. By changing the default IP range, the computers are less likely to find a similar range. You can also add firewall rules, as an added precaution, which allows only approved users to connect. 6. Audit the open ports on your network regularly and block unused ones. Ports are like windows in a house. If you leave them open for long periods of time without surveying them, you increase the chance of letting uninvited intruders in. If ports are left open, they can be used by Trojans and worms to communicate with unauthorised third-parties. Ensure that all ports are regularly audited and that unused are blocked. 7. Regularly audit the entry points into your network Networks change shape and size all the time, so it is important to look into all the routes into your organisation on a regular basis. Be aware of all entry points. Consider how to best secure the routes to stop unwanted files and applications entering undetected or sensitive information leaking out. 8. Consider placing business critical systems on a different network When business critical systems are affected, they can slow business processes significantly. To help protect them, consider having them on a different network from the one used for day-to-day activities. 9. Test new software on a virtual network before you deploy Although most software developers test software as much as they can, they are unlikely to have your network's exact configuration and setup. To ensure that a new installation or update does not cause any problems, test it on a virtual system and check its effects before deploying to the real live network. 10. Disable unused USB ports Many devices, when connected to a USB port, will be automatically detected and mounted as a drive. USB ports can also allow devices to autorun any software connected to it. Most users are unaware that even the safest and most trusted devices can potentially introduce malware into the network. To prevent any accidents, it is much safer to disable all unused ports.About the Author: This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: <A href="http://www.sophos.com">security software</A>, encryption software, <A href="http://www.sophos.com">antivirus</A>, and <A href="http://www.sophos.com/products/malware-protection/">malware</A>.Article Source: <a href="http://www.articlesbase.com/">ArticlesBase.com</a> - <a href="http://www.articlesbase.com/security-articles/security-tips-for-network-administrators-enterprise-1447109.html" title="Security tips for network administrators - Enterprise">Security tips for network administrators - Enterprise</a>

1. Define correct user rights for the correct task

Users who have administrator rights have the ability to perform activities that could be damaging, such as

accidentally making changes that decrease the overall level of network security
being fooled into running malware, which would adopt user's administrator privileges
having logon details stolen, which would allow third parties to log in and carry out damaging actions

To increase security, ensure that your users have the appropriate privilege level for the task at hand, and limit the number of users that have administrator usernames and passwords to a minimum.

2. Download files from trusted sites only

Many files can be downloaded from multiple locations on the internet, but not all locations are created equal. Some are more secure than others. Ensure that your users only download from trusted sites, which are often main source websites rather than file-sharing or generic websites. Also consider who in the company needs to download files and applications from a website: consider restricting this permission to only those trusted users who are required to download files as part of their day-to-day activities, and ensure that these select few are educated in how to download files safely.

3. Undertake an audit of network shares

A lot of malware can spread via networks. This is commonly due to there being little or no security on network shares. Remove unnecessary shares and secure the others and their contents to limit network-aware malware from spreading.

4. Control network connections

When computers connect to networks, they can adopt that network's security settings during that specific session. If this network is external or outside the administrator's control, the security settings may be insufficient and put the computer at risk. Consider restricting users from connecting computers to unapproved domains or networks - in most instances, most users need only connect to the main corporate network.

5. Change the default IP range for your network

Networks often use standard IP ranges, such as 10.1.x.x or 192.168.x.x. This standardization means that machines configured to look for this range may accidentally connect to a network outside your control. By changing the default IP range, the computers are less likely to find a similar range. You can also add firewall rules, as an added precaution, which allows only approved users to connect.

6. Audit the open ports on your network regularly and block unused ones.

Ports are like windows in a house. If you leave them open for long periods of time without surveying them, you increase the chance of letting uninvited intruders in. If ports are left open, they can be used by Trojans and worms to communicate with unauthorised third-parties. Ensure that all ports are regularly audited and that unused are blocked.

7. Regularly audit the entry points into your network

Networks change shape and size all the time, so it is important to look into all the routes into your organisation on a regular basis. Be aware of all entry points. Consider how to best secure the routes to stop unwanted files and applications entering undetected or sensitive information leaking out.

8. Consider placing business critical systems on a different network

When business critical systems are affected, they can slow business processes significantly. To help protect them, consider having them on a different network from the one used for day-to-day activities.

9. Test new software on a virtual network before you deploy

Although most software developers test software as much as they can, they are unlikely to have your network's exact configuration and setup. To ensure that a new installation or update does not cause any problems, test it on a virtual system and check its effects before deploying to the real live network.

10. Disable unused USB ports

Many devices, when connected to a USB port, will be automatically detected and mounted as a drive. USB ports can also allow devices to autorun any software connected to it. Most users are unaware that even the safest and most trusted devices can potentially introduce malware into the network. To prevent any accidents, it is much safer to disable all unused ports.

This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.

Rate this Article:

0 / 5 stars - 0 vote(s)

Re-Publish

Related Videos
Related Articles
Ask / Related Q&A

Play

How to Set Up a Wireless Security Network

Play

How to Secure Network Endpoints - Part 2

Play

10 Quick Fixes for Security Nightmares - FrugalTech

Play

What's the Weakest Link in Network Security?

Play

Protect Your Web Browsing Using Secure Computing Web Protection Service

Latest Security Articles
More from MFrizzi

Antivirus System Pro Removal Instructions

By: Ahmad | 22/11/2009
Antivirus System Prop is a rogue anti-virus uses false Scan and fake security alerts. Virus removal Toronto provides step by step how to remove it manually.

Large Corporate Computer Networks and USB Security

By: BestITPros | 21/11/2009
In todays world many companies have their own local Secured! computer networks. Most companies use the star network configuration for ease of use and lazy computer networks engineers. An avarage size company will have about 200+ computer stations in their local network attached in a star configuration to one server and this one server is usually attached to the internet to give all the users their gateway to heaven, or maybe not ?

An easy-to-use USB device logger and security tweaker

By: BestITPros | 21/11/2009
USB Drive Monitor is an easy-to-use application that allows you to log and secure your USB devices. USB Drive Monitor also features 4 pre-configured modes

USB Security and Access Control Solution

By: BestITPros | 21/11/2009
Why Restrict USB Drives from accessing your computer ? We use USB Drives everyday and are grateful for the service they provide, but on the downside, there are three reasons people should restrict or control USB Drive Access into their computers. 1. Virus Traffic 2. Personal Privacy 3. Data Theft

Get actionable outcomes with PowerCenter

By: John k | 21/11/2009
The data accessing needs to be faster for meeting the challenges with ease. If you have been looking for enhancing the operational efficiency with a unified basis for the data integration for your enterprise, PowerCenter is the solution. For more information visit at www.peakconsulting.eu

AntiVirus Firewall Software - Best AntiVirus & Firewall Software Revealed!

By: Brad Montagno | 21/11/2009
Looking for a superior antivirus firewall software? Well I'm going to show you where to get the best of the best!

Choosing the Right Antivirus Program

By: Hannah Miller | 20/11/2009
With the constant possibility of viruses and other malware affecting your computer, surfing the Internet can seem quite dangerous. So you want to stay safe while you’re online, but you’re not sure which program will do the job. If you are overwhelmed by the plethora of anti-virus programs and other “computer protection” programs, here are a few suggestions to help you decide what anti-virus program will work for you.

Computer Viruses and Spyware - Silent Killers and Thieves

By: Rob Ferrall | 20/11/2009
Not all computer viruses, or spyware, are easily visible on our PCs. Are you one of the unknowingly infected?

Enabling a safer internet

By: MFrizzi | 13/11/2009 | Security
The positive approach to web security a safer internet: the positive approach to web security One newly infected webpage is discovered every 4.5 seconds.

Free yourself to do more, while securing your business simply and cost-effectively

By: MFrizzi | 13/11/2009 | Security
In tough economic times, with tightened budgets and heightened competition, it’s vital for businesses to secure their systems and data against a growing field of threats. However, implementing and maintaining full-spectrum protection can be a heavy drain on financial and human resources if not done right. A more efficient approach to security means that resources – both human and physical – are freed up to improve and expand other areas. The end result is your business becomes more efficient, f

The enemy within: Stop students from bypassing your defenses

By: MFrizzi | 13/11/2009 | Security
Computer literate K-12 students regularly use anonymizing proxies to bypass their school’s web filters to access pornography, social networking, and other blocked websites. This is a major security flaw because most infected networks are first exposed via the web. Moreover, it has serious legal ramifications for schools that are not in compliance with state and federal laws. However, reputation and real-time detection can automatically identify and block anonymizing proxies. This white paper dis

Securing your mobile workforce: Extending security to mobile devices

By: MFrizzi | 11/11/2009 | Security
PDAs and smart phones are becoming standard business tools storing sensitive business information and enabling email on the move. This makes them vulnerable to attack from malware authors seeking out new ways to defraud users and steal confidential business data.

Spyware-free networks

By: MFrizzi | 11/11/2009 | Security
Three points of security against the threat of data theft

Phishing, vishing, phaxing and other identity threats

By: MFrizzi | 11/11/2009 | Security
The evolution of online fraud

Facebook: The privacy and productivity challenge

By: MFrizzi | 11/11/2009 | Security
Avoid identity theft when social networking on websites like Facebook, and learn how companies can block employees from visiting inappropriate websites. Facebook is an internet phenomenon, with a reported 100,000 new people joining the social networking website every day. But do you think carefully about your privacy settings, or do you reveal too much information about yourself to potential identity thieves? ID fraudsters can use confidential information to commit crimes against individuals an

Zero-day threats: Guarding against the unknown enemy

By: MFrizzi | 11/11/2009 | Security
The risk from viruses, spyware, Trojans and other malware is constantly changing. Systems are often more vulnerable than they need to be to attacks from new and unknown sources . By following a few simple guidelines, you can maximize your protection against zero-day threats.