Protecting your business, whether it is a start-up, long established or large enterprise, has become a very difficult task against the latest web threats.
The importance of protecting both yours and your customers information has never been more important.
There are huge implications as a result of external web attacks, internet abuse and internal data breaches. Organisations have placed Internet security high up on the business agenda – So what are the important facts about your network security? Here are some our top tips for keeping your business network safe.
5 Tips to help keep your Network Secure
1. Null route your address space
Sounds odd – but this is actually one of the better ways to protect your network against network worms and network scans. Especially if you are using a private address space inside your network, it’s a good idea to null route the bigger prefix ( ie. 10.0.0.0 / 8) somewhere in your core.
Apart from the predictability this will hold for traffic in your network (You will always know where the unused traffic goes). You can always redistribute the traffic from the static route into your IGP, and in the event that an interface or network segment goes down, your traffic does not leave via your Firewall for the internet, but instead gets dropped inside your network. Safe as.
If you want to up the ante – instead of null routing the bigger netblock, route it to a Sniffer or Probe which can alert you if unwanted traffic patterns change, and you get an early heads up around network scans, or odd network traffic.
2. Configure perimeter security – block tftp and other unused services
Block outbound tftp traffic and unwanted services from your network using infrastructure access-lists at the edge.
There are many remote exploits available for routers, switches, and other network gear. If these devices have public IP addresses, and are reachable from the internet, apply access-lists or firewalling techniques on the perimeter to stop and block any unwanted traffic leaving your network at the edge.
If you do not require remote support to your network devices from outside your network, it is also a good practice to allocate netblocks specifically just for your P2P and Loopback interfaces, and block access to these ranges on your infrastructure access-lists. In the event that you do require remote support, you can open holes for specific source IP addresses.
3. Set your clock – use NTP
Configure NTP on your network devices, and set a common timezone across your devices. In the event that an interface flap, or an outage occurs, you will want to put a date and time against the event, and you cannot do that if the clock on your devices are incorrect.
Also take care not to enable an NTP daemon on your network devices while doing this – NTP uses UDP and your network devices can be abused in an NTP amplification DDoS attack if it responds to NTP requests from remote hosts.
4. Configure logging and SNMP traps
Configure your network devices to send syslog messages to a remote syslog server, and also send traps to an SNMP trap collector. Generally once a device reboots, the logs stored locally on the device is gone. Most devices also only have limited syslog buffer which ages out.
Configure your SNMP trap server to react to events, (ie send e-mails or an sms) when unwanted events occur, like a BGP session flap, a core interface goes down, or something critical happens inside your network, and you need to alert your NOC/3rd Party Network Support company to the event.
5. If you don’t use it, switch it off
If your network device is remotely managed with ssh, turn off each and every other service for remote management that the device has to offer. Cisco routers and switches have been remotely exploited for quite some time on port 80 and 443. If at all possible – switch this service off, or block access to your network devices on these ports. Also lock down your ssh (or other remote management interfaces) to specific sources which are trusted to your organization.
We design, build and support complex network infrastructures that deliver the security, scalability and availability that your organisation and users demand. Working as part of your team, supplementing their skills or leading them to achieve exceptional results.
Contact us or give us a call on 0207 871 1476.