Network Hardening

Only available on StudyMode
  • Topic: Transport Layer Security, Certificate authority, Public key infrastructure
  • Pages : 7 (2847 words )
  • Download(s) : 434
  • Published : May 8, 2013
Open Document
Text Preview
There is nothing more important in any business than securing your network topology from hardware, design and software. This plan is called network hardening and this plan needs to be incredibly detailed with how the network will be secured in each area. The first step to the network hardening plan resides in how you will build the network and then from there how you will secure each section of the network. This paper will discuss access control measures, encryption, PKI, certificates, OS hardening, application hardening, transmission, remote access protection protocols, wireless security, anti-virus software as well as spyware, and email security.

One of the first steps in securing a network is setting the access control measures to various network resources. Access control is fundamental to securing the network as it is the first line of defense for all internal network access. This starts with a simple username that is used to identify a person who can access the network. The username is where all permissions to the network reside. The best way to control access is through an active directory structure that a system administrator will define rules for network access. Active directory is a program that is installed on a server that holds all usernames, passwords, permissions, and network access to the entire network. Here you can even set up an audit of what is happening on the server or different applications that are being run on the network. This is the first place any system administrator needs to have the most security is the active directory server(s). The reason behind this is that the active directory holds all permissions for various users and there must not be a backdoor for any hacker to get through to the active directory server. Otherwise the hacker will be able to destroy the network from the inside. Another access control is the password a user must put in as another step of authentication to gain access to the network. The system administrator can use active directory to make a user change their password monthly or certain amount of time and to make sure that the user uses different passwords each time. Another strong method is making the user make a password that is at least six characters long with one capital letter, number and unique character. Most networks stop at this type of authentication of just using the username and password to control all permissions granted within the network. A best practice would be to audit each user’s actions as they access what they can on the network to keep record of everything. There are also various access control models that can be implemented within a network and the choice is up to the IT team to implement the model that they believe is best. I think that for a small to medium size business the best method would be the Rule based Access Control or RBAC. This model will dynamically assign roles to users based on a set of rules defined by the system admin of which is used for managing user access to one or more systems on the network (Ciampa, 2012). Another way to harden the network is to give each use the least amount of access they need to the network to efficiently do their job. This method ensures that each user can work but at the same time are limited in their scope. The most effective way to manage least amount of access and method of control is group policy in active directory. Group policies are an effective way to manage all user’s permissions as all a system administrator needs too is give the user access to the group(s) needed. After the user is assigned to a group they can access whatever their group permissions are set to. This is the most effective group policy to give instead of individually assigning permission to each user as that could change constantly. The best way to give permissions is to set up different groups for each type of permissions to give. Another way to secure the network is to setup login times for each user with time of day...
tracking img