Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

State your helpful network security tips here

Status
Not open for further replies.
lullysing

lullysing

ISP
Sep 29, 2003
204
0
0
US
(I'll start)

Well, i have found that the most important tools is not the shiniest device or the most powerful servers, but simply in using the amazing planning power of the pen and paper.

Pen and paper, especially in the early stages of planning and development of networks, will save headaches and a lot of hotfixes. Planning ahead,determining network topology, allowed services and such will save you time and effort, and save you from encroaching "scope creep". with your plan already laid out, getting to work will be easier as things will have mostly been organised in advance.



_____________________________
when someone asks for your username and password, and much *clickely clickely* is happening in the background, know enough that you should be worried.
 
Make user education a priority. Most security lapses are the result of poor security habits or a lack of understanding among users. It does no good to have a 12 character mixed alphanumeric password if the user writes it on the front of the monitor housing (true story).

Exploitation of careless users will beat 128bit DES encryption every time.

Mac :)

"There are only 10 kinds of people in this world... those who understand binary and those who don't"

langley_mckelvy@cd4.co.harris.tx.us
 
If you are on a Novell system, reserve Administrator equivalent logins for when they are required - as you can then easily see if you can access folders/files on the server that have rights set incorrectly through Windows Explorer (eg if Everyone group has rights to a person's home directory).

John
 
Avoid noting down the passwords. Your brain, like a fartile garden have much more capacity than you can plant.

 
I agree 100% about training the end user. Nothing worse then an end user with floppies from home :)

Revisit your network shares, privledges, rights, etc....
I recently had a virus sneak into the network, via someone using hotmail to grab an infected attachment. Once in the system, the virus had a field day. Touching this, corrupting that. It was mutating quicker than the antivirus scanners could find it.

By disabling all users accounts, the virus stopped immediately. A virus can "usually" only map drives or see what the user (it came in on) can see. It can only go where the user can go.

This allowed me to scan/deleted all instances of the virus. Then, enable all user's accounts once again.

I personally will be redesigning our networked drives, mappings and security settings across the board. Hopefully, I will be able to contain a virus to a specific dept., drive or only a few folders on the network if this should ever happen again. But the disable all accounts (Novell Netware 6.x) worked in a pinch.

 
Baseline, Network drawings, and Documentation...and keep them updated...

Check the baselines periodically.
Keep the drawings and documentation up to date.



Blue [dragon]

If I wasn't Blue, I would just be a Dragon...
 
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Network discovery EDR/EPP
Replies
0
Views
168
DrB0b
DrB0b
nate901
  • Locked
  • Question
(1) Cell phone app security and (2) Shared-site login security
Replies
1
Views
57
Noway2
Noway2
p3achy2Grl
  • Locked
  • Question
Charging Clients to complete their security questionnaires
Replies
1
Views
42
johnherman
johnherman
rider90
  • Locked
  • Question
ASP.NET Forms Authentication - Security implications
Replies
0
Views
40
rider90
rider90
bigjerzee616
  • Locked
  • Question
slow network
Replies
1
Views
35
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top