Use these measures to increase system security

Measures to increase system security not only reduce the possibility of your system being hacked but, should a hacker gain access despite your best efforts, limit the amount of damage he or she can do.

In-depth measures to increase system security – like the measures we will be discussing in this article – prevent hackers who have penetrated your firewall from running amok throughout your network and compromising device after device.

The border device is the first line of defense

The first of the measures to increase system security you should implement concerns your border device. This will either be a router or a firewall, and you can use access lists to block unwanted inbound traffic.

Depending on your network design, find out if your network should be getting routing updates from Interior Gateway Routing Protocols such as OSPF, RIP and EIGRP.

You should also conduct routing updates on MPLS and BGP protocols – being in mind that if you do not need these protocols you should disable them, as routing updates can consume a load of bandwidth.

Block all requests that might originate from a private network. These would naturally include 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8, but don´t forget about:

Measures-to-Increase-System-Security-1

One of the best measures to increase system security is a DMZ. DMZs add an additional layer of security to a local area network (LAN) and can be used to create a “border within a border”. You can install a firewall between devices that exchange data with the outside world (web servers, mail servers etc.) and protect the rest of your network behind a DMZ to prevent attacks from hackers, malware, viruses and Trojans.

The advantage of firewalls is that most traffic to the rest of your network is blocked by default. They are relatively easy to install and, although inconvenient for administrators that like to ping to check connectivity, are great for security. On the other hand, servers, routers, and switches tend to require a significant amount of configuration to toughen up your defenses.

One thing you can do to reduce the amount of work required is take advantage of any automated measures to increase system security provided by the manufacturer. These can restrict access from private and public IP addresses, shut down interfaces that are not required and disable unneeded services.

Special consideration should be paid to authentication servers and IPS/IDS devices. Depending on your organization´s preferences for service availability and security, these can either be set to “fail-open” – in which case all traffic is permitted if the device fails – or “fail-close” where, if the device fails, all connectivity is broken.

A special word about router security

Although routers come with built-in IPS/IDS modules and firewall software, the access list (ACL) is one of the most powerful tools at your disposal to enhance your network security. ACLs allow you to configure individual interfaces according to your specific traffic and data needs. Here are just a few of the measures to increase system security you can take using ACLs:

Measures-to-Increase-System-Security-2

Switch and port security

Some switches and servers offer private VLANs that limit traffic between devices even more. Whenever possible they should be used to create different networks for management and data traffic. However, make sure your switch ports are configured with STP extensions to support BPDU guard. This allows authorized users to attach home routers and switches to the network.

Effective port security protects against eavesdropping and similar attacks. If your organization requires a high security environment, it is possible to configure a port to only accept MAC address connections. The issue with this level of security is that it restricts BYOD policies and makes hardware upgrades and office moves significantly more complicated.

In-depth measures provide higher security levels

The above measures to increase system security go deep into the heart of your system to deliver defense in depth. It is important to go beyond border security to ensure the integrity of your network and many of these measures can be changed as necessary as technology and organizational requirements evolve.