We sometimes focus more on the wireless side of the network when it comes to security because Wi-Fi has no physical fences. After all, a war-driver can detect your SSID and launch an attack while sitting out in the parking lot.
But in a world of insider threats, targeted attacks from outside, as well as hackers who use social engineering to gain physical access to corporate networks, the security of the wired portion of the network should also be top of mind.
[ It's time to rethink security. Two former CIOs show you how to rethink your security strategy for today's world. Bonus: Available in PDF and e-book versions. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
So, here are some basic security precautions you can take for the wired side of the network, whether you're a small business or a large enterprise.
1. Perform auditing and mapping
If you haven't recently, you should do some auditing and mapping of your network. Always have a clear understanding of the entire network's infrastructure, for instance the vendor/model, location, and basic configuration of firewalls, routers, switches, Ethernet cabling and ports, and wireless access points. Plus know exactly what servers, computers, printers, and any other devices are connected, where they are connected, and their connectivity path throughout the network.
During your auditing and mapping you might find specific security vulnerabilities or ways in which you could increase security, performance and reliability. Maybe you'll run across an incorrectly configured firewall or maybe physical security threats.
If you're working with a small network with just a few network components and a dozen or less workstations you might just manually perform the audit and create a visual map on a sheet of a paper. For larger networks you might find auditing and mapping programs useful. They can scan the network and start to produce a network map or diagram.
2. Keep the network up-to-date
Once you have a basic network audit and map complete, consider diving deeper. Check for firmware or software updates on all network infrastructure components. Login to the components to ensure default passwords have been changed, review the settings for any insecure configuration, and look into any other security features or functionality you currently aren't using.
[ ALSO ON NETWORK WORLD 8 free Wi-Fi security tools ]
Next take a look at all the computers and devices connected to the network. Ensure the basics are taken care of, such as OS and driver updates, personal firewall are active, the antivirus is running and updated, and passwords are set.
3. Physically secure the network
Although often overlooked or minimized, the physical security of the network can be just as crucial as say your Internet facing firewall. Just as you need to protect against hackers, bots and viruses, you need to protect against local threats, too.
Without strong physical security of your building and network, a nearby hacker or even an employee could take advantage of it. For instance, maybe they plug a wireless router into an open Ethernet port, giving them and anyone else nearby wireless access to your network. But if that Ethernet port wasn't visible or at least disconnected, then that wouldn't have happened.