Define appropriate user permissions for different tasks
Users with access privileges administrator can perform activities that could be harmful, What:
- Inadvertently, they can make changes that lower the overall level of network security., modifying the level of privacy of a browser, including exceptions in the firewall or opening inappropriate ports, are an example of this type of modification that can have dire consequences for our network and the computers that are connected to it.
- You can be tricked into executing malicious programs that would adopt the user’s administrator privileges and thereby lose critical information or cause a decrease in resources for the system.
- Accept malicious connections that lead to theft of access data, which would allow third parties to log in and take dangerous actions.
To increase security, ensure that each user has the appropriate level of privilege for the tasks they must perform within the network, and minimize the number of users with administrator names and passwords. As well as denying any action on the days when said people should not be active within the network.
Download files from trusted sites
Many files can be downloaded from numerous Internet locations, but not all locations are likely to be well-intentioned. Some are safer than others and some are not at all. Make sure content is only downloaded from trusted sites, which are typically manufacturer or company-owned websites and not file-sharing, generic, or third-party websites. Also consider who needs to download files and applications from websites, consider limiting download permissions to trusted users who need to download files as part of their job and make sure they know how to do it safely, as well as completely deny permission to perform them. Do not allow the installation on the computer of any downloaded program.
Audit network shares
Many malicious programs spread across local networks with typical network shares. Typically, this is because security for network shares is minimal or non-existent. Eliminate unnecessary shares and protect others and connections to limit the spread of network malware. Do not share all the units with all the users, only give access to the units strictly necessary for each one of them.
Monitor network connections
When computers connect to networks, they can adopt the security options of that network during that specific session. If the network is external or is outside of administrator’s control, security options may be insufficient, thus putting computers within the network at risk. Consider preventing users from connecting the computer to unauthorized domains or networks, in most cases, many users only need to connect to the main company network. Deny access to external networks when they are not needed for anything within the user’s activity.
Modify the default IP address range
Networks often use ranges of IP addresses standard, such as 10.1.xx or 192.168.xx This standard means that computers or devices configured to search this range may accidentally connect to a network that is beyond our control. By changing the default IP range, computers are less likely to find similar ranges and connect to computers belonging to them, even if accidentally. You can also add firewall rules as an extra precaution, allowing only approved users to connect.
Control open ports and block unused
The ports are like any access to our house, whether they are doors or windows. If we leave them open for a long time without controlling them the least, increase the chances of uninvited intruders entering it. If ports are left open, they can be used by Trojans and worms and other malicious software to communicate with unauthorized third parties. Make sure all ports are checked frequently and unused ports are blocked without exception.
Periodically control the access points to our network
Networks are continually changing in shape and size, so it is important to monitor all routes that lead to our network on a regular basis. We have to keep in mind that all the entry points are the same. We will consider how to best secure paths to prevent unsolicited files and applications from being entered undetected, or from leaking confidential information that could lead to the loss of critical information.
Place systems with critical information on different networks
When the most important systems in our network are affected, can slow down other processes within the network significantly. To better protect them, it is convenient that the most important systems for us or those with the most critical information, are located on a different network from the network used for day-to-day activities.
Test new programs on a virtual network
Although most software developers perform all the necessary tests to ensure the complete security of their programs, it is unlikely that they will have the same settings and options that we have for our network. To ensure that new installations or updates do not cause problems, we will test them in virtual sites outside of any network to verify their effects before using them in the real network.
Disable the USB ports that we are not using
Practically all devices when connected to a USB port, will be automatically detected and considered as removable disks or another type of device. USB ports can also allow devices to automatically run any software within them as soon as they are connected to those ports. Most users are unaware that even the most secure and trusted devices can introduce malicious programs onto the network without displaying any kind of alert. To avoid any problems, it is much safer to disable all ports that are not used and thus avoid these problems.
If we follow these tips we will keep our network safe, they are security measures that seem obvious and that is why there are times that we ignore them, a routine review of these points can avoid unpleasant surprises and greater evils.