Back to Networking
Network Security Best Practices
Defense in depth strategies
Perimeter Security
Firewall Rules
- * Default deny: Block all traffic, allow explicitly
- * Least privilege: Only open required ports
- * Geo-blocking: Block countries you don't do business with
- * Rate limiting: Prevent brute force and DDoS
- * Application filtering: Inspect Layer 7 traffic
DMZ Design
- * Place public-facing servers in DMZ
- * Separate DMZ from internal network
- * No direct DMZ-to-internal traffic
- * Use jump hosts for administration
Access Control
Network Access Control (NAC)
- * 802.1X: Authenticate devices before network access
- * MAC filtering: Supplementary control (not sole security)
- * Guest networks: Isolated VLAN for visitors
- * Device profiling: Identify and categorize endpoints
Segmentation
- * Separate by function (servers, users, IoT, guests)
- * Separate by sensitivity (PCI, HIPAA, general)
- * Micro-segmentation for critical assets
- * Use ACLs between segments
Monitoring & Detection
Essential Monitoring
- * NetFlow/sFlow: Traffic analysis and baselines
- * IDS/IPS: Signature and anomaly detection
- * SIEM: Centralized log correlation
- * DNS logging: Detect C2 and exfiltration
Key Alerts
- * Failed authentication attempts
- * Port scanning activity
- * Unusual traffic volumes
- * New devices on network
- * Configuration changes
Common Vulnerabilities to Address
| Vulnerability | Mitigation |
|---|---|
| Default credentials | Change immediately, use password manager |
| Unencrypted management | SSH only, disable Telnet/HTTP |
| VLAN hopping | Explicit trunk configs, native VLAN to unused |
| ARP spoofing | Dynamic ARP Inspection (DAI) |
| DHCP attacks | DHCP snooping |
| Rogue devices | Port security, 802.1X |
Quick Security Checklist
- ✓Change all default passwords
- ✓Disable unused ports and services
- ✓Enable logging to central SIEM
- ✓Implement network segmentation
- ✓Keep firmware/software updated
- ✓Use encrypted management (SSH, HTTPS)
- ✓Document network topology
- ✓Regular security assessments