Security for our network
What are some basic steps I could take to ensure our network is secure from outside intrusion? We have a SonicWall and Sophos Anti virus, but what other things can I do to make our network less apt to be attacked? What holes can I test and plug?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There is so much to do, as Blue Street Tech pointed out.
You can scan your network from the outside in. At the very least, run nmap from some other location against the IP space on your firewall and make sure that you only see services that you are inspecting. Taking that up a level is to have external vulnerability scans from a company like Tenable or Qualys to test the firewall and devices behind it for known vulnerabilities.
You should make sure all your workstations and servers are patched on a regular basis. These days, that might mean weekly.
Train your users to spot phishing and malicious email.
Your firewall should only allow specific traffic outbound. For me that is web browsing, web browsing over TLS, and DNS from servers only, and NTP from servers only. Email servers also have access. Everything else is blocked by default. I also block most countries by default both inbound and outbound.
You can scan your network from the outside in. At the very least, run nmap from some other location against the IP space on your firewall and make sure that you only see services that you are inspecting. Taking that up a level is to have external vulnerability scans from a company like Tenable or Qualys to test the firewall and devices behind it for known vulnerabilities.
You should make sure all your workstations and servers are patched on a regular basis. These days, that might mean weekly.
Train your users to spot phishing and malicious email.
Your firewall should only allow specific traffic outbound. For me that is web browsing, web browsing over TLS, and DNS from servers only, and NTP from servers only. Email servers also have access. Everything else is blocked by default. I also block most countries by default both inbound and outbound.
A firewall is only once piece of security.
Spam control and training users (as suggested at the beginning) is the best security defense.
Spam control and training users (as suggested at the beginning) is the best security defense.
There was far more than one single solution to this big topic.
Glad I could help... thanks for the points!
Make sure your have the best spam control and train users not to open emails from strangers.
Finally have daily backups and keep weekly backups offsite