34,333
edits
Changes
→Network Hardening
== Network Hardening ==
Network hardening can be achieved using a number of different techniques:
* '''Updating Software and Hardware''' - An important part of network hardening involves an ongoing process of ensuring that all networking software together with the firmware in routers are updated with the latest vendor supplied patches and fixes.
* '''Password Protection''' - Most routers and wireless access points provide a remote management interface which can be accessed over the network. It is essential that such devices are protected with strong passwords.
* '''Unnecessary Protocols and Services''' - All unnecessary protocols and services must be disabled and, ideally, removed from any hosts on the network. For example, in a pure TCP/IP network environment it makes no sense to have AppleTalk protocols installed on any systems.
* '''Ports''' - A hardened network should have any unneeded ports blocked by a firewall and associated services disabled on any hosts within the network. For example, a network in which none of the hosts acts as a web server does not need to allow traffic for port 80 to pass through the firewall.
* '''Wireless Security''' - Wireless networks must be configured to highest available security level. For older access points WEP security should be configured with 128-bit keys. Newer routers should implement WPA security measures.
* '''Restricted Network Access''' - A variety of steps should be taken to prevent unauthorized access to internal networks. The first line of defense should involve a firewall between the network and the internet. Other options include the use of Network Address Translation (NAT) and access control lists (ACLs). Authorized remote access should be enabled through the use of secure tunnels and virtual private networks.
== Application Hardening ==
