By Mike Paul, Fiber Network Division Manager
When it comes to network security, you need to do more than just scrape the surface. Defense in Depth, sometimes also called onion layer security, is a strategy used and recommended by network professionals, myself included. This strategy emphasizes a multi-tiered/layered approach to better secure your network.
There are three levels of security, each with their own layers of protection, highlighted in this strategy: physical security, network security, and security policies. Within each level are recommended security layers with the ideal being to have each protocol on the list met. To make it easy, we created this handy security checklist so you can maximize your network’s security.
Level 1: Physical Security
- Locks on every cabinet
- Different keys for each cabinet
- Detailed inventory of key holders and key locations
- Fiber, power, ethernet cables should not be able to be disconnected
Level 2: Network Security
- Centralized user authentication (e.g., TACACS, LDAP)
- All unused ports disabled
- Firewall protection
- Changing default passwords and account names
- Secure Shell (SSH) instead of Telnet
- Simple Network Management Protocol (SNMP) V3
- SNMP traps to identify a breach
- Network Management System (NMS) for network visibility (MAC address filtering, port profiling for data type)
- SSL encryption
- Firmware/OS updates
- Hardware updates
- End-point security
- Principle of Least Privilege (POLP)
- Whitelist (default deny)
- Layers 2-7 inspection
Level 3: Security Policies
- Standardization
- Change management
- Acceptable use policies
- Risk assessment
- Personnel training
- Proper Approvals
- Periodic Audits
Although there are several requirements involved in this strategy, each one works as a speed bump to slow down, or eventually stop, hackers from getting into your systems. The more you have in place, the better off your network is.
