The ITS Network Security Strategy You Wish You Knew Sooner

By Mike Paul, Fiber Network Division Manager

When it comes to network security, you need to do more than just scrape the surface. Defense in Depth, sometimes also called onion layer security, is a strategy used and recommended by network professionals, myself included. This strategy emphasizes a multi-tiered/layered approach to better secure your network.

There are three levels of security, each with their own layers of protection, highlighted in this strategy: physical security, network security, and security policies. Within each level are recommended security layers with the ideal being to have each protocol on the list met. To make it easy, we created this handy security checklist so you can maximize your network’s security.

Lock on a server cabinet door

Level 1: Physical Security

  1. Locks on every cabinet
  2. Different keys for each cabinet
  3. Detailed inventory of key holders and key locations
  4. Fiber, power, ethernet cables should not be able to be disconnected

Login screen requesting username and passwordLevel 2: Network Security

  1. Centralized user authentication (e.g., TACACS, LDAP)
  2. All unused ports disabled
  3. Firewall protection
  4. Changing default passwords and account names
  5. Secure Shell (SSH) instead of Telnet
  6. Simple Network Management Protocol (SNMP) V3
  7. SNMP traps to identify a breach
  8. Network Management System (NMS) for network visibility (MAC address filtering, port profiling for data type)
  9. SSL encryption
  10. Firmware/OS updates
  11. Hardware updates
  12. End-point security
  13. Principle of Least Privilege (POLP)
  14. Whitelist (default deny)
  15. Layers 2-7 inspection

Cybersecurity lock illustration over someone typing at a keyboardLevel 3: Security Policies

  1. Standardization
  2. Change management
  3. Acceptable use policies
  4. Risk assessment
  5. Personnel training
  6. Proper Approvals
  7. Periodic Audits

Although there are several requirements involved in this strategy, each one works as a speed bump to slow down, or eventually stop, hackers from getting into your systems. The more you have in place, the better off your network is.