Computers communicate using networks. A secure networking environment is crucial to overall security. To start securing your network calls for some best practices. These practices will provide a good set of guidelines for ensuring your network stays secure:

• Identify sensitive data.

• Protect sensitive data at rest using encryption.

• Establish unique domain user accounts for each user.

• Enforce strong passwords for all user accounts.

• Create new user accounts with limited rights and permission for services:

  • Do not allow any services to run as a domain admin user.

• Use Kerberos for secure authentication.

• Install firewalls to create a demilitarized zone (DMZ):

  • Place all Internet-facing servers in the DMZ, such as web servers and other publicly accessible servers.

  • Use encrypted communication for all traffic flowing between the DMZ and the trusted network.

• Use encryption for all communication involving sensitive data.

• Establish firewall rules:

  • Deny all suspicious traffic.

  • Allow only approved traffic for servers.

  • Filter inbound and outbound traffic for servers and workstations for malicious messages.

  • If your firewall supports it, automatically terminate connections with sources generating denial of service (DoS) traffic to mitigate DoS attacks in process.

• Install anti-malware software on all computers and establish frequent update schedules and scans:

  • Update software and signature databases daily.

  • Perform quick scans daily.

  • Perform complete scans at least weekly.

• Use WPA, WPA2, or WPA3 for all secure wireless networks.

• Disable SSID broadcast for secure wireless networks.

• Disable Wi-Fi Protected Setup (WPS).

• Do not enable wireless or mobile broadband cards while connected to your organization’s internal network. Always disable your wireless adapter before connecting a laptop to the wired network.

• Do not allow visitors to roam around your facilities that use wireless local area network (LANs). Many access points can be physically reset to insecure factory default settings by pressing a reset switch on the box.

• Avoid connecting to public networks. When you connect to an open wireless network, don’t expect privacy or security.

• If you have to use an open wireless connection, don’t visit websites that require usernames, passwords, or account numbers, such as online banking. Use an encrypted connection or a VPN.

• Install a separate wireless access point connected only to the Internet for guests.

• Disable or uninstall any services that you don’t need.