Building A Secure Network

The following are some tips to build a secure network:

1. Plan for network security: address all security requirements and issues in selecting network and server and deployment including the management policy, technical training and outsourcing requirements and address security.
   

2. Design physical and environmental security: e.g. put critical assets such as network communication lines, servers, switches, firewalls and file servers in server room or a secured area.
   

3. Use private IP addressing scheme for internal networks: to prevent internal network from access by external network.
   

4. Design network security model by zoning i.e. segregation of network according to security requirements, e.g. the office network is totally isolated from the Internet, or the company servers and computers are located behind the firewall, or set up a demilitarised zone (DMZ) network. Unsecured or unmanaged systems should not be allowed to make connection to internal network.
   

5. Configure firewalls and network routers: harden the firewall and router by limiting the administrative access to specified locations, closing unnecessary network services for incoming and outgoing traffic or using encrypted communication channel for administration.
   

6. Configure servers: e.g. secure the server operating system by uninstalling unnecessary services and software, patch the system timely and disable unused accounts.
   

7. Secure the application: by means of installing security patch, hardening the configuration of the applications or running the application with a least privilege account.
   

8. Filter virus and malicious code: anti-virus software with up-to-date signature should be installed in desktop and network servers to prevent the spread of virus / worm.
   

9. Manage accounts and access privileges: e.g. access rights should be granted on an as-needed basis and should be reviewed regularly.
   

10. Log security events and review regularly: Logging and auditing functions should be provided to record network connection, especially for unauthorised access attempt. The log should be reviewed regularly.
    

11. Develop a standard building of secure desktop: design a secured workstation configuration as the standard build of the company and make image backup of the build and replicate to the company desktops.
    

12. Develop backup and recovery strategies.
    

13. Develop security management procedure: e.g. security log monitoring procedure, change management procedure or patch management procedure.
    

14. Maintain good documentation of configuration and procedure.
    

15. Train the staff: training should be given to network/security administrator and supporting staff as well as users to ensure that they follow the security best practice and follow security policies.