10 Safety tips for network administrators

Define appropriate permissions for users to complete related tasks

Users with administrator privileges also have the ability to perform disruptive activities such as:

• Accidental changes to the system, resulting in a reduction in the overall level of network security.

• Be deceived into running malware, the latter will take advantage of the user's administrative authority to achieve its ulterior purpose.

• Allows the login to stop leaking, causing a third party to log in and perform sabotage activities.

To enhance security, make sure that your users have the right permissions to perform their tasks and limit the number of users who have an administrator username and password to a minimum.

Download files from a trusted site only

Many files can be downloaded from multiple locations on the internet, but not all locations are equivalent. There are some sites that are more secure than other sites. You need to ensure that your users can only download from trusted sites, which are often other major source sites, not just common sites for file sharing. such as I like the Sky Software station and so on. Also consider who needs to download files and applications from the Web site: Consider restricting this permission to only those trusted users who require the download of the file, and to ensure that the selected users are trained to know how to download the files securely.

Perform audits of network shares

A large number of malicious code can be transmitted over the network. This is usually due to the fact that there are few or no security measures in the network that are lacking in network sharing. You need to eliminate unnecessary sharing and secure other shares, to prevent network shares from being used by malicious code as a tool for its propagation.

Controlling Network Connections

When your computer is connected to a network, they use the security settings for this network during a specific session. If the network is external or not controlled by an administrator, its security settings may be inadequate and put the computer at risk. You need to limit the user's connection to an unregistered domain or network, and in most cases, most users need only connect to the company's primary network.

Change the default IP address range for a network

Computer networks often use standard IP ranges, such as 10.1.x.x or 192.168.x.x. This standardization means the fact that a computer that is configured to look up this range in fog may accidentally connect to a network that is not under your control. By changing the default IP address range, the computer is less likely to find a similar range. You can also add firewall rules, such as adding a precautionary measure that only allows authorized users to connect.

Frequently audit open ports on the network and block unused ports

The port is like a window in a house. If you open some ports for a long time but do not audit them, you will increase the right to allow hackers or unauthorized users to enter the system. If the ports are open, they can be exploited by Trojans and worms to communicate with unauthorized third parties (mostly malicious). Therefore, you must ensure that all ports are regularly audited, and that all unused ports should be blocked.

Periodically audit the entry point of the network

Your network may be constantly changing size and increasing access points, so periodically check all the ways into your organization's network. Be sure to be careful of all entry points. You should consider how best to secure all avenues, prevent illegal files and applications from entering, and prevent the disclosure of information that is not detected or sensitive.

Consider placing enterprise-critical business systems on different networks

They can significantly delay the business process when critical systems are affected by the enterprise. To protect the business process, consider placing it on a different network than the network used for daily activities.

Test new software on a virtual network before deployment

While most software developers test their software as much as possible, their software is unlikely to have the underlying characteristics and configuration of your network. To ensure that a new installation or update does not cause any problems, you might want to test it in a virtual network system and check its efficiency before deploying to a real network.

Disable unused USB ports

Many devices are automatically detected and mounted as a drive when connected to a USB port. The USB port also allows the device to automatically run all software connected to it. Most users are not aware that even the safest and most trusted devices are likely to introduce malware into the network. To prevent dangerous events from occurring, disabling all unused ports is a safer measure.