Network administrators need to pay attention to ten security skills

Based on my work experience, the author provides some suggestions for enterprise network administrators to protect their network security and help them defend against network intrusion, malware, and spam.

Define the appropriate permissions for the user to complete related tasks
Users with administrator permissions can also execute activities that disrupt the system. For example:
· Accidental changes to the system reduce the overall level of network security.
· If you are cheated and run malware, the latter will use the user's management permissions to achieve their ulterior motives.
· Causes information leakage during logon, which allows a third party to log on and perform damage activities.

To enhance security, make sure that your users have the appropriate permissions to complete the task, and limit the number of users with the administrator user name and password to the minimum.

Download files from trusted sites only
Many files can be downloaded from multiple locations on the Internet, but not all locations are the same. Some sites are more secure than other sites. You need to ensure that your users can only download from trusted sites. These sites are usually the main source sites in other aspects, not just common sites for file sharing. For example, I like the sky software station. Users who need to download files and applications from the web site should also be considered: to restrict such licenses, only trusted users who need to download files must be allowed, it is also necessary to ensure that these selected users are trained to learn how to download files safely.

Review Network Sharing
A large amount of malicious code can be spread over the Internet. This is usually because there are few or no security measures for network sharing. You need to clear unnecessary sharing and ensure the security of other sharing, and prevent network sharing from being exploited by malicious code as a tool to spread it.

Control Network Connections
When a computer is connected to a network, they must use the security settings of this network during a specific session. If the network is an external network or is not controlled by the Administrator, its security settings may be inadequate and the computer may be put at risk. You need to restrict users from connecting to unauthenticated domains or networks. In most cases, most users only need to connect to the company's main network.

Change the default IP address range of the network.
Standard IP ranges are often used in computer networks, such as 10.1.x.x or 192.168.x.x. This kind of standardization means the fact that computers with configurations that are confused about this range may accidentally connect to a network that is not under your control. By changing the default IP address range, the computer is unlikely to find a similar range. You can also add firewall rules. For example, you can add a precaution to allow only authorized users to connect.

Frequently review open ports on the network and block unused ports
The port is like a window in a house. If you open some ports for a long time but do not review them, you will be given the right to allow hackers or unauthorized users to access the system. If ports are open, they can be used by Trojans and worms to communicate with unauthorized third parties (mostly malicious. Therefore, you must ensure that all ports are regularly reviewed and all unused ports are blocked.

Regularly review network entry points
Your network may constantly change the size and increase the entry point. Therefore, you can regularly check all the ways to access the network in your organization. Be careful with all the entry points. You should consider how to fully protect the security of all channels, prevent illegal files and applications from entering, and prevent undetected or sensitive information from being leaked.

Consider placing key business systems of enterprises on different networks
When key systems of an enterprise are affected, they can greatly delay the business process. To protect the business process, you can consider placing it on a network different from that used in daily activities.

Test new software on a virtual network before deployment
Although most software developers test their software as much as possible, their software is unlikely to have the fundamental features and configurations of your network. To ensure that a new installation or update will not cause any problems, you 'd better test it in a virtual network system and check its efficiency before deploying it to a real network.

Disable unused USB ports
Many devices are automatically detected and loaded as a drive when connected to a USB port. The USB port also allows the device to automatically run all software connected to it. Most users do not know that even the safest and most trusted devices may introduce malware into the network. To prevent dangerous events, it is safer to disable all unused ports.