Excellent network security is not possible overnight. If your corporate culture tends to be informal, it's basically luck to achieve a good network security. To obtain the best enterprise safety, we must undergo unremitting efforts, as well as strong determination. Each company needs a security policy. Don't wait for the invasion, to think about making this strategy;
Secure your network
1. Firewall essential
Surprisingly, many organizations (most typically universities) are now running public networks without firewall protection. Let's just ignore the argument that the "hardware firewall is good or the software firewall is good", no matter what kind of firewall is used, it is better than no firewall. The point here is that everyone connected to the Internet needs to take certain steps at their network entrance to block and discard malicious network traffic. When you read this article, you already have a corporate firewall. However, don't forget your remote office staff and mobile users. At the very least, each of them should be equipped with a personal firewall. While Windows XP SP2 's own firewall is barely available, there are a number of products to choose from in order to meet your special needs. The main thing is to use them.
Secure your network
2. Update desktop antivirus system at any time
Interestingly, in 1999 we encouraged users to "weekly" Check for antivirus updates. Today, automatic signature updates are provided by each vendor. As long as you are connected to the Internet, they can be downloaded to your machine within hours of the discovery of a new security threat. But the basic truth is the same: good security requires you to have anti-virus features on every desktop and keep it updated. Although building antivirus mechanisms in a gateway to a network can solve a subset of the problems, but in the entire antivirus front, you can only see the gateway antivirus as an additional line of defense, but not as a desktop anti-virus alternatives (such as the use of rising anti-virus software, 360 anti-virus software, etc.).
Secure your network
3. Strengthen Your server
Hardening involves two simple practices: when you buy business software, delete everything you don't need, or disable it if you can't delete it. Typical objects that can be removed by hardening include sample files, demo using wizards, prepaid bundled software, and advanced features that are not intended to be used in the foreseeable future. The more complex the installation, the more likely it is to leave a security risk, so streamline your installation to a level that can no longer be streamlined. In addition, devices and software are typically configured with default username/password access, guest (guest) and anonymous accounts, and default sharing. Delete what you don't need and modify the default values for all authentication credentials (because there are lists like this, so hackers know them). This practice is more important than it was 5 years ago in this age of massive "bloatware".
Secure your network
4. Patch Strategy essential
When "Code Red" emerged in 2001, it attacked a vulnerability that Microsoft provided free patches 9 months ago for users to patch. However, the worm continues to spread quickly and on a large scale because the administrators did not download and install the patch. Today, a lot of time has elapsed since a new vulnerability was discovered and the advent of new mass-attack tools. When a vendor releases a security patch, IT administrators need to make a quick response. Patch management is currently one of the hottest it topics, but as with many things, the 80/20 rule still applies here. Without a business evaluation tool and a larger budget, a small test network can be built with "too slow" machines that have been eliminated. As a result, a 80% useful test environment can be obtained by using enterprise-level tools to build a 20% of the effort required for a professional lab. Microsoft,apple and many other organizations basically provide a security patch every month. Accessing and installing those patches should be part of your job content and planning tasks. Do not take action afterwards (you can use the 360 Security defender's vulnerability patching feature).