Network security starts with physical security. Network components such as servers,
hubs, and routers should be located in a secure equipment room. Part of physical
security is protecting your cable plant from damage and electronic eavesdropping.
Cable should be run inside walls or ceilings not laying around on the floor. It is
difficult to protect workstations because there are usually many of them spread
across a building. The only way to protect this equipment is to limit access to the
building and post a security guard or receptionist at all open entrances.
There are two basic security models: share-level security and user-level security.
Share-level security requires a password to access a network resource. You can assign
two separate passwords. One password provides full read/write access and the other
provides read-only access.
User-level security permits access based on a specific users security account and
the groups to which the user belongs. Some groups may have full access to a resource.
Other groups may have read-only access to the same resource. A user may belong to
By logging security events you can create an audit trail. You can then study the
logged security events to determine if your system is under attack by an unauthorized source.
Security can be increased by using good password procedures. The first component of
a password procedure is to require users to create secure passwords. Require passwords
to contain a minimum number of characters. The more characters used in a password, the
more secure it is. Using numbers along with letters in a password also ads to the
security. The user should not have a password that is easy to guess or is a word that
can be found in the dictionary. Enforce a company policy that does not permit the
sharing of passwords.
Security is increased when passwords are changed frequently. Configure your system
so that passwords expire periodically. The user should be warned to change the
password before it expires. If the user has not changed the password before the
expiration time, they are locked out of the system.
You should configure your system so that an account is locked out after a certain
number of failed attempts. This discourages hackers. You should also rename your
Administrator account, in Unix, your Root account, to discourage hackers.