There are many things you can and should do to keep your system and network secure. As the saying goes — “Security is not a single event or a product, it’s a process”. So, you’ve to keep up with all the changes, installing firewalls, IDS/IPS, network security monitoring, auditing, making security policies, password policies, email policies and so on… Yes, all of them are very important and you’ll be dealing with most them depending on your security requirements. But there’re some basic things every network and system admin should follow. Personally, I’ve found 4 things that are very simple yet effective in securing your systems.
Cryptographic methods, biometrics, and two-factor authentication are becoming popular these days, but in reality we still have to deal with passwords most of the time. So, proper management of password is absolutely critical to the security. It doesn’t have to be complicated. Here are few simple things I recommend to do with the passwords:
Use password manager
Manually keeping up with 100s of login ids and passwords is very difficult, impractical and sometimes impossible. So, use some kind of password management tool. With a proper password manager you don’t have to worry about generating secure passwords, you’ll stop writing passwords in paper, and you don’t have to remember any of them. The password manager will help you with all of these tasks. I use KeePass to manage the passwords. It’s an excellent multi-platform password manager available for Windows, Linux, Mac OS X and Windows Mobile.
Change passwords regularly
Never use same password for two servers or devices, and change them regularly, at least once every 3 months. By using an unique passwords per system you’ll reduce the damage in case a single password is compromised, and by changing the passwords regularly you’ll make the guessing and attacking for the bad guys much harder.
Never send naked passwords
What I mean is, never send a clear-text password over the network. The packets can be easily captured with many freely available tools and packet sniffers. Always use some form of protection when you need to transmit the passwords, e.g. SSL, SSH or VPN connection. You should never use HTTP or Telnet to manage anything over the network. Replace them with HTTPS (SSL) and SSH.
2. Security Updates
Keeping your systems up-to-date is very important, there’re new security patches released by most of the vendors all the time. Sometimes the security updates negatively affect production environment, so it’s recommended to first test the fixes and then only apply to production environment. Anyway, patching the known security holes is critical to stay secure. The longer you take to patch a known security hole the more you’re exposed to attacks.
There’s a nice saying about the change — “Change is the only constant”. I think that’s true for life, and for systems, and networks. We make changes all the time, change firewall rules, add users, delete users, install security patches and so on. The system and network environment keeps changing. It is very important to keep a backup of the last known working configuration of everything, and maintain a change document. So, if suddenly after changing a firewall rule everyone in the network complains about not being able to access a server in DMZ, we should be able to fall back to the previous rule-set easily. If you’ve made some manual changes to a config file to improve the performance of a linux server, you should note it down because after few months you won’t remember the exact changes you’ve made. Knowing what changes you’ve made and being able to fall back keeps you and your environment productive and secure.
4. Stop unnecessary services
Most of the Operating Systems and security devices come with a lot of services installed and running by default. The more services that are running, the more your system is exposed to attack. So, you need to identify all the services running in the system and stop the unnecessary ones. If it’s a firewall, explicitly deny everything first, and start allowing the necessary connection and services. If it’s an operating system, find and stop all the unnecessary services.
By following these 4 simple measures you’ll be able to keep your system and network secure and stable. I’m not saying that just these measures would be enough in all environments, but they’re the basic foundation. I think not only admins but normal users should be following these 4 measures to keep themselves secure in todays wild internet.
Any other simple measures that you take to keep your system and network secure? Comments and emails are welcome.