Cyber Security Best Practices

Cyber Security Best Practices

Many organizations struggle to keep their IT infrastructure secure and organized. One simple security measure that we at DefendEdge strongly recommend to all our clients is to implement cyber security “best practices”; these are industry-standard measures that make your environment much harder to compromise by any potential bad actor. These best practices include proper configurations involving firewalls, endpoints, and other products. They also apply to simple habit patterns involving your IT team’s daily system monitoring and health check routines.

Implementing firewall configuration best practices is one of the most important things you can do to harden your IT environment. This includes applying network segmentation throughout your firewall interfaces. This will help you group devices into different subnets so proper network communication can happen through your ACL’s. To put this more simply, assume that you have three VLANs: Data, Guest, and Printers. We want to make sure all three have their own Subnet scheme like this: 172.16.29.0/24 for Data, 172.16.28.0/24 for Printers, and 192.168.1.0/24 for Guests. Once that is in place, another best practice is to make sure anyone on the guest subnet does not have communication to anything else on your network besides the internet. As for the Data and Printers VLANs, they can have full communication, or they can be restricted to just the printing protocols.

Another firewall best practice DefendEdge recommends is the implementation of the “Next-Generation” features that your firewall may have. These features include AV scanning, Web Filtering, IDS/IPS, Application Control, DNS filtering, SSL inspection, etc. Any policies involving internal-to-external traffic should have all features turned on; any polices external-to-internal should have AV, IDS/IPS, Application control, and SSL inspection. Any internal-to-internal should match as well. These are only a few of the best practices we recommend on the firewall end. There are also Endpoint, Email filtering, and other daily routine best practices we like to recommend. If you would like more information about some other cyber security “best practices”, please visit defendedge.com, and contact us.