A
A
ashv242018-09-01 18:24:57
Information Security
ashv24, 2018-09-01 18:24:57

How do you secure an enterprise network?

Hello.
Tell us how you protect the local network that you administer, what equipment you use, paid or free software, what technologies do you use, do you check protection?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
S
Sergey, 2018-09-02
@ashv24

When I had questions about the practical organization of network protection, I did it simply - I tried it.
In the home network, a virtual server was raised on the old PC on Proxmox PVE.
It ran OpenMediaVault and a couple of test machines. A network for 5+ PCs and access from the outside for relatives, quite a testing ground.
For the test, a PFSense server and a virtual switch from Proxmox were added, the core of the network is the usual Mikrotik.
But as everyone has already said, first you need to understand the requirements of the network:
1) What services you need to provide users (just a proxy server or you also need a VPN server to connect from the Internet).
2) What exactly needs to be protected? There are 3 indicators Availability, Security, Reliability. It is necessary to find a balance between them. For example, when connecting with a VPN, if the client does not support strong encryption, then it is better to let it go so that the CEO can gain access or reject it so that an attacker cannot take advantage of the weak encryption vulnerability?
3) Budget. The scheme described above is compiled exclusively from Just-for-fun OpenSource projects. Accordingly, no one guarantees and is not responsible for timely security patches and closing vulnerabilities. In the organization, for this reason, I was not even given the go-ahead to implement management tools like Ansible, not to mention security tools. Yes, and a well-tuned Juniper SRX100 will block all the possibilities of this system and give a head start in stability.
Therefore, once again I say: "There is no magic program that will work well everywhere. Even if it covers 150% of the needs of a neighbor, it is not a fact that it will help you. That is why the question asked has no answer."

C
CityCat4, 2018-09-01
@CityCat4

You are now neighing like that, right? Right now, a crowd of IS admins have come running to paint how they protect their networks :)
Of course, security through obscuirty is also the wrong approach, but this does not mean at all that you need to tryndet about it right and left.
You tell everyone - what kind of office do you have an intercom in the entrance, what brand are the locks in the doors, how the door jamb is arranged, is there an alarm?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question