General Network Defenses to Avoid Getting Hacked
Regardless of the specific hacks against your system, a few good practices can help prevent many network problems. Consider the following provisions for your company to protect against malicious attackers:
Use stateful inspection rules that monitor traffic sessions for firewalls. This can help ensure that all traffic traversing the firewall is legitimate and can prevent DoS attacks and other spoofing attacks.
Implement rules to perform packet filtering based on traffic type, TCP/UDP ports, IP addresses, and even specific interfaces on your routers before the traffic is allowed to enter your network.
Use proxy filtering and Network Address Translation (NAT) or Port Address Translation (PAT).
Find and eliminate fragmented packets entering your network (from Fraggle or another type of attack) via an IPS.
Include your network devices in your vulnerability scans.
Ensure your network devices have the latest vendor firmware and patches applied.
Set strong passwords — better yet, passphrases — on all network systems.
Don’t use IKE aggressive mode pre-shared keys for your VPN. If you must, ensure the passphrase is strong and changed periodically (such as every 6–12 months).
Always use SSL (HTTPS) or SSH when connecting to network devices. Better yet, don’t even allow access to key devices from the outside.
Segment the network and use a firewall on the following:
The internal network
Critical subnetworks broken down by business function or department, such as accounting, finance, HR, and research