Network Administration: Hardening Your Network
You should take steps to protect your network from intruders by configuring the other security features of the network’s servers and routers. The following sections describe the basics of hardening your network.
Using a firewall
A firewall is a security-conscious router that sits between your network and the outside world and prevents Internet users from wandering into your LAN and messing around. Firewalls are the first line of defense for any network that’s connected to the Internet. You should never connect a network to the Internet without installing a carefully configured firewall.
Disabling unnecessary services
A typical network operating system can support dozens of different types of network services: file and printer sharing, web server, mail server, and many others. In many cases, these features are installed on servers that don’t need or use them.
When a server runs a network service that it doesn’t really need, the service not only robs CPU cycles from other services that are needed, but also poses an unnecessary security threat.
When you first install a network operating system on a server, you should enable only those network services that you know the server will require. You can always enable services later if the needs of the server change.
Patching your servers
Hackers regularly find security holes in network operating systems. After those holes are discovered, the operating system vendors figure out how to plug the hole and release a software patch for the security fix.
The trouble is that most network administrators don’t stay up to date with these software patches. As a result, many networks are vulnerable because they have well-known holes in their security armor that should have been fixed but weren’t.
Even though patches are a bit of a nuisance, they’re well worth the effort for the protection that they afford. Fortunately, newer versions of the popular network operating systems have features that automatically check for updates and let you know when a patch should be applied.