Advantage recommends the following internal network controls for all our clients. While every company is different, we believe these basic safeguards should be standard for all businesses that use technology.
System and Network Monitoring that covers:
- Quarterly security updates downloaded and installed for all devices ex. Server, workstations, tablets, phones
- Ensure that all operating systems and applications are at their most current and secure version by enabling automatic updates from the vendor
- Firewall Rules enabled on all applicable devices (see Firewall Policies and Procedures)
Centralized Directory Service that:
- Centralized User Controls (i.e., Active Directory, Azure AD, or other 3rd Party option like JumpCloud)
- Least Privileged access with documentation and policies (see User Controls)
- Lockout Policies:
- When someone attempts many unsuccessful passwords trying to log on to your system might be a malicious user who is attempting to determine an account password by trial and error.
- All directory services keep track of login attempts and can respond to this type of attack by disabling the account for a period of time.
- All network shares limited to authenticated users only
- Shared folders and documents should be used by known network users only
Additional Recommendations:
- Share only necessary information
- Use strong encryption to secure files when you transfer them to others
- Change default passwords on all devices to Unique passphrases for each critical account
- 2FA on all applicable accounts – Two Factor Authentication
- DNS Filtering and Logging
- Antivirus software installed and updated on all applicable devices (not using default OS tools)
- Ensure redundant storage of critical information
- Maintain regularly scheduled data backup
Back to Business Security