The first step in securing your network is to secure the device that sits between your network and the internet. There are many approaches to securing devices, by using the same router and base configuration between our sites we ensure that we provide a locked down environment based on best practices then customise it to suit your requirements.
The basic concept is to:
- Stop all unnecessary services on your Firewall.
- Create Firewall lists to deny all unwanted inbound Traffic Services on the Fireall which are remotely accessible are limited to only the addresses required to access the Firewall
- If there are services on the Firewall that cannot be limited to a small number of addresses, then we protect the Firewall / Router by strictly firewalling these services to the appropriate RFC Standard.
- Stop all Unnecessary Services on the Router.
This reduces the attack surface of your router the less services there are to attack the less likely your router could be compromised or overloaded.
- Deny all unwanted inbound Traffic.
We reduce the chances of anyone gaining access to unmanaged services.
- Remotely Accessible Router Services should be limited to few addresses.
We try and ensure VPNS and other connections only come from trusted sources.