Skip to content

Access Controlling Best Practices For Secure Networks

Smart cards, trusted operating systems and secure router configuration are only a couple of Access Controlling best practices explained here.

Least Privileges

One of the most critical concepts in access control. It means that the users in a network are given only the bare minimum of privileges required for their job.

Time of Day Restrictions

Configure when an account has access to a system or network. By making them only access the system for 48 hours each week, you prevent them from being misused for the other 120 hours.

User Access Review

Since roles within an organization over time can change it is important to check the accounts and their accesses on a regular basis, to remove “leftover” rights.

Smart Cards

Smart cards are difficult to counterfeit, but easy to steal. It is best to require a password or PIN to activate the card and to encrypt the contents of it.

Implicit Deny

If a proviso in question has not been explicitly granted, the access is denied. Imagine a bouncer in a club only letting in people on the guest list and keep everyone else out.

Log Analysis

The administrator should no only log everything but review the logs as well. There is software that can be helpful to accomplish this goal. Like ManageEngine for example.

Trusted OS

An operating system that meets the government’s requirements for security.

There are different Level of security called Evaluation Assurance Levels (EALs) and they range from 1 to 7. You can easily find the list of levels on wikipedia.

However, just because an OS is trusted, doesn’t mean the your implementation is at the same level. You should know how to implement it in a safe manner.

Secure Router Configuration

The first couple of things to make after you set up a router are:

  • Change default password
  • Walk through the advanced settings
  • Keep the firmware upgraded
  • back up your router configuration

Published inNetworkingTutorials

Be First to Comment

Leave a Reply

%d bloggers like this: