Securing a Fixed Network
Security measures are behavioural, organisational or technical measures seeking to ensure the confidentiality, integrity and availability of an asset. Security measures seek to reduce the vulnerabilities exploited by threats and thereby lower the impacts. They are defined during the risk treatment phase in the risk management process. Within an entity, a fixed network links different machines (“assets”) together. To be secure, this network needs to respond to certain secure measures, as detailed below.
To guarantee IT security in a fixed network:
- It is strongly recommended to activate a DHCP server to verify the allocation of IP addresses. Servers should be allocated fixed IP addresses or DHCP static addresses.
- It is strongly recommended to allocate fixed IP addresses (using a DHCP server) to computers which have specific rules for the company firewall or web filter. Draft and enforce a Sectoral policy on access control – Connection procedures and Access rights management.
- It is strongly recommended to implement a network access control (NAC) system to prevent access by machines not intended to be on the network.
- It is strongly recommended to install a web filter (proxy) within the network to prohibit access to malicious websites or sites offering inappropriate content (games, pornography, etc.). Draft and enforce a Sectoral policy on access control – Use of external networks.
- For larger structures, it is recommended to partition the network with firewalls. Draft and enforce a Sectoral policy on access control – External connections and Separation of networks.
- It is strongly recommended to create a specific network for laptop computers also used outside the company. To do this, specific switches may be necessary. Draft and enforce a Sectoral policy on access control – Separation of networks
- If a wireless network is set up, it is strongly recommended to set up a dedicated network for portable or personal devices.
- In a WINDOWS environment, it is strongly recommended to implement a domain server as well as an Active Directory. Draft and enforce a Sectoral policy on the Classification and control of resources as well as a Sectoral policy on access control – Access rights management.
- It is strongly recommended to limit access to areas of the network not accessible to the general public. Draft and enforce a sectoral policy on Physical and environmental security – Physical security perimeter and Rules within the perimeter.