Secure your network – Pitfalls to be avoided

We have all seen lists upon lists of “How to secure your network”. We have grown immune to these well meaning rants, just as a teenager blocks out his parent’s “lectures” (No parent would call it a “lecture” while all kids will insist it is a “lecture, a boring one at that”). So, we decided to put on our thinking caps, after vigorously dusting it, and tried to come up with a list pitfalls to avoid; that will, hopefully, not be relegated to the annals of lecture fiefdom.

– Too many users with administrative access to a critical resource. Think critical resource being managed by third party vendor, 3 shifts of 2 people each, changes in team composition, top it off with a generous sprinkling of generic user IDs. Recipe for disaster? We definitely think so.
 
– A variation of the above: domain has ‘n’ servers – each server with its own administrative person. Each of these individual administrators have domain administrator access.
 
– Networking devices have trivial passwords. We don’t know why, but too often we have seen switches and firewalls having trivial passwords. We are tempted to ask “Why this kolaveri”, but being staid, we won’t.
 
– Change management not given enough importance. Ever so often, we have asked “who authorised this particular change” and people are left scrambling.
 
– Security patches, fixes not updated. This topic comes with its own debate, but, we thought it is worth mentioning here without going into the aforementioned debate.
 
– GPOs are not used as a security tool; GPOs don’t push security policies. This one single item (GPOs push security related policies to the domain) can help homogenise security settings and ease administrative hassles.
 
There you go; not necessarily the top 5 pitfalls but the first 5 that came to mind. Lecture over.