Router firewall and validating identity
How much of your income should you route to your retirement?
How many cold, delicious beverages can you consume before waking up on time hurts too much?
There are numerous stories of compromised or malicious devices gaining access to the trusted network, where lax internal access controls allowed them to run rampant. Using any encryption is better than nothing, but remember - the legacy standard WEP is exceedingly easy to crack.
WPA is preferred and even better if you can use the enterprise version and secure it with strong authentication like a Multifactor Authentication or a certificate instead of a simple pre-shared key.
To alleviate this issue, segment users from production resources and only open specific rules to allow certain IPs or Identities through on specific ports.
If possible, segment users from each other as well.
A smooth deployment may require some consulting help, but the sleep you’ll gain at night knowing that the Jimmy John’s delivery guy isn’t plugging a pwnie express in while you’re eating lunch is totally worth it.
Network Segmentation If you can’t control your network access for some reason, then you can help mitigate some of the risks by implementing default segmentation in your network.
Controlling access to the network itself is a great way to avoid giving an attacker somewhere to set up camp and do further damage. Let’s cover our two main network access methods: Wireless – Vendors and admins finally seem to be defaulting to encrypted wireless networks.This is a massive improvement over using static IPs because we can avoid overly permissive rules on the firewall.Local Access Workstation access can be tough to control.How much can you repress the commoners before they overthrow you?
How much usability are you (or your users) willing to give up in order to secure your kingdom?
The great thing about paths of least resistance: you’ll never be alone. Access Controls break into two main components: Physical and Logical, each has a number of sub-components.