What are the Common Security Leak ?
1. Administrative User name Change, use uncommon word as user, disable default user.
2. Logout, If not working. Don’t leave PC with login.
3. Power of user reduce. Don’t give Password Changing Power to every body.
4. User name should be IP binding.
5. IP should be MAC binding.
6. Allow WAN-LAN-dns IP , then deny all IP.
7. Configure your server with Private IP, use port forwarding from router with Real IP.
8. Router Access(login) Port number Change.
9. Risky services(ssh, telnet, ftp etc) must be disabled.
10. Log (login, change history) store in remote PC.
11. Unused Physical ports including console port should be disabled.
12. Auto backup script. (password protected).
13. Server room entrance restricted with card punch or finger print, use DVR.
14. VPN user for remote access with encryption.
15. Real IP redundancy with backup ISP.
16. WAN IP must not larger than /30 or no idle IP at WAN side.
17. Dns security= no open dns (allow remote request=disabled).
18. Don’t save password.
19. Long and critical password.
20. Password typing speed high.
21. Don’t write password anywhere.
22. Use Vlan to separate clients, servers.
23. Neighbor Discovery protocol disabled.
24. WiFi should be password protected, allowed MAC list, deny all.
25. DHCP Server IP pool Off.
26. Static ARP and Interface > ARP=reply-only.
27. Virus ports, Remote Desktop, Team viewer, Ammy admin, VNC etc ports must not opened.
28. Windows firewall active and Antivirus must be updated.
29. Don’t click unknown attachment files and unknown .exe/.bat/.ini files or games.
30. Don’t accept (If not sure) firewall / antivirus asked to allow.
31. Enable facebook security options from setting.
- A.K.M. Jahangir