Skip to main content

10 things you can do to improve network and PC security

By Jack Wallen | October 8, 2012, 6:41 AM PDT

Security. It's that which drives some administrators to early retirement, gray hair, or a permanent room in a padded cell. Okay, that's an exaggeration… but you get the idea. Security is tops on most every administrator's list. And with good reason. Incomplete or poor security can bring down a company's network and/or computer resources. That equates to lost work, which affects bottom line.

Administrators must do all they can to ensure the security of their networks. But for some (especially those without the financial resources), just knowing where to start and what to use is the biggest challenge. With that in mind, I thought I'd lay down 10 tools and methods to help you arrive at better network/PC security.

1: Use Linux

I can already hear the groans from the gallery, but the truth of the matter is, you will cut down on PC security issues if you begin migrating at least some of your desktops to Linux. The best way to do this is to migrate users who don't require the use of proprietary, Windows-only applications. If you use Exchange, just make sure you set up OWA so that the Linux users can access Web mail. Migrate a quarter of your desktops to Linux and that's a quarter fewer security risks you'll have to deal with.

2: Block users from installing software

I've had to deal with companies that do this. Yes, it can be a pain when users actually need a piece of software installed (you'll have to visit their offices just to enter the administrator credentials), but the dividends it pays off are significant. You'll have far fewer viruses and less malware to deal with than you would if the users were allowed to install at will. The give and take is certainly worth it here.

3: Upgrade your antivirus

I'm always shocked when I see antivirus tools that are out of date. This goes for applications and virus definitions. When dealing with the Windows platform, it's crucial to keep everything as current as you possibly can. Keeping antivirus up to date is the only way to help protect vulnerable machines from malicious software and files.

4: Switch your browser

Not to stir up the mud, but the truth of the matter is simple: Internet Explorer is still an incredibly insecure browser. One of the best things you can do is migrate your users from IE to Firefox. Yes, Firefox may be getting a bit bloated, but it's still far more secure than the Windows counterpart.

5: Disable add-ons

Browsers and email clients make use of add-ons. Some are necessary for work — some are not. Those that aren't needed should not be used. Although some add-ons offer some handy features, it's not always possible to ensure the validity or security of an add-on. And even when you can, it's not always a given that the add-on won't affect the performance of the machine. I've seen plenty of Outlook, IE, and Firefox add-ons drag a machine to a screeching halt.

6: Deploy a hardware-based firewall

Let's face it: The built-in Windows firewall is simply not sufficient. If you want real security, you need a dedicated firewall on your network. This firewall will be a single point of entry that will stop many more attempted breaches than the standard software-based firewall will. Besides, the hardware-based fire will be far more flexible and customizable. Look at a Cisco, Sonicwall, or Fortinet hardware firewall as your primary protection.

7: Enforce strict password policies

For the love of all things digital, don't let your end users control their password destiny. If you do this, you'll wind up with accounts and systems protected with "password", "1," or worse — nothing at all. Make sure all passwords require a combination of upper/lowercase, numbers and letters, and special characters. While you're working on password policies, be sure you enforce a rule that passwords must be changed every 30 days. It's an inconvenience, but it's worth the security it brings.

8: Do not share networked folders with "Everyone"

Although it's tempting (especially when you can't figure out why a user can't access a folder), do NOT give the Everyone group access to a folder. This just opens up that folder to possible security issues. If this becomes an absolute necessity, only do it temporarily. For security's sake, spend the extra time troubleshooting why that user can't access the folder, instead of just giving Everyone full access.

9: Use network access control, like PacketFence

PacketFence is one of the most powerful NAC tools you will find. With this tool, you can manage captive-portal for registration and remediation, and you have centralized wired and wireless management, powerful guest management options, 802.1X support, layer-2 isolation of problematic devices, and much more. With this system on your network, you can rest assured that rogue devices will have a much smaller chance of connecting.

10: Use content filtering to protect from malware

I'm not a big fan of posing as Big Brother, so I don't advocate too much content filtering. I do, however, believe it's valid to use content filtering to prevent malware. There are obviously certain phrases, keywords, and URLs that can and should be filtered, based on their history of causing malware. I won't post the best keywords to filter for malware, as those words might land me in trouble. Just do a simple search for keywords associated with malware.

Other tips?

Securing your network and PCs is a constant battle. But with the right tools and strategies, your network can be a much safer arena for productivity. Give a few of these options a look and see if they offer the missing pieces needed to further secure your environment.

What security measures do you take to safeguard your organization? Share your ideas with fellow TechRepublic members.
build-access-manage at


  1. if you are interested in security or any related topics, you should take a look at our blog with plenty of articles, discussions and other cool stuff on this topic.


Post a Comment

Popular posts from this blog

Timer AC bergantian

Bagaimana sich prinsip kerja AC yang bergantian? Seperti yang terangkai pada ACPDB, yang kita butuhkan adalah 1 buah timer dan 2 buah kontaktor. Pada dasarnya rangkaiannya adalah seperti gambar diatas. Seperti kita ketahui, timer dan kontaktor akan bekerja apabila mendapatkan catuan 220 V. Pada timer catuan bisa dikoneksikan di lubang “L” dan “N”, sedang pada kontaktor dilubang “A1” dan “A2”. Itulah kenapa pada saat mati listrik komponen2 tersebut tidak bekerja. Timer berfungsi sebagai switch dari 2-1 atau 2-3 dan lubang “2” sebagai sumber yang dialiri arus listrik. Sesuai namanya alat ini akan bergantian dari 2-1 atau 2-3 berdasarkan waktu yang sudah kita atur pada sirip biru. Satu sirip merepresentasikan 30 menit. Sedang pada kontaktor untuk tipe Telemecanique, sumbu-sumbu saklarnya adalah 1-2, 3-4, 5-6, NO-NO, NC-NC.  Jika “A1” dan “A2” tidak dicatu maka 1-2 (open), 3-4 (open), 5-6 (open), NO-NO (open), NC-NC (close/terhubung). Dan bila “A1” dan “A2” dicatu  maka 1-2 (close), 3-4 (clo…

Contoh Panduan Standarisasi Area Data Center

Berikut adalah contoh Panduan Standarisasi Area Data Center

PANDUAN - IK Standarisasi Area Data Center Article Number: 49 | Rating: Unrated | Last Updated: Mon, Nov 25, 2013 at 2:13 PM BAB I KEBIJAKAN
1.1.Area Data Center
Areadata center termasuk aset vital perusahaan dan diperlakukan sesuai dengan persyaratan yang telah ditetapkan dalam Sistem Manajemen Pengamanan Perusahaan.

Seksi Jaringan bertanggungjawab terhadap pengamanan fisik dan logik. sedangkan fungsi Sekuriti terhadap pengamanan fisik.

1.2.Pertimbangan Dalam Hal Penentuan Lokasi Area Data Center
Beberapa pertimbangan yang harus ada dalam menentukan lokasi ruang data center, yaitu :

1.Memungkinkan untuk pengembangan yang memadai, misalnya mempertimbangkan pengembangan untuk jangka waktu 5 (lima) tahun ke depan.
2.Mempertimbangkan ruang yang tidak "terlalu” banyak dilalui untuk operasional lain, namun tetap dapat dijangkau dengan mudah.
3.Memperhatikan aspek keamanan dan keselamatan pekerja.
4.Memenuhi persyaratan sebagaimana yang …

Mendesigns dan Menghitung UPS untuk Data Center

Mendesigns dan Menghitung UPS untuk Data Center UPS dan data center mungkin bisa di sebut sayur tanpa garam, hambar jika tidak saling melengkapi. 
Tapi untuk menentukan kebutuhan akan UPS data centerperlu perhitungan yang matang agar UPS dan server tetap awet dan selalu ON 24 jam. banyak sekali jenis UPS dan daya yang di tawarkan. Kita harus menghitung kebutuhan beban keseluruhan server agar ketika listrik down UPS dapat menghandle beberapa detik untuk listrik pindah ke genset begitu pula sebaliknya, Oke untuk menentukan itu semua tentukan dulu jenis UPS yang akan anda gunakan.
Oke kita sedikit belajar dulu tentang UPS :)
PRINSIP KERJA UPS Setiap PC membutuhkan daya listrik. Apabila aliran listrik (main power) terputus, PC akan mati (tidak berfungsi). Fungsi dasar UPS (Uninterruptible Power Supply) adalah menyediakan suplai listrik SEMENTARA ke beban (PC) tanpa terputus pada saat main power tidak bekerja agar seluruh proses dapat dihentikan dengan benar, seluruh data dapat disimpan den…