What Network Security Must I Have? The security of your network is your responsibility. This means you must select, implement and maintain the appropriate network security controls for your network and your network users. To help you understand the type of security controls that you must implement, we provide some general guidelines.
Network Device Security
To protect against unauthorized wireless access to your network, you should disable unnecessary services. And also, ports on your wireless access points, routers, switches and any other devices with an IP address. The following list provides examples of services that you should disable:
Disable unnecessary services
Remote management
Telnet and/or SSH (typically port 22)
FTP (typically port 20 & 21)
DNS (typically port 53)
DHCP (typically port 67 & 68)
SNMP (typically port 161 & 162)
Remote management
Remote management is any type of administrative access to a device via a network connection. Telnet and SSH are commonly for remote management. Remote Management can configure your wireless devices. Hence, allow them to manage from a remote location. However, if you do not need this functionality, you should disable this service to protect against possible unauthorized access.
Telnet
Telnet allows you to log in to a remote computer and execute commands. Just as if you directly logged into the remote computer. The benefit of using Telnet is that it widely supports virtually operating systems and network devices, making it easy to implement. But it also has some significant security weaknesses that you should consider before enabling this service.
FTP (File Transfer Protocol)
FTP (File Transfer Protocol) enables users to transfer files from one host to another host over the Internet. You should disable FTP on any access points or routers that do not need FTP services enabled. The default port for FTP service is TCP port 20 and 21. You should check your particular operating system for instructions on how to disable FTP.
DNS (Domain Name Service)
DNS (Domain Name Service) is to translate domain names into IP addresses on the Internet. If you do not need your wireless network devices to be accessible via DNS. Then you should consider disabling DNS service on them as an added security measure.
DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol) assigns IP addresses and other network parameters. Further, to network devices automatically without user intervention. When DHCP servers are not required, they should be disabled. Because they can be exploited by outsiders. Especially, those who may want to use the server as part of their attack strategy.
SNMP (Simple Network Management Protocol)
SNMP (Simple Network Management Protocol) gathers statistics and monitoring information from network devices. Also, can potentially be a backdoor method of accessing a device. Further, that may compromise or improperly configured. If you do not require SNMP monitoring or have disabled SNMP on all of your wireless access points/routers, then it would be an added layer of protection for you against unauthorized access.
Network Device Firewall Security
Firewalls are often misconfigured or turned off by default. Hence, providing wide-open security holes for cybercriminals to exploit in their attacks against wireless networks owned by small businesses and individual consumers alike. You should turn on all firewall features provided by any Internet gateway device that you purchase and/or use with your wireless network.
For example, if you have a DSL modem/wireless router combination device, make sure all of the firewall features are enabled on the router portion of the device. So that it is protecting your entire wired and wireless network environment at once. If your device does not provide firewall capabilities, consider purchasing one that does until yours has been repaired or replaced with a newer model that contains this important feature set.