{"id":27906,"date":"2024-05-13T09:00:00","date_gmt":"2024-05-13T09:00:00","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=27906"},"modified":"2024-06-21T12:45:55","modified_gmt":"2024-06-21T12:45:55","slug":"how-to-secure-a-network","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/","title":{"rendered":"Network Protection: How to Secure a Network in 13 Steps"},"content":{"rendered":"\n<p>Truly securing your network infrastructure is one of the most critical choices your business can make to protect itself from threats. Technologies and tools like firewall rules, patch management, and incident response procedures help guard your sensitive data and applications. This process will vary depending on your business, but there&#8217;s a 13-step process, from assessing your network to improving security over time, that works for many organizations.<\/p>\n\n\n\n<p>Click this image to download a detailed network protection checklist for your security and networking teams to use.<\/p>\n\n\n\n<figure class=\"wp-block-kadence-image kb-image27906_80dfd0-5e size-large\"><a href=\"https:\/\/drive.google.com\/uc?export=download&amp;id=1ar8HxPZS0dZPsQbR2IEn9xa-zFaWzgRb\" class=\"kb-advanced-image-link\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"762\" src=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/ESP_NetworkProtection-HowToSecureANetworkIn13-Steps_2024_MEL_rnd2-01-1024x762.png\" alt=\"Thirteen steps to secure your business's network.\" class=\"kb-img wp-image-36112\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/ESP_NetworkProtection-HowToSecureANetworkIn13-Steps_2024_MEL_rnd2-01-1024x762.png 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/ESP_NetworkProtection-HowToSecureANetworkIn13-Steps_2024_MEL_rnd2-01-300x223.png 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/ESP_NetworkProtection-HowToSecureANetworkIn13-Steps_2024_MEL_rnd2-01-768x572.png 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/ESP_NetworkProtection-HowToSecureANetworkIn13-Steps_2024_MEL_rnd2-01-1536x1144.png 1536w, https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/ESP_NetworkProtection-HowToSecureANetworkIn13-Steps_2024_MEL_rnd2-01-2048x1525.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 ez-toc-wrap-left counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-66d6c4a1e62d3\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-66d6c4a1e62d3\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#1-Assess-Your-Network\" title=\"1. Assess Your Network\">1. Assess Your Network<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#2-Identify-Security-Loopholes-Weaknesses\" title=\"2. Identify Security Loopholes &amp; Weaknesses\">2. Identify Security Loopholes &amp; Weaknesses<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#3-Implement-Access-Controls\" title=\"3. Implement Access Controls\">3. Implement Access Controls<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#4-Set-Up-Your-Firewall\" title=\"4. Set Up Your Firewall\">4. Set Up Your Firewall<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#5-Encrypt-Data-Transmissions\" title=\"5. Encrypt Data Transmissions\">5. Encrypt Data Transmissions<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#6-Segment-Networks-Logically\" title=\"6. Segment Networks Logically\">6. Segment Networks Logically<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#7-Set-Intrusion-Detection-Prevention-Systems\" title=\"7. Set Intrusion Detection &amp; Prevention Systems\">7. Set Intrusion Detection &amp; Prevention Systems<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#8-Create-Asset-Discovery-Policies\" title=\"8. Create Asset Discovery Policies\">8. Create Asset Discovery Policies<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#9-Develop-Patch-Management-Procedures\" title=\"9. Develop Patch Management Procedures\">9. Develop Patch Management Procedures<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#10-Monitor-Log-Networks\" title=\"10. Monitor &amp; Log Networks\">10. Monitor &amp; Log Networks<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#11-Develop-an-Incident-Response-Plan\" title=\"11. Develop an Incident Response Plan\">11. Develop an Incident Response Plan<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#12-Train-Employees-in-Cybersecurity-Practices\" title=\"12. Train Employees in Cybersecurity Practices\">12. Train Employees in Cybersecurity Practices<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#13-Continuously-Improve-the-Network\" title=\"13. Continuously Improve the Network\">13. Continuously Improve the Network<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#Bottom-Line-Securing-a-Network-Is-an-Ongoing-Process\" title=\"Bottom Line: Securing a Network Is an Ongoing Process\">Bottom Line: Securing a Network Is an Ongoing Process<\/a><\/li><\/ul><\/nav><\/div>\n\n<!-- ICP Plugin: Start --><div class=\"icp-list icp-list-main icp-list-body-top3 row\">\n    \n        <!--\n            ICP Plugin - body top3\n            ----------\n            Category: \n            Country: HK\n        -->\n    <\/div>\n<!-- ICP Plugin: End -->\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"1-Assess-Your-Network\"><\/span>1. Assess Your Network<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Before you implement any cybersecurity practices or procedures, you first need to know the current status of your network, which includes existing access controls, the status of your firewall and its rules, and current vulnerability management procedures.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Audit All Access Controls<\/h3>\n\n\n\n<p>Complete an audit of your current access controls, including usernames, passwords, passcodes, and any <a href=\"https:\/\/www.esecurityplanet.com\/mobile\/multi-factor-authentication\/\">multi-factor authentication<\/a> you currently have set up. To audit all access controls, go through each application or system that requires login credentials or permissions and document them, including whether they&#8217;re protected by password managers. Look at your current password requirements, too; do they force employees to set hard-to-guess passwords?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Examine Any Existing Firewalls &amp; Firewall Rules<\/h3>\n\n\n\n<p>Take inventory of any existing <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-firewalls\/\">network firewalls<\/a> and the rules you currently have. Navigate to your firewall&#8217;s management panel, find the list of rules, and look for any unhelpful or inconsistent rules. Maybe one rule contradicts another, or an old rule breaks your business&#8217;s new security policies. This is also a good time to perform an initial firewall audit; it&#8217;ll reveal ways that the firewall doesn&#8217;t work well or if your rules no longer meet enterprise policies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Document Your Vulnerability Management Practices<\/h3>\n\n\n\n<p>Before you overhaul your network&#8217;s cybersecurity infrastructure, document all your existing <a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-management\/\">vulnerability management<\/a> tools or procedures. Are there any that don&#8217;t work, and which can you change? Also, determine whether your security team can easily find vulnerabilities and mitigate them, or if it&#8217;s been a challenging process for them so far. You could even send them a survey with a few questions about vulnerability management and mitigation processes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"2-Identify-Security-Loopholes-Weaknesses\"><\/span>2. Identify Security Loopholes &amp; Weaknesses<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Identifying vulnerabilities goes hand in hand with assessing your network, so you may end up performing these steps at the same time. To find loopholes in your business&#8217;s security, you can implement strategies like vulnerability scanning and penetration testing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Perform Vulnerability Scans<\/h3>\n\n\n\n<p>Test your network architecture so you know where any problems exist. Traffic volume tests or vulnerability scans catch misconfigurations, unapplied or incorrectly applied encryption, weak passwords, and other common issues before hackers can exploit them. You can also use vulnerability scans to detect sloppy encryption key management. While you can scan for vulnerabilities manually, I recommend using software, which is more efficient.<\/p>\n\n\n\n<p><strong>If your business would benefit from using vulnerability scanning software, check out our guide to <a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-do-a-vulnerability-scan\/\">performing a vulnerability scan<\/a>.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Consider Penetration Testing<\/h3>\n\n\n\n<p>Vulnerability scans might detect common weaknesses, but active <a href=\"https:\/\/www.esecurityplanet.com\/networks\/penetration-testing\/\">penetration tests<\/a> determine if vulnerabilities pose a true risk or may be mitigated by other controls. Penetration tests can also determine if the existing controls will sufficiently stop attackers. You can perform penetration testing using tools, but you may have more accurate results if you deploy external experts. Talk to your security team lead about the possibility of hiring a pentester.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"3-Implement-Access-Controls\"><\/span>3. Implement Access Controls<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Successful security includes restricting access to network resources, like hardware and management software. Implement appropriate access controls for every resource, depending on which employees need access at particular times. These include hard-to-guess passwords, Active Directory integrations, multi-factor authentication, least privilege access strategies, and access to cloud platforms.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Create Strong Credentials<\/h3>\n\n\n\n<p>Increase password strength requirements to add complexity, or enforce more frequent password rotation for all employee login credentials. <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-password-managers\/\">Password managers<\/a> help users meet more stringent requirements and can enable centralized control as well. Enterprises may also adopt <a href=\"https:\/\/www.esecurityplanet.com\/products\/single-sign-on-solutions\/\">single-sign-on<\/a> (SSO) technologies to streamline access to cloud resources.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use Active Directory if Needed<\/h3>\n\n\n\n<p>The smallest organizations might only worry about device access, otherwise known as login credentials \u2014 usernames and passwords. But as an organization grows, formalized and centralized control using <a href=\"https:\/\/www.serveracademy.com\/blog\/active-directory-101-a-step-by-step-tutorial-for-beginners\/\" target=\"_blank\" rel=\"noreferrer noopener\">Active Directory<\/a> (AD) or an equivalent <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-ldap\" target=\"_blank\" rel=\"noreferrer noopener\">Lightweight Directory Access Protocol<\/a> (LDAP) tool saves your business time and enables faster responses for change requests. Implementing AD or LDAP takes time but is valuable for larger organizations.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Implement Multi-Factor Authentication<\/h3>\n\n\n\n<p>Growing organizations face increased breach risk as the potential damages from stolen credentials increase with company size and reputation. To reduce this risk, many adopt multi-factor authentication to provide improved security over 2FA, especially when applications or tokens replace vulnerable SMS text as a factor. Biometric and <a href=\"https:\/\/www.esecurityplanet.com\/trends\/passwordless-authentication-101\/\">passwordless solutions<\/a> can be more expensive but difficult-to-spoof solutions.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use the Principle of Least Privilege Access<\/h3>\n\n\n\n<p>Implementing a <a href=\"https:\/\/www.cloudflare.com\/learning\/access-management\/principle-of-least-privilege\/\" target=\"_blank\" rel=\"noreferrer noopener\">least privilege access<\/a> strategy means that your network and security teams only give employees access to systems if they absolutely need it to do their job. In the past, employees had access &#8220;just in case&#8221; they needed it. But that opens the door further to threat actors and potential internal threats. Make sure only employees who need access to an application get it, and that they receive administrative or view-only access based on their roles.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Manage Access to Cloud Resources<\/h3>\n\n\n\n<p>Even smaller organizations now use cloud resources, but most internal network controls don&#8217;t extend to resources hosted outside of the network, such as Office 365, Google Docs, or segregated branch office networks. <a href=\"https:\/\/www.esecurityplanet.com\/products\/casb-security-vendors\/\">Cloud access security brokers<\/a> (CASB) and secure browser applications can provide consolidated solutions to <a href=\"https:\/\/www.esecurityplanet.com\/cloud\/cloud-security-best-practices\/\">protect users in the cloud<\/a>.<\/p>\n\n\n\n<p>Make sure every user on a cloud account has appropriate permissions, whether they&#8217;re an admin or can only view a document. Also check that all your cloud instances aren&#8217;t exposed to the internet.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"4-Set-Up-Your-Firewall\"><\/span>4. Set Up Your Firewall<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The firewall implementation process will vary depending on whether your network already has one, but you can still use it as a checklist for items you haven&#8217;t yet completed. Follow this general process to install a firewall, create rules and zones, and test and manage the firewall over time.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Choose the Right Type of Firewall<\/h3>\n\n\n\n<p>If your business doesn&#8217;t have a firewall yet, you&#8217;ll need to choose one that makes sense for your network. Smaller businesses might want a relatively small appliance, but larger enterprises may want a next-generation firewall from one of the leading network vendors. Also consider <a href=\"https:\/\/www.esecurityplanet.com\/cloud\/firewalls-as-a-service-fwaas\/\">firewalls as a service<\/a> if your business doesn&#8217;t currently have the resources or personnel to support an<em> <\/em>on-premises firewall.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Secure the Firewall<\/h3>\n\n\n\n<p>For your firewall to work well, you&#8217;ll need to create specific rules that designate which traffic the firewall accepts and blocks. This will vary depending on your business&#8217;s needs; you can customize the rule lists to be more or less restrictive based on the applications and data that reside behind the firewall. Implement rules for both inbound and outbound traffic, which restrict the traffic entering your network and the data leaving it.<\/p>\n\n\n\n<p><strong>Read more about <a href=\"https:\/\/www.esecurityplanet.com\/networks\/firewall-rules\/\">creating firewall rules<\/a> and how they improve your business&#8217;s network security.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Create Firewall Zones &amp; IP Addresses<\/h3>\n\n\n\n<p>Now divide your firewall into any zones that need to be separated, and assign necessary interfaces to each zone. Then designate firewall resources and servers with their appropriate IP addresses if they don&#8217;t already have them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Make an Access Control List<\/h3>\n\n\n\n<p>The <a href=\"https:\/\/www.fortinet.com\/resources\/cyberglossary\/network-access-control-list\" target=\"_blank\" rel=\"noreferrer noopener\">access control list<\/a> (ACL) determines which resources or users are permitted to access the network. Admins may specify a list for the whole network or for certain subnets. Create an access control list in conjunction with your firewall rules so nothing in that list contradicts the other; it&#8217;s good to have them side by side while developing rules to accept or drop packets.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Test Configurations<\/h3>\n\n\n\n<p>Make sure any network configurations work. If you block traffic from a certain website, ensure that the firewall doesn&#8217;t allow that traffic through. Test the rules, too, especially for <a href=\"https:\/\/www.esecurityplanet.com\/applications\/whitelisting-vs-blacklisting-which-is-better\/\">blacklists and whitelists<\/a>; you can do this by connecting to the network and attempting to load a blocked website. If it still loads, your blacklist isn&#8217;t working.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Manage the Firewall Over Time<\/h3>\n\n\n\n<p>Firewalls need to be checked and reconfigured regularly. You also need team members responsible for handling regular firewall upkeep and maintenance, including updating rules to fit changing business policies. Assign team members to specific firewall management tasks, and create a schedule for auditing firewall rules. Make sure everyone on your team knows how they&#8217;re supposed to take care of the firewall, using clear, straightforward documentation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"5-Encrypt-Data-Transmissions\"><\/span>5. Encrypt Data Transmissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Encryption can protect assets directly throughout your entire IT infrastructure. You can protect endpoints using <a href=\"https:\/\/www.esecurityplanet.com\/products\/top-full-disk-software-products\/\">full disk encryption<\/a>, databases using settings, and critical files using file or folder encryption.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Encrypt Endpoints<\/h3>\n\n\n\n<p>Encrypting an endpoint&#8217;s entire hard drive or SSD protects the entire device. Also, operating systems, such as Windows, offer options to change settings and require encrypted connections to specific assets or throughout the network. You can change other settings to prevent the transmission or storage of plain-text passwords and to ensure storage of salted password hashes.<\/p>\n\n\n\n<p><strong>Learn more about <a href=\"https:\/\/www.esecurityplanet.com\/trends\/types-of-encryption\/\">different types of encryption<\/a>, such as full disk encryption and digital certificates, and when they&#8217;re useful.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Encrypt Databases<\/h3>\n\n\n\n<p>You can <a href=\"https:\/\/www.esecurityplanet.com\/networks\/database-security-best-practices\/\">encrypt databases<\/a> by entire application, by column, or through the database engine. Different encryption implementations will affect how fast you can query data within the database, so take that into consideration before encrypting anything.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Encrypt Files or Folders<\/h3>\n\n\n\n<p>You can encrypt data at either the individual file level or at the folder level. File-level encryption will typically take more time and allows you to encrypt individual files and choose not to encrypt others, if necessary. Folder-level encryption shields an entire folder&#8217;s data at a time, which is useful when you need to protect full folders of data at rest at a time.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"6-Segment-Networks-Logically\"><\/span>6. Segment Networks Logically<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Growing organizations need to allow different types of access, but they shouldn&#8217;t allow everyone to access everything in the network. Network segmentation can create networks for guests, quarantined networks for insecure devices, and even separate networks for vulnerable IoT, OT, and known obsolete technology. Use virtual LANs to create subnets, and implement zero trust strategies so users don&#8217;t have unnecessary access.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Set Up Virtual LANs<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-a-vlan\/\">Virtual local area networks<\/a> (VLANs) partition networks on a single piece of hardware and allow teams to split networks into smaller subnetworks. They&#8217;re helpful because they make network management processes easier and provide additional security since not all traffic is going to the same place. You can designate different types of traffic to go to different subnets, depending on your security needs.<\/p>\n\n\n\n<p><strong>Read more about <a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-set-up-vlan\/\">setting up a virtual LAN<\/a>, including configuring switch ports and connecting them to the VLAN.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Create Subnetworks<\/h3>\n\n\n\n<p>Your network segmentation should make sense based on the way your business routes traffic. For example, if two subnetworks, or subnets, reside next to each other on the larger network, you should put a firewall between them if <a href=\"https:\/\/www.esecurityplanet.com\/networks\/dmz-network\/\">one subnet is processing external traffic<\/a> and the one next to it has sensitive data on it. It can also help to group similar technological resources on the same subnet for more logical routing.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Consider Zero Trust<\/h3>\n\n\n\n<p>I recommend implementing a <a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-implement-zero-trust\/\">zero trust framework<\/a> for your entire network infrastructure. Zero trust, combined with network segmentation, requires users to prove they&#8217;re authorized to access each individual resource on the network. A zero trust framework uses the concept &#8220;Never trust, always verify.&#8221; Users on the network have to verify their right to use an application or log into a certain system, rather than having access to everything just because they got past the firewall.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"7-Set-Intrusion-Detection-Prevention-Systems\"><\/span>7. Set Intrusion Detection &amp; Prevention Systems<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>An intrusion detection and prevention system (IDPS) is one of the core functionalities of network security. You need to know what&#8217;s going into your network, what&#8217;s leaving it, and if there are any obvious vulnerabilities within the hardware and software that make up the network. Intrusion detection and intrusion prevention can function somewhat separately, but they&#8217;re often combined in security suites.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Configure Intrusion Detection Systems<\/h3>\n\n\n\n<p>Intrusion detection systems (IDS) are primarily responsible for identifying vulnerabilities and attackers. They alert network administrators when malware is detected in a system, a strange user logs into software, or internet traffic overwhelms a server unexpectedly. They&#8217;re useful for detecting malicious behavior, but they usually can&#8217;t fix security issues on their own.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Configure Intrusion Prevention Systems<\/h3>\n\n\n\n<p>Intrusion prevention systems don&#8217;t just observe vulnerabilities and attacks \u2014 they&#8217;re tasked with fixing them. This includes standard remediation actions, like blocking traffic or eradicating malicious software. Intrusion detection and prevention tend to be most effective <a href=\"https:\/\/www.esecurityplanet.com\/products\/intrusion-detection-and-prevention-systems\/\">when they&#8217;re bundled together<\/a>, so you can identify issues and fix them on a single platform.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"8-Create-Asset-Discovery-Policies\"><\/span>8. Create Asset Discovery Policies<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Unauthorized devices can intercept or redirect network traffic through attacks such as connecting unauthorized computers to the network or deploying packet sniffers to intercept network traffic. Similarly, spoofed <a href=\"https:\/\/www.esecurityplanet.com\/networks\/what-is-dns-security\/\">domain name system<\/a> (DNS) addresses can redirect users from legitimate connections to dangerous websites. To protect your network, block or quarantine assets as needed, always scan for assets, and disable any network features you don&#8217;t need.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Block or Quarantine Devices<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/network-access-control-solutions\/\">Network access control (NAC) solutions<\/a> test for outdated or vulnerable software on endpoints and redirect devices to quarantine until remediated. Unauthorized devices may be blocked or quarantined. You can achieve some NAC capabilities by adding MAC address filtering or whitelists to firewalls and servers, but whitelists can be time-consuming to maintain.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Scan Assets Continuously<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/top-it-asset-management-tools-for-security\/\">IT asset management<\/a> (ITAM) tools can scan for devices connected to the network and send alerts or block unregistered devices. Organizations need to verify the types of assets they&#8217;re trying to detect. Some applications, cloud infrastructure, networking equipment, or Internet of Things (IoT) devices may require more sophisticated ITAM or additional tools to detect them.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Disable Unneeded Features<\/h3>\n\n\n\n<p>Any unused access port in a firewall, unneeded <a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/secure-remote-access\/\">remote access<\/a> (storage, printer, routers, etc.), and similar features will often be unwatched. Hackers will seek to find and exploit these opportunities. Better to simply disable them if they are unneeded. For this reason, organizations should also disable Universal Plug and Play (UPnP) capabilities once setup is complete because hackers have found ways to use the automation features to load malware.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"9-Develop-Patch-Management-Procedures\"><\/span>9. Develop Patch Management Procedures<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Securing network hardware and software requires security teams to consistently update their products to the most current version. This process includes patching as soon as possible, creating patch assignments, and keeping careful watch over your vendors&#8217; security bulletins.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Patch Immediately<\/h3>\n\n\n\n<p>The more quickly your business patches hardware and software, the less time threat actors will have to exploit the vulnerabilities within them. If your business finds that you have limited time to patch resources, adjust processes and tasks so patching is a higher priority. If you implement security platforms with built-in <a href=\"https:\/\/www.esecurityplanet.com\/networks\/patch-management\/\">patch management<\/a> features, you&#8217;ll receive reminders about patches, which will help your team fix vulnerabilities faster.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Assign Patch Management Roles<\/h3>\n\n\n\n<p>Develop a patching schedule for standard version updates for all your networking resources. A patching schedule includes assigning team members roles so everyone knows who&#8217;s responsible for updating each appliance and software version. I recommend creating a simple document that clearly outlines who is responsible for patching each piece of hardware and software, as well as the days and times they&#8217;re supposed to be updated.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Monitor Vulnerability News &amp; Releases<\/h3>\n\n\n\n<p>Part of a strong patch management strategy is being proactive about security issues by monitoring your vendors&#8217; vulnerability information and global industry news in general. New vulnerabilities crop up every week, and often they appear within networking equipment and operating systems. The more quickly you&#8217;re aware of issues, the sooner you can patch them and avoid a zero-day exploit or similar attack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"10-Monitor-Log-Networks\"><\/span>10. Monitor &amp; Log Networks<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>You may not immediately recognize network traffic as malicious, but monitoring it with a <a href=\"https:\/\/www.esecurityplanet.com\/products\/siem-tools\/\">security information and event management<\/a> (SIEM), <a href=\"https:\/\/www.esecurityplanet.com\/networks\/soc-best-practices\/\">security operations center<\/a> (SOC), <a href=\"https:\/\/www.esecurityplanet.com\/networks\/managed-detection-and-response-mdr\/\">managed detection and response<\/a> (MDR), or similar team may detect unusual behavior. These teams can also respond to alerts and remediate attacks that evade automated response. Sandboxing is also an option if you want to further analyze strange behavior on your network.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Designate Monitoring Resources &amp; Teams<\/h3>\n\n\n\n<p>The cybersecurity industry has a plethora of products and services that monitor networks, and if your business leaders feel overwhelmed about which to choose, look closely at the functions of each:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SIEM:<\/strong> Focuses on aggregating enterprise data and logs, often requiring a lot of monitoring and management.<\/li>\n\n\n\n<li><strong>SOC:<\/strong> Manages daily security operations through a team of analysts and security personnel, either internal or external to your company.&nbsp;<\/li>\n\n\n\n<li><strong>Endpoint detection and response (EDR):<\/strong> Finds and mitigates security threats specifically on endpoint devices.<\/li>\n\n\n\n<li><strong>MDR:<\/strong> Provides managed detection and response services so your business can benefit from external analysts&#8217; technology and insights.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Respond to Alerts<\/h3>\n\n\n\n<p>Responding to security alerts is either your job or the job of your operations center or managed service provider. Regardless of who&#8217;s doing this, you&#8217;ll need to designate exactly which team member is in charge of which part of the alert triage process. This improves responsiveness and increases the chance that your security team will handle threats more effectively.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Use a Sandbox<\/h3>\n\n\n\n<p>If you discover malware on your network and want to learn more about its patterns, consider a <a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/sandboxing-advanced-malware-analysis\/\">sandboxing product<\/a>. These help your team watch the way malicious programs work in a safe, controlled environment. They often come in larger security suites, like managed detection and response solutions, but you can purchase them separately, too.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"11-Develop-an-Incident-Response-Plan\"><\/span>11. Develop an Incident Response Plan<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Your business always needs an <a href=\"https:\/\/www.esecurityplanet.com\/networks\/incident-response\/\">incident response<\/a> plan to know how to handle security events, no matter how small your security team is. An incident response plan should clearly list every step, in order, that your team should take to mitigate threats. A few of the most common characteristics of an incident response plan include customization, flexible structure, and proper alert methodology.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Create Customizable Plans for Multiple Situations<\/h3>\n\n\n\n<p>It&#8217;s likely that you&#8217;ll need more than one iteration of an <a href=\"https:\/\/www.esecurityplanet.com\/networks\/incident-response-how-to-prepare-for-attacks-and-breaches\/\">incident response plan<\/a>, not just a single list of steps that works in every situation. Creating a general template and then a few different, more specific plans is often a good strategy for customizing an incident response plan for different types of security incidents. Responses will vary depending on the vulnerability or attack, and so will the specific plan for each.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Be Flexible When a Process Needs to Change<\/h3>\n\n\n\n<p>While incident response plans do need ordered steps, they also need to have some wiggle room in case a process needs to change last-minute. This could look like listing a couple of additional team members to take over if the point person for one step is on vacation or sick or providing some different mitigation options for a security threat in case one doesn&#8217;t work.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Develop Alert Procedures That Make Sense<\/h3>\n\n\n\n<p>Security teams have to sort through a lot of information, and not all alerts are accurate. Develop procedures for triaging alerts and separating the false positives from the issues you really need to investigate. Automation is helpful here \u2014 you&#8217;ll save your incident response team some work if they have accurate software telling them which alerts to prioritize.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"12-Train-Employees-in-Cybersecurity-Practices\"><\/span>12. Train Employees in Cybersecurity Practices<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Users remain one of the most prevalent sources of security breaches because everyone makes mistakes, and most employees aren\u2019t security experts. Employee training and penetration testing are two of the main tactics businesses use to keep their personnel up to speed on threats, but everyday conversations within teams play a key role in protecting the company, too.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Train Your Teams on Security Basics<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/cybersecurity-training\/\">Cybersecurity training courses<\/a> for enterprises and SMBs provide fundamental instructions that enable employees to contribute to better security practices for the whole organization. They highlight issues like phishing attacks, malware, unsafe password practices, and compromised hardware like USB drives. They also decrease the chance that a cyberattack will take employees completely by surprise.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Perform Penetration Testing<\/h3>\n\n\n\n<p>In a penetration testing scenario, internal or external hackers attempt to breach the business&#8217;s network and find the vulnerabilities in it. But some pentesting strategies may also include <a href=\"https:\/\/www.esecurityplanet.com\/threats\/social-engineering-attacks\/\">social engineering<\/a> that exposes where employees need to be trained. Be careful not to vilify employees who make mistakes, and encourage the most transparent discussions within your organization.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Have Regular Conversations<\/h3>\n\n\n\n<p>Don&#8217;t downplay the importance of frequent discussions about cybersecurity. The more employees, but especially leaders, talk with their teammates about threats and vulnerabilities, the more prepared you&#8217;ll be to handle those issues. Discussing security also discourages employees from making unwise decisions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"13-Continuously-Improve-the-Network\"><\/span>13. Continuously Improve the Network<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>No security is foolproof. Vulnerabilities, misconfigurations, mistakes, and skilled attackers can create breaches in network and other security. Even the most robust security stack and most resilient network will fall apart without maintenance. Updating software and default credentials, disabling obsolete protocols, and performing regular network security audits will help your organization stay on top of network improvements.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Update Systems Automatically<\/h3>\n\n\n\n<p>Often, you can set local network routers, firewalls, and other equipment to automatically download new updates so that the devices and the firmware aren&#8217;t vulnerable. However, be aware that power failures during updates \u2014 or buggy updates \u2014 might result in equipment failure.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Change Default Credentials<\/h3>\n\n\n\n<p>Routers and other equipment generally arrive with publicly-disclosed default settings and names, but these are a wide-open door for hackers. Network admins should change the default router passwords to protect against unauthorized access. The U.S. Federal Trade Commission (FTC) provides broader recommendations to <a href=\"https:\/\/consumer.ftc.gov\/articles\/how-secure-your-home-wi-fi-network\" target=\"_blank\" rel=\"noreferrer noopener\">secure home Wi-Fi networks<\/a> and other tips for offices and consumers.<\/p>\n\n\n\n<p><strong>If you need to update your router&#8217;s security, read more about <a href=\"https:\/\/www.esecurityplanet.com\/networks\/upgrading-wi-fi-security-from-wep-to-wpa2\/\">configuring it to use WPA2<\/a>.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Don&#8217;t Use Obsolete Protocols<\/h3>\n\n\n\n<p>IT equipment ships with backwards compatibility, but this can be problematic because that includes support for obsolete and dangerous options. I recommend disabling <a href=\"https:\/\/www.auvik.com\/franklyit\/blog\/insecure-network-protocols\/\" target=\"_blank\" rel=\"noreferrer noopener\">insecure protocols and ports<\/a> such as FTP or SMBv1 throughout the ecosystem to prevent future exploits. Use your network management console to disable any outdated protocols that you don&#8217;t want your network to permit anymore.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" style=\"text-transform:none\">Audit Your Network<\/h3>\n\n\n\n<p>Perform regular audits on your entire network so you continually uncover vulnerabilities and weaknesses over time. Audits should cover both hardware and software, so your switches, routers, operating systems, computers, and servers are all being tested and reviewed for security and performance.<\/p>\n\n\n\n<p><strong>Are you considering auditing your entire firewall? Use our guide to <a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-do-a-firewall-audit\/\">performing a firewall audit<\/a> to inform your process.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"text-transform:none\"><span class=\"ez-toc-section\" id=\"Bottom-Line-Securing-a-Network-Is-an-Ongoing-Process\"><\/span>Bottom Line: Securing a Network Is an Ongoing Process<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Networks form a bridge between users and their computers on one side and the assets they need to reach on the other. Network security protects the bridge, but to ensure safety, each end of the bridge must also be protected by security for users, applications, data, and assets. Each component of a security strategy reinforces and protects the organization as a whole from the failure of any specific component.<\/p>\n\n\n\n<p>IT security teams need to not only maintain awareness of their current and future needs, but they also must communicate those needs clearly to non-technical stakeholders to obtain budgets and other support.<\/p>\n\n\n\n<p><strong>To learn more about specific types of threats, read our <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security-threats\/\">guide to network security threats<\/a>, which includes operational technology issues, malware, and human error.<\/strong><\/p>\n\n\n\n<p><em><a href=\"https:\/\/www.esecurityplanet.com\/author\/chad-kime\/\">Chad Kime<\/a> contributed to this article.<\/em><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6c4a1e2895-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6c4a1e2895\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6c4a1e2895\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6c4a1e2895\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6c4a1e2895\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6c4a1e2895\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6c4a1e2895\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Securing a network is a continuous process. Discover the process of securing networks from unwanted threats.<\/p>\n","protected":false},"author":238,"featured_media":35281,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[14],"tags":[2369,3790,21812,3414,30582,730,3483,10341,5277],"b2b_audience":[33,35],"b2b_industry":[63],"b2b_product":[382,383,395,377,31779,31781,381,31776,393,31775,392,396],"class_list":["post-27906","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networks","tag-cloud-security","tag-cybersecurity","tag-network-access-control","tag-network-security","tag-ngfw","tag-security","tag-siem","tag-web-application-firewall","tag-web-security","b2b_audience-awareness-and-consideration","b2b_audience-implementation-and-support","b2b_industry-technology","b2b_product-application-security-vulnerability-management","b2b_product-encryption-data-loss-prevention","b2b_product-firewalls-and-intrusion-prevention-and-detection","b2b_product-gateway-and-network-security","b2b_product-iot-security","b2b_product-multi-factor-access-management","b2b_product-network-access-control-nac","b2b_product-siem","b2b_product-virtual-private-network-vpn","b2b_product-web-applications-security","b2b_product-web-security","b2b_product-wireless-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Network Protection: How to Secure a Network in 13 Steps<\/title>\n<meta name=\"description\" content=\"Securing a network is a continuous process. Discover the process of securing networks from unwanted threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Network Protection: How to Secure a Network in 13 Steps\" \/>\n<meta property=\"og:description\" content=\"Securing a network is a continuous process. Discover the process of securing networks from unwanted threats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-13T09:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-06-21T12:45:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/ESP_NetworkProtection-HowToSecureANetworkIn13-Steps_2024_MEL_rnd2-02.png\" \/>\n\t<meta property=\"og:image:width\" content=\"5000\" \/>\n\t<meta property=\"og:image:height\" content=\"2625\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jenna Phipps\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jenna Phipps\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"18 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/\"},\"author\":{\"name\":\"Jenna Phipps\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/243ac4ed3a5e9bf35bd7b98a40c326fb\"},\"headline\":\"Network Protection: How to Secure a Network in 13 Steps\",\"datePublished\":\"2024-05-13T09:00:00+00:00\",\"dateModified\":\"2024-06-21T12:45:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/\"},\"wordCount\":3925,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/esp_20240513-how-to-secure-a-network.png\",\"keywords\":[\"cloud security\",\"cybersecurity\",\"Network Access Control\",\"network security\",\"ngfw\",\"security\",\"SIEM\",\"Web application firewall\",\"Web security\"],\"articleSection\":[\"Networks\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/\",\"name\":\"Network Protection: How to Secure a Network in 13 Steps\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/esp_20240513-how-to-secure-a-network.png\",\"datePublished\":\"2024-05-13T09:00:00+00:00\",\"dateModified\":\"2024-06-21T12:45:55+00:00\",\"description\":\"Securing a network is a continuous process. Discover the process of securing networks from unwanted threats.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/esp_20240513-how-to-secure-a-network.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/esp_20240513-how-to-secure-a-network.png\",\"width\":1400,\"height\":900,\"caption\":\"Image: Vladimir\/Adobe Stock\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Network Protection: How to Secure a Network in 13 Steps\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/243ac4ed3a5e9bf35bd7b98a40c326fb\",\"name\":\"Jenna Phipps\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/EDITED-HH-88484840_Jenna_Phipps_Jenna_headshot_2_editor_faharia-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/EDITED-HH-88484840_Jenna_Phipps_Jenna_headshot_2_editor_faharia-150x150.jpg\",\"caption\":\"Jenna Phipps\"},\"description\":\"Jenna Phipps is a staff writer for eSecurity Planet and has years of experience in B2B technical content writing. She covers security practices, vulnerabilities, data protection, and the top products in the cybersecurity industry. She also writes about the importance of cybersecurity technologies and training in business environments, as well as the role that security plays in data storage and management. When Jenna's not writing about security, you can find her reading, shopping, eating smoothie bowls, or spending time with friends.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/jphipps\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Network Protection: How to Secure a Network in 13 Steps","description":"Securing a network is a continuous process. Discover the process of securing networks from unwanted threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/","og_locale":"en_US","og_type":"article","og_title":"Network Protection: How to Secure a Network in 13 Steps","og_description":"Securing a network is a continuous process. Discover the process of securing networks from unwanted threats.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/","og_site_name":"eSecurity Planet","article_published_time":"2024-05-13T09:00:00+00:00","article_modified_time":"2024-06-21T12:45:55+00:00","og_image":[{"width":5000,"height":2625,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/ESP_NetworkProtection-HowToSecureANetworkIn13-Steps_2024_MEL_rnd2-02.png","type":"image\/png"}],"author":"Jenna Phipps","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Jenna Phipps","Est. reading time":"18 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/"},"author":{"name":"Jenna Phipps","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/243ac4ed3a5e9bf35bd7b98a40c326fb"},"headline":"Network Protection: How to Secure a Network in 13 Steps","datePublished":"2024-05-13T09:00:00+00:00","dateModified":"2024-06-21T12:45:55+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/"},"wordCount":3925,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/esp_20240513-how-to-secure-a-network.png","keywords":["cloud security","cybersecurity","Network Access Control","network security","ngfw","security","SIEM","Web application firewall","Web security"],"articleSection":["Networks"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/","url":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/","name":"Network Protection: How to Secure a Network in 13 Steps","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/esp_20240513-how-to-secure-a-network.png","datePublished":"2024-05-13T09:00:00+00:00","dateModified":"2024-06-21T12:45:55+00:00","description":"Securing a network is a continuous process. Discover the process of securing networks from unwanted threats.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/esp_20240513-how-to-secure-a-network.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2024\/05\/esp_20240513-how-to-secure-a-network.png","width":1400,"height":900,"caption":"Image: Vladimir\/Adobe Stock"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/how-to-secure-a-network\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"Network Protection: How to Secure a Network in 13 Steps"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/243ac4ed3a5e9bf35bd7b98a40c326fb","name":"Jenna Phipps","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/EDITED-HH-88484840_Jenna_Phipps_Jenna_headshot_2_editor_faharia-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/EDITED-HH-88484840_Jenna_Phipps_Jenna_headshot_2_editor_faharia-150x150.jpg","caption":"Jenna Phipps"},"description":"Jenna Phipps is a staff writer for eSecurity Planet and has years of experience in B2B technical content writing. She covers security practices, vulnerabilities, data protection, and the top products in the cybersecurity industry. She also writes about the importance of cybersecurity technologies and training in business environments, as well as the role that security plays in data storage and management. When Jenna's not writing about security, you can find her reading, shopping, eating smoothie bowls, or spending time with friends.","url":"https:\/\/www.esecurityplanet.com\/author\/jphipps\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/27906"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/238"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=27906"}],"version-history":[{"count":9,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/27906\/revisions"}],"predecessor-version":[{"id":36186,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/27906\/revisions\/36186"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/35281"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=27906"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=27906"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=27906"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=27906"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=27906"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=27906"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}