system32
Executive Member
Some tips:
- Get a decent external firewall - keep the firewall firmware updated
- Disable ALG, Disable UPnP - disable ALL incoming traffic
- Use hosted email (eg Gmail) as they will clean all incoming email
- Run a nmap scan against your public IP to see if any ports exposed
- If you need to connect in, use a VPN from static IP and use 2FA
- Block all outgoing and force use of an http/https proxy
- Split your network - get an internal firewall and put servers in a separate network zone (VLAN), user devices in another VLAN and use a firewall to control access.
- Enforce password length policy and use 2FA
- Enable NAC to prevent unauthorized devices
- Keep software updated, apply security patches promptly.
- Enable client OS firewalls
- Disable and remove unnecessary software
- Control software install - don't allow users to install any software - do it for them
- Do backups - to offsite
- etc