said by norwegian:There seems to be a few areas of concern for any network that is relevant now.
1. ARP
2. File sharing
3. Exploits
4. Infection
There maybe more, but these would have to be the initial concerns?
1. not with the level of configuration of gear that is available at the local electronics shop.
You're basically looking at stuff like Dynamic ARP Inspection, 'sticky' MAC addresses, (private) VLANs,
and a few other things that are not available at the consumer level, and at the Enterprise level is
in the neighborhood of $10K or more
Points 2 to 4 I'll leave to other ppl that have already posted.
said by norwegian:So I tried a discussion in hopes I could view or review protocols to help understand more generally about setting up networks securely from starting with locking down a router and using it to it's full potential.
Here's my breakdown of security from a network-view
Layer 1 / Physical : no physical access to the router / cables, console / remote access disabled
Layer 2 / Logical : see my point above, but it goes back to knowing WHO and WHAT is on the LAN, especially that
pesky "unknown computer" in Windows Network Neighborhood"
Layer 3 / Network : alittle more involved, unless you have a very customizable rig / setup.
Layer 4 / Transport : also alittle more involved, but basically knowing WHAT programs / traffic is running around the
network, both INbound and OUTbound. Some basic stuff would be knowning commands like 'netstat,' etc.
Layer 5 - 7 : Application : As others have said, up-to-date system and patches, anti-virus, anti-malware, etc.
maintaining current backups, strong passwords and the like, AND MAINTAINING LOGS of what's going on.
My 00000010bits
Regards