There are many best practices for keeping devices safe. In this video, you’ll learn about disabling ports, changing default credentials, MAC filtering, and much more
There are a number of different ways to help protect our computing devices. And in this video, we’ll look at device security. As we’ve already seen in this course, port numbers are used extensively to be able to transfer information across the network. But these port numbers can also be a way into your system.
Each network-based service running on your system has an open port number that can be seen by others on the network. That port number is effectively an entry point into that service that’s running on your system. If that service is actively in use, then we need to keep that port open. But if that service is one that you’re no longer using, then you should close the service and make sure that port number is not accessible from the outside.
One way to control access to this open port would be to use a firewall. A firewall can give you control over what devices are able to connect to your computer so you could decide whether you would like individuals on the inside of your network to have access to this port number or if you’d like to open it up to a wider audience. Sometimes, port numbers are open on our computer and we have no idea why that port number is open. Often, this is because there’s a service that’s running on your system that you were simply not aware of and that service opens a port number to the outside.
There is a large range of port numbers that could be opened on your computer, specifically port numbers 0 through 65,535. Any service running on your system can use any of those numbers to enable access from others across the network. If you’re wondering just what services or port numbers may be open on your computer, you can use a third party tool, such as Nmap to scan your system and see what port numbers are advertised to the world. From there, you can decide whether that’s a port number that needs to stay open so that service is available to others or you can choose to shut down that service and remove that port number from your system.
If you’ve ever installed a switch, a router, a firewall, or any other networking device, then you know there is commonly a set of standard credentials to be able to log into that device. Many devices will require you to change those credentials the first time you log in, but a large number of devices simply have those default credentials available for anyone to use at any time. Obviously, keeping those default credentials on a system mean that anyone who happens to know that default username and password could potentially gain access to that system.
And in many cases, these default credentials provide administrative access to the entire system. Leaving these available would effectively allow anyone to have complete control over that system. If you’re wondering what the default credentials might be for a particular device, there’s a database of those that you can find on routerpasswords.com. This website provides a database of all of the default usernames and passwords for these devices that you may already have installed on your network.
One of the challenges with securing a switch network is that you can’t physically be watching every single interface on every single switch all the time. But there are features within the switch that can provide you with additional security. Specifically, port security.
Port security is a feature built into a number of switches that prevent someone from unplugging an existing system and plugging in their own system into that same interface. The switch will recognize that a new system has now plugged in and it will prevent that system from communicating on the network. This is based on the MAC address or Media Access Control address of this device. That MAC address describes the physical interface on that network interface card. And by configuring your switch to look for those MAC addresses, you can prevent someone from effectively changing the MAC address in the middle of the day.
The configuration for port security usually starts by telling the switch how many MAC addresses should be associated with a particular interface. You can decide if one particular MAC address should be associated with one single interface or if there should be multiples associated with that interface. You can also specify the exact MAC address that is allowed to communicate over that physical switch interface. The switch will then monitor every device that connects to that particular interface and it will record the MAC address of all of those devices. If you then connect a device that the switch is not expecting to see, you will see the port security will activate on that switch. The default on many switches is to immediately disable the interface and send a message to the network administrator.
Another good security best practice for protecting your devices is to disable any unused interfaces on those switches. If you’ve ever walked into a conference room or break room, you may have seen ethernet interfaces on the wall. And those interfaces may or may not be enabled.
The best practice, of course, is to disable those interfaces until someone needs to use that particular port. This requires a bit more administration because you have to keep track of what interfaces are enabled and what interfaces have been disabled. And occasionally, you’ll be asked to enable an interface that is currently not operational.
Although this takes additional time and effort to be able to maintain, it also makes your network much more secure. Some organizations take this to the next level by having each interface require authentication before you can communicate on the network. This is referred to as Network Access Control, or NAC. You’ll often see it implemented as 802.1x. When you connect any device to the network or you connect to a wireless network, it will first prompt you for authentication. You have to provide your username and password and only then are you allowed to communicate on the network.
Some administrators will even use MAC address filtering to keep out devices that they would not like to have on their network. As you recall, the media access control address is the hardware address of a device so you can effectively limit access to the network based on the physical device that may be communicating across that network. This is very useful for keeping out devices that are not authorized to be on the network.
But when new devices appear or you have someone visit, you may need to enable their MAC address in the filter so that they can communicate on the network. One of the challenges with a media access control filter is that the MAC address on a device can be administratively changed. You can change the software configuration of the network adapter card to be any MAC address you’d like. This might allow someone to perform a packet capture to see what MAC addresses are on the network, wait for one of those MAC addresses to leave, and then use that MAC address to gain access through that MAC address filter.
For that reason, we would categorize MAC filtering as security through obscurity. This means that if you know the method that’s being used for security, it becomes very easy to circumvent that security. If you’ve worked in IT for any amount of time, you know there are authentication details, certificates, encryption keys and many other security keys that have to be managed in your IT environment. Often, there’s third party software you can install to keep all of these keys managed.
From this single console, you can create keys for a specific service or perhaps for a specific cloud provider. You might even associate these keys with a specific user or a specific service. From there, you can manage those keys. You’ll know exactly when the keys will expire. You can renew the keys or revoke those keys and you can even see when the keys are being used or when someone may be using a key to gain access to another system.
Here’s the dashboard of a key management system. You can see there are certificates and keys that are configured as part of this key management system. You can see the certificate authority associated with those keys, vulnerabilities, SSH keys, license details and much more. If you have many different web servers and you need to find a way to manage those SSL keys, you can use the SSL feature of the key management software to be able to list all of the keys, know when they expire and be able to renew them all from this console.
You might also want to manage SSH keys, which can be used to log in to a Linux server or some other SSH compatible service. All of these keys are also listed in the key management device and you can see what users are gaining access to these keys and what devices they’re authenticating to. Since all of these keys are in one central place, you can then start creating reports on how these keys have been used.
There are SSH reports, landing server reports, private key reports, and so much more. All of this is contained within this single key management server, which makes the process of managing all of your keys much easier.