A colleague and I brainstormed a quick list of some ways (many not costly), to help make a school (or other) network more secure, and this is what we came up with. What would you add?
|Make this more secure|
1. Setup a separate BYOD guest wireless network and do not allow these devices on your main network.
2. Enable wireless isolation on your wireless networks.
3. Do not allow users to install software on district computers.
4. Consider a network access control solution to secure wired network ports.
5. Consider internal firewalls for high value servers with critical data or at least find a way to restrict network access to these servers.
6. Keep servers and security appliances up to date and patched.
7. Endpoint antivirus and malware security is still critical.
8. Don't forget about educating users. Active user education is critical.
9. Firewalls, Spam filters, and web filters. Many of these devices are converging into next-generation combined products, but all of these can help scan for bad web sites, phishing links, viruses, malware and more.
10. Restrict ICMP traffic at the firewall, to limit hackers ability to scan your network.
11. Consider restricting USB drives, or at the very least enforcing malware and virus scanning on these devices.
12. Have good backups of shared drives and servers, as viruses and malware are likely to attack them.