Poor Bob from Accounting. He had a vendor come through last month – she had a laptop and needed to plug in to show him her presentation. So Bob gave her access to the network and by the time she showed the last slide of her PowerPoint, half of the servers were infected with malware.

Businesses tend to think about threats from the outside. But there are plenty of dangers inside your walls. You may trust your employees, but what about their devices? Their guests? And their hardware from home?

Here are 7 steps you need to take right now to defend your infrastructure from attack:

1. Network Access Control

The fundamental aspect of Network Infrastructure Security is making sure you have firm rules in place.

  • Are they wired or wireless?
  • Are they a guest or employee?
  • Do you trust them with access and what kind?

Your routers and switches must be managed so your user follows the principle of least privilege.

2. Device Hardening

Any type of services on a router or switch can act as File Transfer Protocol (FTP) access. You need to put a stop it.

  • Disable the telnet
  • Use a secure shell protocol (SSH) for remote access
  • Eliminate unmonitored access

Go through each individual device and scan for open ports to shut down areas that can be exploited.

3. VoIP Security

Your phone conversation exists as transcribed audio, captured perpetuity on a hard drive. Should anyone be able to listen to that but you?

  • Encrypt your calls
  • Encode your audio
  • Restrict access

Your private communications should remain private – protect your voice.

4. East/West Firewall & Intrusion Prevention System (IPS)

Your employees need to stay in their own lane. East/West firewalls act as the traffic cops.

  • Silo your access
  • Monitor for signatures jumping their lane
  • Analyze malicious access

Let Accounting have access to Accounting. Same for engineering. Everyone else can stay on the surface streets.

5. Wireless Security

Mobile threats are entering and exiting your network constantly. Not all of them are friendly.

  • Restrict radio frequency (RF) access
  • Utilize pre-shared keys
  • Employ cryptographic algorithms

You don’t owe anything to a wandering device. You gain nothing by giving it access and stand to lose more than you know.

6. Mobile Device Management

Everyone needs a smartphone right? Treating them differently from desktops is a huge mistake.

  • Track mobile devices with MDM
  • Roll out updates over the air
  • Add and remove devices automatically

When someone loses their phone, make sure it can’t come back in someone else’s hands.

7. Bring Your Own Device (BYOD) Solutions

BYOD is like open swim on your network. Give them their own BYOD network to make sure they stay in the kiddie pool.

  • Require login credentials
  • Certificate and compliance check
  • Limit access to intranet or ConnectWise only

Keep everyone safe and connected while protecting yourself from wandering malware.

Discover more about Network Infrastructure Security and how you can button up your business here.


Matrix Integration specializes in information technology solutions for businesses including IT consulting, security, communications, networking, implementation, wireless, data centers, managed services, remote monitoring and disaster recovery.