Skip to main content
NC School Connectivity Initiative

Network Infrastructure Management

Establish, implement, and actively manage (track, report, correct) network devices, in order to prevent attackers from exploiting vulnerable network services and access points.

Program Services & Resources

The following services and resources are provided by the NC K-12 Cybersecurity Program and provided to PSUs at no cost to help execute the actions defined in the K-12 CORE Safeguards:

Why is Network Infrastructure Management Important?

A secure network infrastructure is a critical defense for PSUs, requiring a well-designed security architecture, regular monitoring, and ongoing reassessment of configurations. Network devices such as firewalls, routers, switches, and wireless access points often come with default settings that prioritize ease of deployment over security. These defaults can introduce vulnerabilities, including open ports, default passwords, unnecessary services, and outdated protocols, all of which attackers actively seek out and exploit to gain access, redirect traffic, or intercept data. Over time, as business needs evolve and exceptions are made to security rules, configurations can become less secure—especially if those exceptions aren’t regularly reviewed or removed when no longer necessary. To maintain strong defenses, PSUs must continuously evaluate its network architecture, firewall rules, access controls, and traffic flows to ensure they align with current security best practices and risk tolerance.

What can you do?

Maintaining a secure and well-documented network infrastructure is essential for effective cybersecurity measures in PSUs. Up-to-date network and security architecture diagrams provide a critical foundation for managing infrastructure, ensuring visibility into all components and their interconnections. Key devices must have active vendor support for patches and updates, with End-of-Life (EOL) equipment either replaced before support ends or isolated with mitigating controls. PSUs should monitor device versions and configurations regularly to identify and address vulnerabilities that could require upgrades to stable, secure versions. Proper account management, logging, and monitoring must be in place, and administrative access should only occur over secure protocols using strong authentication such as MFA for privileged access and from dedicated devices or secure out-of-band networks. Additionally, commercial tools can help analyze network device rule sets and Access Control Lists (ACLs) to identify errors or conflicts that might expose the network to unintended services. These tools should be used routinely, especially after significant changes to firewall or router configurations, to ensure consistent and secure filtering.

Specific details and procedures are outlined in the K-12 Cybersecurity CORE Safeguards.

**NC K-12 Cybersecurity Community Mailing list subscription is required to access the CORE Safeguard materials**