There are many security procedures that should be taken depending upon your network environment, and equipment involved. To deliver some basic guidance that can set you in the right direction here's a short list:
- Maintain good basic security practices: Don't use default accounts or passwords on network devices! Use strong passwords, and change them on a regular basis based on the number of people accessing the device. Know who is authorized to make changes on the equipment, and use auditing to track their actions. Don't use the same account for several administrators - or you will loose the ability to determine who initiated changes (that's not only a good security practice, but a good practice for change management as well).
- Determine the vulnerabilities inherent in your network devices and support software, and patch or mitigate these vulnerabilities. You will feel embarrassed if you are hacked because you are a year or so behind on patching (and might be unemployed as well.) Develop a list of the equipment, check security advisories and plug in to any notifications you can.
- Know your enemy and their tools! This comes from the to catch a criminal a cop has to think like one school of thought. You enemy may be the bored teenage script kiddie, a hacker seeking to profit from or embarrass your company from their exploits, or an user or coworker who has greater access then they should have. A small dose of paranoia and knowing what avenues may be used against you can be helpful. (Remember, just because you are paranoid doesn't mean someone isn't out to get you).
- Be consistent. Consistent approaches to patching, configurations, etc, gives you a smaller set of variables which to defend. Better a few well armored solutions than many solutions with lots of holes.