Network Security ProposalSally Frederick TudorNetwork Administrator
SECURITY AUDIT POLICY Make asset list (inventory) Make threats list Prioritize Assets and VulnerabilitiesRisk = Probability X Harm Are NAC’s (ACLs) being implemented? Are they monitored and updated regularly? Are there Audit logs to review and identify attempts toaccess network? Are STIGs being implemented and adhered to?
SECURITY AUDIT POLICY Inventory of all assets Locks on all doors and cabinets Educate users on policies and how to adhere to them Intruder Detection (IDS) Anti-virus program Anti-spyware program Windows Firewall on your Operating System Windows Defender Strong password policies
SECURITY AUDIT POLICY Disaster Recovery Plan Backup policies Encryption policies Event logging should be enabled and monitoredweekly Security policy should be changed or updated as oftenas needed
SECURITY AUDIT POLICY Are there backup policies? Are email communications being protected andfiltered? Are Intrusion Detection Systems (IDS) being used onthe network? Are key personnel educated on regarding DoDspolicies and guidelines? Are physical assets and resources being protected byIntrusion Prevention System (IPS)?
FIREWALLS Firewalls are a MUST! All firewalls have a Rules file. The best option for your firewall is the default setting:Deny-All because it is the “cautious approach”. Deny-All then assign permissions sparingly asnecessary for operation of the business. Packet filtering is done by a firewall and it limits thedata that comes in through your ports. By doing so the firewall can block services such as FTPand Telnet.
FIREWALLS Using and maintaining passwords enableauthentication on the firewall so users can only surfthe Web or use E-mail after they have successfullyauthenticated themselves, which force employees tokeep track of passwords and to remember them. Password lists need to be kept up-to-date; for examplewhen they are changed, or employees quit or get fired,or leave the business for any reason. The IDS can be installed on a central server, or in theexternal and/or the internal routers at the perimeter ofthe network.
PROXY SERVERS Proxy servers are used to conceal clients, translatenetwork addresses, and filter content. They prevent malicious code from entering thenetwork. They scan the entire data part of IP packets and createmuch more detailed log file listings than packet filters. Packet filters log only the header information, whereasproxy servers can log much more. Proxy servers rebuild the packets with new source IPinformation, which shields internal users from thoseon the outside.
ENCRYPTION Encryption plays an important role in many firewalls. Hackers will take advantage of firewalls that don’t useencryption. Preserves data integrity. Encryption plays an important role in enabling virtualprivate networks (VPNs). Encryption method should be monitored to assess howwell it is working. Firewall log files can improve the security against intrusionattempts by identifying attempts made by hackers tocompromise or breach the network.
REMOTE SECURITY Determine which remote access vulnerabilitiescurrently exist in your environment. Vulnerability Scanning finds missing patches, and digsin deeper to find misconfigurations, unnecessaryshares, null session connections and other exploitablevulnerabilities you would not otherwise be able to digup easily. Install and run Microsoft Baseline Security Analyzer(MBSA) on all systems and review reports. Ensure that personal firewall software is installed.
REMOTE SECURITY Require antivirus and antispyware on every system. Ensure that updates are being applied in real-time ifpossible to prevent unnecessary infections. Enable strong file and share permissions on remotehard drives and other storage devices—especiallyWindows 2000 and NT—that allows everyone accessby default. Have a written policy and documented procedures inplace for managing patches.
REMOTE SECURITY Disable null session connections as outlined to preventthe unauthorized gleaning of user names, securitypolicy information and more from remote systems. Implement a VPN using the free Windows-basedPPTP, or Windows Remote Desktop or Citrix. Remember to include remote users; computers andapplications in your security incident response planand disaster recovery plans. To prevent users from installing IM, P2P, and otherapplications that you can’t support grant minimalprivileges.
REMOTE SECURITY For systems that are wireless don’t forget to enableWEP at a minimum since it’s better than nothing. Require your users to use directional antennae. Enable MAC address controls which help non-techiesfrom snooping or accessing your network. Require a specific vendor model of AP and wirelessNIC to ensure they are hardened consistentlyaccording to your standards and so you can stayabreast of any major security alerts and necessaryfirmware of software updates.
REMOTE SECURITY Remember that users may connect to your network viapublic hotspots to make user you and they understandthe security implications and have the propersafeguards in place. Enable secure messaging if a VPN or other hotspotprotection is not available via POP3s, SMTPs, Webmailvia HTTPS and other built-in controls. Disable Bluetooth if it’s not needed. Otherwise, it’s toorisky by default so lock it down.