Sally’s Special Services Network Security Proposal Sally Frederick Tudor Network Administrator
SECURITY AUDIT POLICY Make asset list (inventory) Make threats list Prioritize Assets and Vulnerabilities Risk = Probability X Harm Are NAC’s (ACLs) being implemented? Are they monitored and updated regularly? Are there Audit logs to review and identify attempts to access network? Are STIGs being implemented and adhered to?
SECURITY AUDIT POLICY Inventory of all assets Locks on all doors and cabinets Educate users on policies and how to adhere to them Intruder Detection (IDS) Anti-virus program Anti-spyware program Windows Firewall on your Operating System Windows Defender Strong password policies
SECURITY AUDIT POLICY Disaster Recovery Plan Backup policies Encryption policies Event logging should be enabled and monitored weekly Security policy should be changed or updated as often as needed
SECURITY AUDIT POLICY Are there backup policies? Are email communications being protected and filtered? Are Intrusion Detection Systems (IDS) being used on the network? Are key personnel educated on regarding DoDs policies and guidelines? Are physical assets and resources being protected by Intrusion Prevention System (IPS)?
FIREWALLS Firewalls are a MUST! All firewalls have a Rules file. The best option for your firewall is the default setting: Deny-All because it is the “cautious approach”. Deny-All then assign permissions sparingly as necessary for operation of the business. Packet filtering is done by a firewall and it limits the data that comes in through your ports. By doing so the firewall can block services such as FTP and Telnet.
FIREWALLS Using and maintaining passwords enable authentication on the firewall so users can only surf the Web or use E-mail after they have successfully authenticated themselves, which force employees to keep track of passwords and to remember them. Password lists need to be kept up-to-date; for example when they are changed, or employees quit or get fired, or leave the business for any reason. The IDS can be installed on a central server, or in the external and/or the internal routers at the perimeter of the network.
PROXY SERVERS Proxy servers are used to conceal clients, translate network addresses, and filter content. They prevent malicious code from entering the network. They scan the entire data part of IP packets and create much more detailed log file listings than packet filters. Packet filters log only the header information, whereas proxy servers can log much more. Proxy servers rebuild the packets with new source IP information, which shields internal users from those on the outside.
ENCRYPTION Encryption plays an important role in many firewalls. Hackers will take advantage of firewalls that don’t use encryption. Preserves data integrity. Encryption plays an important role in enabling virtual private networks (VPNs). Encryption method should be monitored to assess how well it is working. Firewall log files can improve the security against intrusion attempts by identifying attempts made by hackers to compromise or breach the network.
REMOTE SECURITY Determine which remote access vulnerabilities currently exist in your environment. Vulnerability Scanning finds missing patches, and digs in deeper to find misconfigurations, unnecessary shares, null session connections and other exploitable vulnerabilities you would not otherwise be able to dig up easily. Install and run Microsoft Baseline Security Analyzer (MBSA) on all systems and review reports. Ensure that personal firewall software is installed.
REMOTE SECURITY Require antivirus and antispyware on every system. Ensure that updates are being applied in real-time if possible to prevent unnecessary infections. Enable strong file and share permissions on remote hard drives and other storage devices—especially Windows 2000 and NT—that allows everyone access by default. Have a written policy and documented procedures in place for managing patches.
REMOTE SECURITY Disable null session connections as outlined to prevent the unauthorized gleaning of user names, security policy information and more from remote systems. Implement a VPN using the free Windows-based PPTP, or Windows Remote Desktop or Citrix. Remember to include remote users; computers and applications in your security incident response plan and disaster recovery plans. To prevent users from installing IM, P2P, and other applications that you can’t support grant minimal privileges.
REMOTE SECURITY For systems that are wireless don’t forget to enable WEP at a minimum since it’s better than nothing. Require your users to use directional antennae. Enable MAC address controls which help non-techies from snooping or accessing your network. Require a specific vendor model of AP and wireless NIC to ensure they are hardened consistently according to your standards and so you can stay abreast of any major security alerts and necessary firmware of software updates.
REMOTE SECURITY Remember that users may connect to your network via public hotspots to make user you and they understand the security implications and have the proper safeguards in place. Enable secure messaging if a VPN or other hotspot protection is not available via POP3s, SMTPs, Webmail via HTTPS and other built-in controls. Disable Bluetooth if it’s not needed. Otherwise, it’s too risky by default so lock it down.