Network Security Proposal

Sally’s Special Services
Network Security Proposal
Sally Frederick Tudor
Network Administrator

SECURITY AUDIT POLICY
Make asset list (inventory)
Make threats list
Prioritize Assets and Vulnerabilities
Risk = Probability X Harm
Are NAC’s (ACLs) being implemented?
Are they monitored and updated regularly?
Are there Audit logs to review and identify attempts to access network?
Are STIGs being implemented and adhered to?

Inventory of all assets
Locks on all doors and cabinets
Educate users on policies and how to adhere to them
Intruder Detection (IDS)
Anti-virus program
Anti-spyware program
Windows Firewall on your Operating System
Windows Defender
Strong password policies

Disaster Recovery Plan
Backup policies
Encryption policies
Event logging should be enabled and monitored weekly
Security policy should be changed or updated as often as needed

Are there backup policies?
Are email communications being protected and filtered?
Are Intrusion Detection Systems (IDS) being used on the network?
Are key personnel educated on regarding DoDs policies and guidelines?
Are physical assets and resources being protected by Intrusion Prevention System (IPS)?

FIREWALLS
Firewalls are a MUST!
All firewalls have a Rules file.
The best option for your firewall is the default setting: Deny-All because it is the “cautious approach”.
Deny-All then assign permissions sparingly as necessary for operation of the business.
Packet filtering is done by a firewall and it limits the data that comes in through your ports.
By doing so the firewall can block services such as FTP and Telnet.

FIREWALLS
Using and maintaining passwords enable authentication on the firewall so users can only surf the Web or use E-mail after they have successfully authenticated themselves, which force employees to keep track of passwords and to remember them.
Password lists need to be kept up-to-date; for example when they are changed, or employees quit or get fired, or leave the business for any reason.
The IDS can be installed on a central server, or in the external and/or the internal routers at the perimeter of the network.

PROXY SERVERS
Proxy servers are used to conceal clients, translate network addresses, and filter content.
They prevent malicious code from entering the network.
They scan the entire data part of IP packets and create much more detailed log file listings than packet filters.
Packet filters log only the header information, whereas proxy servers can log much more.
Proxy servers rebuild the packets with new source IP information, which shields internal users from those on the outside.

ENCRYPTION
Encryption plays an important role in many firewalls.
Hackers will take advantage of firewalls that don’t use encryption.
Preserves data integrity.
Encryption plays an important role in enabling virtual private networks (VPNs).
Encryption method should be monitored to assess how well it is working.
Firewall log files can improve the security against intrusion attempts by identifying attempts made by hackers to compromise or breach the network.

REMOTE SECURITY
Determine which remote access vulnerabilities currently exist in your environment.
Vulnerability Scanning finds missing patches, and digs in deeper to find misconfigurations, unnecessary shares, null session connections and other exploitable vulnerabilities you would not otherwise be able to dig up easily.
Install and run Microsoft Baseline Security Analyzer (MBSA) on all systems and review reports.
Ensure that personal firewall software is installed.

REMOTE SECURITY
Require antivirus and antispyware on every system.
Ensure that updates are being applied in real-time if possible to prevent unnecessary infections.
Enable strong file and share permissions on remote hard drives and other storage devices—especially Windows 2000 and NT—that allows everyone access by default.
Have a written policy and documented procedures in place for managing patches.

REMOTE SECURITY
Disable null session connections as outlined to prevent the unauthorized gleaning of user names, security policy information and more from remote systems.
Implement a VPN using the free Windows-based PPTP, or Windows Remote Desktop or Citrix.
Remember to include remote users; computers and applications in your security incident response plan and disaster recovery plans.
To prevent users from installing IM, P2P, and other applications that you can’t support grant minimal privileges.

REMOTE SECURITY
For systems that are wireless don’t forget to enable WEP at a minimum since it’s better than nothing.
Require your users to use directional antennae.
Enable MAC address controls which help non-techies from snooping or accessing your network.
Require a specific vendor model of AP and wireless NIC to ensure they are hardened consistently according to your standards and so you can stay abreast of any major security alerts and necessary firmware of software updates.

REMOTE SECURITY
Remember that users may connect to your network via public hotspots to make user you and they understand the security implications and have the proper safeguards in place.
Enable secure messaging if a VPN or other hotspot protection is not available via POP3s, SMTPs, Webmail via HTTPS and other built-in controls.
Disable Bluetooth if it’s not needed. Otherwise, it’s too risky by default so lock it down.

NETWORK SECURITY PROPOSAL

http://sallysspecialservices.wordpress.com	59
http://www.slideshare.net	20
http://tudorsally.typepad.com	2
http://static.slidesharecdn.com	1
http://sallys-special-services.blogspot.com	1

Network Security Proposal

by Sally's Special Services

Accessibility

Categories

Upload Details

Usage Rights

5 Embeds 83

Statistics

Network Security Proposal Presentation Transcript