Network Security Proposal

1. Network Security Proposal
Sally Frederick Tudor
Network Administrator

2. SECURITY AUDIT POLICY
 Make asset list (inventory)
 Make threats list
 Prioritize Assets and Vulnerabilities
Risk = Probability X Harm
 Are NAC’s (ACLs) being implemented?
 Are they monitored and updated regularly?
 Are there Audit logs to review and identify attempts to
access network?
 Are STIGs being implemented and adhered to?

3. SECURITY AUDIT POLICY
 Inventory of all assets
 Locks on all doors and cabinets
 Educate users on policies and how to adhere to them
 Intruder Detection (IDS)
 Anti-virus program
 Anti-spyware program
 Windows Firewall on your Operating System
 Windows Defender
 Strong password policies

4. SECURITY AUDIT POLICY
 Disaster Recovery Plan
 Backup policies
 Encryption policies
 Event logging should be enabled and monitored
weekly
 Security policy should be changed or updated as often
as needed

5. SECURITY AUDIT POLICY
 Are there backup policies?
 Are email communications being protected and
filtered?
 Are Intrusion Detection Systems (IDS) being used on
the network?
 Are key personnel educated on regarding DoDs
policies and guidelines?
 Are physical assets and resources being protected by
Intrusion Prevention System (IPS)?

6. FIREWALLS
 Firewalls are a MUST!
 All firewalls have a Rules file.
 The best option for your firewall is the default setting:
Deny-All because it is the “cautious approach”.
 Deny-All then assign permissions sparingly as
necessary for operation of the business.
 Packet filtering is done by a firewall and it limits the
data that comes in through your ports.
 By doing so the firewall can block services such as FTP
and Telnet.

7. FIREWALLS
 Using and maintaining passwords enable
authentication on the firewall so users can only surf
the Web or use E-mail after they have successfully
authenticated themselves, which force employees to
keep track of passwords and to remember them.
 Password lists need to be kept up-to-date; for example
when they are changed, or employees quit or get fired,
or leave the business for any reason.
 The IDS can be installed on a central server, or in the
external and/or the internal routers at the perimeter of
the network.

8. PROXY SERVERS
 Proxy servers are used to conceal clients, translate
network addresses, and filter content.
 They prevent malicious code from entering the
network.
 They scan the entire data part of IP packets and create
much more detailed log file listings than packet filters.
 Packet filters log only the header information, whereas
proxy servers can log much more.
 Proxy servers rebuild the packets with new source IP
information, which shields internal users from those
on the outside.

9. ENCRYPTION
 Encryption plays an important role in many firewalls.
 Hackers will take advantage of firewalls that don’t use
encryption.
 Preserves data integrity.
 Encryption plays an important role in enabling virtual
private networks (VPNs).
 Encryption method should be monitored to assess how
well it is working.
 Firewall log files can improve the security against intrusion
attempts by identifying attempts made by hackers to
compromise or breach the network.

10. REMOTE SECURITY
 Determine which remote access vulnerabilities
currently exist in your environment.
 Vulnerability Scanning finds missing patches, and digs
in deeper to find misconfigurations, unnecessary
shares, null session connections and other exploitable
vulnerabilities you would not otherwise be able to dig
up easily.
 Install and run Microsoft Baseline Security Analyzer
(MBSA) on all systems and review reports.
 Ensure that personal firewall software is installed.

11. REMOTE SECURITY
 Require antivirus and antispyware on every system.
 Ensure that updates are being applied in real-time if
possible to prevent unnecessary infections.
 Enable strong file and share permissions on remote
hard drives and other storage devices—especially
Windows 2000 and NT—that allows everyone access
by default.
 Have a written policy and documented procedures in
place for managing patches.

12. REMOTE SECURITY
 Disable null session connections as outlined to prevent
the unauthorized gleaning of user names, security
policy information and more from remote systems.
 Implement a VPN using the free Windows-based
PPTP, or Windows Remote Desktop or Citrix.
 Remember to include remote users; computers and
applications in your security incident response plan
and disaster recovery plans.
 To prevent users from installing IM, P2P, and other
applications that you can’t support grant minimal
privileges.

13. REMOTE SECURITY
 For systems that are wireless don’t forget to enable
WEP at a minimum since it’s better than nothing.
 Require your users to use directional antennae.
 Enable MAC address controls which help non-techies
from snooping or accessing your network.
 Require a specific vendor model of AP and wireless
NIC to ensure they are hardened consistently
according to your standards and so you can stay
abreast of any major security alerts and necessary
firmware of software updates.

14. REMOTE SECURITY
 Remember that users may connect to your network via
public hotspots to make user you and they understand
the security implications and have the proper
safeguards in place.
 Enable secure messaging if a VPN or other hotspot
protection is not available via POP3s, SMTPs, Webmail
via HTTPS and other built-in controls.
 Disable Bluetooth if it’s not needed. Otherwise, it’s too
risky by default so lock it down.

15. NETWORK SECURITY PROPOSAL