2. SECURITY AUDIT POLICY
Make asset list (inventory)
Make threats list
Prioritize Assets and Vulnerabilities
Risk = Probability X Harm
Are NAC’s (ACLs) being implemented?
Are they monitored and updated regularly?
Are there Audit logs to review and identify attempts to
access network?
Are STIGs being implemented and adhered to?
3. SECURITY AUDIT POLICY
Inventory of all assets
Locks on all doors and cabinets
Educate users on policies and how to adhere to them
Intruder Detection (IDS)
Anti-virus program
Anti-spyware program
Windows Firewall on your Operating System
Windows Defender
Strong password policies
4. SECURITY AUDIT POLICY
Disaster Recovery Plan
Backup policies
Encryption policies
Event logging should be enabled and monitored
weekly
Security policy should be changed or updated as often
as needed
5. SECURITY AUDIT POLICY
Are there backup policies?
Are email communications being protected and
filtered?
Are Intrusion Detection Systems (IDS) being used on
the network?
Are key personnel educated on regarding DoDs
policies and guidelines?
Are physical assets and resources being protected by
Intrusion Prevention System (IPS)?
6. FIREWALLS
Firewalls are a MUST!
All firewalls have a Rules file.
The best option for your firewall is the default setting:
Deny-All because it is the “cautious approach”.
Deny-All then assign permissions sparingly as
necessary for operation of the business.
Packet filtering is done by a firewall and it limits the
data that comes in through your ports.
By doing so the firewall can block services such as FTP
and Telnet.
7. FIREWALLS
Using and maintaining passwords enable
authentication on the firewall so users can only surf
the Web or use E-mail after they have successfully
authenticated themselves, which force employees to
keep track of passwords and to remember them.
Password lists need to be kept up-to-date; for example
when they are changed, or employees quit or get fired,
or leave the business for any reason.
The IDS can be installed on a central server, or in the
external and/or the internal routers at the perimeter of
the network.
8. PROXY SERVERS
Proxy servers are used to conceal clients, translate
network addresses, and filter content.
They prevent malicious code from entering the
network.
They scan the entire data part of IP packets and create
much more detailed log file listings than packet filters.
Packet filters log only the header information, whereas
proxy servers can log much more.
Proxy servers rebuild the packets with new source IP
information, which shields internal users from those
on the outside.
9. ENCRYPTION
Encryption plays an important role in many firewalls.
Hackers will take advantage of firewalls that don’t use
encryption.
Preserves data integrity.
Encryption plays an important role in enabling virtual
private networks (VPNs).
Encryption method should be monitored to assess how
well it is working.
Firewall log files can improve the security against intrusion
attempts by identifying attempts made by hackers to
compromise or breach the network.
10. REMOTE SECURITY
Determine which remote access vulnerabilities
currently exist in your environment.
Vulnerability Scanning finds missing patches, and digs
in deeper to find misconfigurations, unnecessary
shares, null session connections and other exploitable
vulnerabilities you would not otherwise be able to dig
up easily.
Install and run Microsoft Baseline Security Analyzer
(MBSA) on all systems and review reports.
Ensure that personal firewall software is installed.
11. REMOTE SECURITY
Require antivirus and antispyware on every system.
Ensure that updates are being applied in real-time if
possible to prevent unnecessary infections.
Enable strong file and share permissions on remote
hard drives and other storage devices—especially
Windows 2000 and NT—that allows everyone access
by default.
Have a written policy and documented procedures in
place for managing patches.
12. REMOTE SECURITY
Disable null session connections as outlined to prevent
the unauthorized gleaning of user names, security
policy information and more from remote systems.
Implement a VPN using the free Windows-based
PPTP, or Windows Remote Desktop or Citrix.
Remember to include remote users; computers and
applications in your security incident response plan
and disaster recovery plans.
To prevent users from installing IM, P2P, and other
applications that you can’t support grant minimal
privileges.
13. REMOTE SECURITY
For systems that are wireless don’t forget to enable
WEP at a minimum since it’s better than nothing.
Require your users to use directional antennae.
Enable MAC address controls which help non-techies
from snooping or accessing your network.
Require a specific vendor model of AP and wireless
NIC to ensure they are hardened consistently
according to your standards and so you can stay
abreast of any major security alerts and necessary
firmware of software updates.
14. REMOTE SECURITY
Remember that users may connect to your network via
public hotspots to make user you and they understand
the security implications and have the proper
safeguards in place.
Enable secure messaging if a VPN or other hotspot
protection is not available via POP3s, SMTPs, Webmail
via HTTPS and other built-in controls.
Disable Bluetooth if it’s not needed. Otherwise, it’s too
risky by default so lock it down.