Cyber Security: An Introduction



Similar documents
Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

IP Link Best Practices for Network Integration and Security. Introduction...2. Passwords...4 ACL...5 VLAN...6. Protocols...6. Conclusion...

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Security Technology: Firewalls and VPNs

Common Cyber Threats. Common cyber threats include:

SonicWALL PCI 1.1 Implementation Guide

Cyber Security: Beginners Guide to Firewalls

Information Security

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Desktop and Laptop Security Policy

Computer Security Maintenance Information and Self-Check Activities

Security Type of attacks Firewalls Protocols Packet filter

CMPT 471 Networking II

References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

allow all such packets? While outgoing communications request information from a

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

HIPAA Security: Gap Analysis, Vulnerability Assessments, and Countermeasures

Computer and Network Security Policy

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

A Decision Maker s Guide to Securing an IT Infrastructure

Firewall Firewall August, 2003

Overview. Packet filter

WHITE PAPER. An Introduction to Network- Vulnerability Testing

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

DVR Network Security

WHITE PAPER. Network Security: A Simple Guide to Firewalls

Best Practices For Department Server and Enterprise System Checklist

Boston University Security Awareness. What you need to know to keep information safe and secure

Getting a Secure Intranet

Inside-Out Attacks. Security Event April 28, 2004 Page 1. Responses to the following questions

Global Partner Management Notice

March

Network Security Policy

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

Inside-Out Attacks. Covert Channel Attacks Inside-out Attacks Seite 1 GLÄRNISCHSTRASSE 7 POSTFACH 1671 CH-8640 RAPPERSWIL

The Ten Most Important Steps You Can Take to Protect Your Windows-based Servers from Hackers

Network Security: Introduction

Network Security. Mike Trice, Network Engineer Richard Trice, Systems Specialist Alabama Supercomputer Authority

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

High Speed Internet - User Guide. Welcome to. your world.

8. Firewall Design & Implementation

VoipSwitch Security Audit

74% 96 Action Items. Compliance

Networking for Caribbean Development

Firewalls (IPTABLES)

CBI s Corporate Internet Banking Inquiry Services gives you the ability to view account details and transactions anytime, anywhere.

This chapter covers the following topics: Why Network Security Is Necessary Secure Network Design Defined Categorizing Network Security Threats How

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

E-BUSINESS THREATS AND SOLUTIONS

RemotelyAnywhere. Security Considerations

Information Technology Acceptable Use Policy

An Introduction to Network Vulnerability Testing

Payment Card Industry (PCI) Compliance. Management Guidelines

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Information Technology Cyber Security Policy

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

A Guide to Information Technology Security in Trinity College Dublin

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

Network and Workstation Acceptable Use Policy

WatchGuard Technologies, Inc. 505 Fifth Avenue South Suite 500, Seattle, WA

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Internet threats: steps to security for your small business

Computer Security at Columbia College. Barak Zahavy April 2010

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

8 Steps for Network Security Protection

Welcome. Thank you for choosing Cogeco High Speed Internet.

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

8 Steps For Network Security Protection

The Self-Hack Audit Stephen James Payoff

Infocomm Sec rity is incomplete without U Be aware,

Network Security Topologies. Chapter 11

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

IMPLEMENTATION OF INTELLIGENT FIREWALL TO CHECK INTERNET HACKERS THREAT

1 Purpose Scope Document Owner Information Security Standard Document Review Cycle Revision History...

NovaTech NERC CIP Compliance Document and Product Description Updated June 2015

UCIT INFORMATION SECURITY STANDARDS

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Figure 41-1 IP Filter Rules

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

CITY OF BOULDER *** POLICIES AND PROCEDURES

Intro to Firewalls. Summary

SERVICE LEVEL AGREEMENT

Computer Viruses: How to Avoid Infection

Web Plus Security Features and Recommendations

Transcription:

Cyber Security: An Introduction Security is always a trade-off between convenience and protection. A good security policy is convenient enough to prevent users from rebelling, but still provides a reasonable amount of protection against common threats. Prepared by Cronkite Security Consulting

1 Cyber Security: An Introduction Rationale The purposes of this report are the following: Inform clients of Cronkite Security Consulting of the current issues related to computer security Educate clients on steps they can take to make their computers more secure This document specifically pertains to our clients Information Technology, but is applicable to all departments and their computer facilities. This document does not supersede, but rather enhances, clarifies, and complements, the standards for computer use already specified by the each client s Threat Protection Plan Modern Threats Every day and night, a typical Information Technology (IT) Department at a typical midsized corporation is quietly attacked by Internet outsiders who are trying to find weaknesses in the company s network by using port scans, Trojan horses, viruses, and other hacker tools. All of our clients report that their systems have at one time or another been compromised by outsiders. In some cases, the outsiders then used company systems to attack and wreak havoc on other network locations. Some of our clients files have been corrupted or deleted by unscrupulous hackers. Unauthorized personnel have used IT computers to send inflammatory e-mail messages. Modern Solution The solution is for all IT staff to become informed of the dangers of the Internet and to take necessary precautions. This is not easy. In fact, a state of perfect security is impossible. Security is not a destination, but a journey a process requiring vigilance from all the members of an organization. Security is a process of constantly adjusting to changing conditions, modifying existing passwords, enhancing existing firewalls, securing the physical locations of computers, training personnel, and updating all security systems. IT personnel have the continual and constant responsibility for protecting their organization s resources. A Secure Plan The policies and procedures described in this document seek to find a happy medium between security on the one hand and convenience, flexibility, and budget limitations on the other. No organization can enjoy both a high level of security and a high level of convenience. Increased security always decreases convenience, and vice versa. For this reason, security procedures demand constant communications between users and managers. Therefore, all personnel are cordially invited to discuss this document

A Secure Plan 2 with their organization s IT Director so that the balance between security and convenience is continuously updated. The security procedures involve the following general areas: Structured Security Location Security Password Security E-mail and Anti-Virus Security Operating System Security By taking the necessary steps in each of these areas, the risk of security compromises will be lowered to an acceptable level. Structured Security IT security should be under the direction of a Computer Security Committee. Ideally, this committee would consist of six people: The IT Director Three managerial members from different departments in the organization Two non-managerial members, usually members of the support staff The responsibilities of the Computer Security Committee are fourfold: Oversee all security matters in the organization Set and enforce security policies Monitor the balance between security and convenience The person directly in charge of computer security is the IT Director. He or she carries out the policies set by the Computer Security Committee. We recommend that each IT department employ one employee who can spend up to 20 hours per week on security measures. Location Security During hours that an organization s facilities are unlocked, its IT Department personnel should do the following: Keep IT offices locked while not present. Keep outer doors to office complexes locked when appropriate. Keep doors to computer network servers locked at all times. Maintain backups of all important files in separate physical locations. Backups Off Site Figure 1 illustrates these important recommendations. For a larger, poster-sized copy of Figure 1, please e-mail Thalia Cruz at Server Doors Locked Figure 1 IT Doors Locked Outer Doors Locked

3 Cyber Security: An Introduction tcruz@cronkite.course.com. She would be happy to send multiple copies for posting throughout your organization s IT department. Passwords Eighty percent of security is proper password management. This means that: Every computer, where possible, has an access password. Each user has a password to access the department network. Large, important, or confidential files should be password protected. For passwords to be most effective, users should use the following guidelines: Passwords should be at least 8 characters long. Passwords should not be words found any dictionary. Passwords should include letters, numbers, and punctuation. Passwords should not be written down anywhere, and therefore should be easily remembered by the user but nonsense to anyone else. For example, w2mmed means walk to mountain meadow to the user, but would be nonsense to others. The password wrks4zip means works for nothing to the user but would be impossible to guess by anyone else. Passwords should never be given to anyone else. Passwords should never include readily accessible personal information such as addresses, telephone numbers, or family or pet names. The goal, then, in creating passwords is to combine letters, symbols, and numbers to make lengthy nonsense. This makes the password nearly impossible for malicious hackers to determine. Users should change their passwords monthly, without ever repeating a previous password. If a computer system is suspected of being compromised, then all passwords on that system should be changed immediately. An IT officer should periodically remind the network users to make sure their passwords follow the above guidelines. E-mail & Anti-Virus Protection All users should have anti-virus software loaded on their computers and should be diligent in keeping anti-virus definitions current to protect against the latest viruses. Users of Microsoft Outlook and Outlook Express should make sure that their mail clients have the latest security patches to prevent the automatic running of attachments. E-mail users should never open attachments or messages from unknown sources. Network Security Network security begins with the department network firewall. The Information Technology firewall should be configured to deny all traffic to and from computers outside the department unless such traffic meets a clear need and is approved by the department Computer Security Committee. No FTP or Telnet should be allowed through the firewall without specific approval. Even with approval, those using FTP, Telnet, Xwindows, or VPN should use Secure Shell for Unix/Linux/Windows clients.

A Secure Plan 4 All Web and e-mail servers should reside on the DMZ port of the firewall only. Data packets attempting to pass through the Information Technology network should be allowed only if they come from internal addresses or from approved external addresses. The Computer Security Committee should review specific exceptions to these firewall rules. Department network ports should allow access to HTTP (Web), HTTPS/SSL (Secure Web), SMTP and POP3 (e-mail), and other necessary services vital to department functions. NAT (Network Address Translation) will be deployed on the private (trusted) side of the Information Technology network to translate all internal (private) TCPIP addresses to one public (untrusted) TCPIP address that can be seen on the public (untrusted) side of the Information Technology network.

5 Cyber Security: An Introduction Index Information Technology, 1, 3, 4 IT. See Information Technology password, 3 Password, 2 passwords, 1, 3 Passwords, 3

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information