Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Similar documents
FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

74% 96 Action Items. Compliance

SonicWALL PCI 1.1 Implementation Guide

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

PCI DSS Requirements - Security Controls and Processes

March

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Industrial Security for Process Automation

Network Security Guidelines. e-governance

IBX Business Network Platform Information Security Controls Document Classification [Public]

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Information Technology Branch Access Control Technical Standard

Network & Information Security Policy

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

CMPT 471 Networking II

Guideline on Auditing and Log Management

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

SANS Top 20 Critical Controls for Effective Cyber Defense

Achieving PCI-Compliance through Cyberoam

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Chapter 9 Firewalls and Intrusion Prevention Systems

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Recommended IP Telephony Architecture

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Cisco Advanced Services for Network Security

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

NERC CIP Whitepaper How Endian Solutions Can Help With Compliance

Global Partner Management Notice

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0

INTRUSION DETECTION SYSTEMS and Network Security

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Cyber Security for NERC CIP Version 5 Compliance

Firewalls Overview and Best Practices. White Paper

Sygate Secure Enterprise and Alcatel

Network Security Administrator

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

Firewall Environments. Name

Payment Card Industry Data Security Standard

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

8 Steps for Network Security Protection

8 Steps For Network Security Protection

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

GFI White Paper PCI-DSS compliance and GFI Software products

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

BKDconnect Security Overview

The Protection Mission a constant endeavor

Client Security Risk Assessment Questionnaire

Architecture Overview

ENTERPRISE IT SECURITY ARCHITECTURE SECURITY ZONES: NETWORK SECURITY ZONE STANDARDS. Version 2.0

Basics of Internet Security

WHITEPAPER. Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with NetMRI

Remote Services. Managing Open Systems with Remote Services

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Central Agency for Information Technology

Intro to Firewalls. Summary

Security Controls for the Autodesk 360 Managed Services

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Building A Secure Microsoft Exchange Continuity Appliance

GE Measurement & Control. Cyber Security for NERC CIP Compliance

PCI Requirements Coverage Summary Table

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus

8. Firewall Design & Implementation

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

ISO Controls and Objectives

SAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP

ADM:49 DPS POLICY MANUAL Page 1 of 5

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Tk20 Network Infrastructure

FIREWALLS & CBAC. philip.heimer@hh.se

RuggedCom Solutions for

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Supplier Information Security Addendum for GE Restricted Data

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

IP Telephony Management

Windows Remote Access

A Rackspace White Paper Spring 2010

GE Oil & Gas. Cyber Security for NERC CIP Versions 5 & 6 Compliance

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Security Design.

GE Measurement & Control. Cyber Security for NEI 08-09

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Payment Card Industry Data Security Standard Payment Card Industry Data Security Standard (PCI / DSS)

SITECATALYST SECURITY

Transcription:

Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim Fielder, Matthew Demmler and Jim Thavisay Company Co. Inc. LLC Updated: 3/29/2012

Table of Contents Best Practices... 2 Physical Security... 2 Equipment... 2 Authorized Equipment... 2 Authorized Personnel... 2 Logging and Monitoring... 2 Logical... 2 Firewall... 2 Intrusion Detection and Prevention Systems... 3 Access Control List Configuration... 4 Allow... 4 Deny-All... 4 Network Architecture... 4 Layered Security... 4 Perimeter Security... 4 Network Security... 4 Host Security... 4 Application Security... 5 Data Security... 5 Redundancy... 5 Labeling... 5 Documentation... 5 Segregation... 5 Audits... 5 Updates... 5 Back-ups... 5 Company Co. Inc. LLC 1

Best Practices Company Co. Inc. LLC is comprised for network administrators to integrate a safe and secure network environment for employee personnel, visitors, and clienteles. Network security is vital to the preservation of and responsibilities of our mission. This document provides employees with best practice principals to physical and logical infrastructures. Physical Security LAN Domain contains network devices allow logical data to flow within our infrastructure. It is our responsibility to ensure the efficiency, reliability, and security of the network. This section describes best security practices to ensure physical equipment is not jeopardized, and does not contain malicious applications. Equipment Authorized Equipment All equipment must be approved and authorized for implementation and configuration within the network architecture Regular audit and inventory of equipment must be conducted Network equipment includes, but is not limited to the following: access points, routers, switches, cables, computers, and various network components Authorized Personnel 1. Only authorized personnel are allowed to administer and configure networking equipment 2. Any changes must be approved and configured by authorized personnel Logging and Monitoring All equipment are logged and monitored in real-time. All component information is to be stored and review to analyze and assess for nefarious activity. Logical Firewall Firewalls are the first line of defense for you network and should be treated as such. These are a list of best practices that one should follow for maintaining and enforcing a strong firewall policy. 1. Do not assume your firewall is the only security you need. This naivety will be exploited. 2. Deny all traffic by default and only enable the ports and protocols needed for the services being offered. 3. Make sure the security rule set on the firewall remains consistent with CCI's information security policy. Company Co. Inc. LLC 2

4. The firewall rules are NOT the same as your internal security policy. This should be noted and remembered despite it not being a formal "practice" 5. Try to maximize CPU cycles and network throughput. This can be achieved by A. Running AV, content filtering, VPN, DHCP, authentication software on other dedicated systems appropriately placed behind or in front of the firewall. They will usually be behind. B. Remove unneeded or redundant rules C. If firewall logging is going to be managed, then make sure it is managed thoroughly and professionally. If not, then disabling logging will allow you to free up some clock cycles. 6. Make sure the user ID of the firewall is its own unique ID. Follow the policy of least privileged and do not have your firewall run as root or administrator 7. Make sure the default firewall administrator or root password is changed before connecting it to the public internet. This should be a no-brainer. 8. Packet filtering is not adequate by itself. Implement stateful inspection, proxies, and application level inspection where possible. 9. Make sure to check packets for correct source and destination addresses to keep malicious traffic from flowing to/from your network. 10. Make sure your firewall is physically secured as well. Just because your firewall is technically a logical security device does not mean it is susceptible to physical security attacks. 11. Follow the K.I.S.S (Keep it simple stupid) principle. Make sure your firewall configuration is as simple as possible. 12. Be sure to have regular security tests against the firewall including any VPN endpoints it hosts. 13. Make sure the firewall's operating system and application software is up to date with the latest patches. It is highly recommended to subscribe to your firewall's vendor's security bulletins. 14. Use firewalls internally to segment networks and permit access control based upon business needs. 15. Implement a secure remote syslog server that makes log modification and manipulation more difficult for a malicious attacker. 16. Require remote hosts to run their own personal firewall/ips. 17. Regularly backup the firewall rule-base and configuration files. These backups should be kept offsite in a secure location. Intrusion Detection and Prevention Systems Administrators shall administer the following practices: 1. Monitor and tune one IDS at a time 2. Block nefarious traffic process 3. Build rules to alert an administrator in the event of attempted and successful attacks 4. Logs shall be reviewed regularly 5. Audits will be conducted regularly 6. Placement of IDS and IPS will be in all computer systems and network devices Company Co. Inc. LLC 3

Access Control List Configuration 1. Create an access baseline 2. Automate user provision 3. Find the business case 4. Tie access controls to your environment 5. Segregate access using rules 6. apply the doctrine of least access 7. channel administrators 8. terminate accounts with extreme prejudice 9. control remote access, plus application and database Allow Only validated traffic shall be allowed to access internal network architecture. Deny-All A deny-all rule must be applied in all access control list rules. Network Architecture The network architecture poses as the foundation of Company Co. Inc. LLC s data infrastructure. It handles all traffic of sensitive and non-sensitive data. We construe the highest quality of data transfer amongst our employees, vendors, and clients. To do so, we integrate these best practices as minimal contingencies throughout our infrastructure. Layered Security Layering security allows architectures the ability to secure each segment with appropriate mechanisms. Layers within the network will be classified as perimeter, network, host, application, and data. Provided below is a list of minimal security mechanisms to be used to authenticate valid users and deviate against nefarious activity. Perimeter Security Firewall Anti-Virus Virtual Private Network Network Security Intrusion Detection and Prevention Systems Vulnerability Management System Network Access Control Host Security Host Intrusion Detection and Prevention Systems Host Vulnerability Analysis Company Co. Inc. LLC 4

Network Access Control Anti-Virus Application Security Sandbox Input Validation Data Security Encryption Redundancy Network schemes must have redundancy to improve availability in the event of a natural disaster. The function of redundancy is to ensure all networks have no downtime. Network administrators will integrate mesh and hybrid networks in appropriate areas for complete mediation. Labeling All network cables and switches must contain labels. Labeling scheme must follow proprietary labeling scheme for identification of source, destination, and function. Documentation Documentation is an important in ensuring all cables, systems, and network devices have been approved, implemented, and configured appropriately. In addition, administrators will have the ability to identify possible vulnerabilities and improve the network. Segregation Internal networks must not be open to the public. Company networks must be classified by perimeter and evaluated to assess specific classification to segregate internal networks and sensitive data. Audits Informal audits will be approved and authorized by the Computer Information Security Officer. Audits may be performed with or without informing users at any time. Updates Updates and patching must be made on a regular-basis. Changes in specified times may be applied. Updates must be downloaded and tested prior to implementation on live networks. Updates must be integrated during downtime to ensure patching and updates have not been compromised. Back-ups All sensitive information must be backed up in secure areas for quality information assurance. Company Co. Inc. LLC 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information