_

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

___________________

 

 

 

 

     

 

 

 

 

 

 

Security practices

  • Network architecture—The use of access control lists in routers should be implemented. This area includes firewalls, transaction zones, and switched LANs.
  • Third-party connections—WAN, dial-up, and virtual private network (VPN) connections to the business network should be protected by specific firewall policies.
  • Web applications—The configuration of Web servers should follow best practices regarding Common Gateway Interface (CGI) scripts, form fields, and version control.
  • Encryption—The following questions should be answered: What information should be encrypted? When should it be encrypted (in transit, on the file server, etc.)? Where should it be encrypted? What type of encryption should be used (e.g., DES, 3DES, SSL)?
  • Remote access—For example, dial-up, VPN, or Web access with SSL are options that must be evaluated.
  • Intrusion detection—These issues should be considered: Where should the network intrusion detection system agents be deployed? Are they host-based? How should they be monitored?
  • Username/password management—For example, decide what length, type of characters, and if expiration dates will be used.
  • Antivirus defenses—A method for each security level should be evaluated, for example, on the desktop, server, and gateway.
  • Web access—Policies should be formulated concerning browser security settings, firewall filters, content filters, and instant messaging use.
  • File downloads and file transfers—Decide on the protocols to follow for these actions.
  • Security patches to server and desktop software—Decide on a procedure to ensure that vulnerabilities are detected and available patches are installed.
  • Copyrights and license agreements—Make sure these are up to date and stored appropriately.
  • System hardening—Follow best practices for implementing firewalls, intrusion detection, and standard configuration of servers (e.g., shutting down unneeded services and locking out default users).
  • Third-party connections—Does the HR department have a direct connection to an HR service provider? Is the enterprise’s bank on its WAN?
  • E-mail use—Establish control of mail server software version. (Ensure that there's a backup mail server.)

 

 

 

 

 

Suffolk: (631) 265-0102
Nassau: (516) 559-7219
Manhattan: (917) 464-3815

Copyright © 2008 Technology Is Made Easy, Corp. 

Corporate website terms and conditions