What about it? You can just put a firewall and here you are! Completely Safe!
A few years ago maybe... But in nowadays the things are little bit different. Instant messaging, P2P networks, in-house web and mail services, streaming, Trojans, worms, and many more, can open temporary or even permanent "doors" inside your network; even if you have a firewall installed. You should think your network security as a whole! You cannot consider your network safe if:
everybody has administrative rights
you have an expired antivirus
you have not a perimeter security device
you have not reduced your "attack surface"
you have not design your "defense in depth" strategy appropriately
you use weak passwords
you do not use web filters
you do not patch your applications and O/S
you have not trained your users
Rule #1: Administrative Permissions Is Your Enemy
The first thing I do when I am hired by a company to secure their network, is to limit administrative permissions from users' workstations. These workstations are vulnerable when executing processes, like Internet explorer, with administrative rights. But you have to take care of two things first:
Users' reactions! Most users won't like that kind of restriction. I always explain why I am proceeding to such action, to avoid inconvenience. I am also committed that I will take care of any special requests that may arise.
Proprietary software side effects. You have to make sure that everything is working as expected.
Rule #2: Weak Passwords, Just Make You Weak
Weak passwords is a common practice by many companies. Most users use a simple 4-8 character password; like their birthday, a simple word, etc. From the other hand, if you enforce long passwords with complexity, you will probably end up with stickers of hand written passwords on each of your users' monitor. If you have the budget try to introduce smartcards, biometrics or OTP tokens. If you can't, train your users to use passwords that comprise of long phrases like "I like to go for shopping 5 times a week!". These are strong and easy to remember.
Rule #3: Defense!
You have to reduce your attack surface:
Uninstall unnecessary software
Disable unnecessary services
Limit the accounts that are domain administrators
Configure local firewalls to servers
Configure local Intrusion Prevention Systems to servers (most times it is part of a firewall)
Take care of expired antivirus and antispyware systems
Regularly patch your applications and O/S
Rule #4: Another Brick On The Wall
Choose your security device wisely. Although Cisco and MS ISA Server are safe choices for large organizations; For SMBs may not be. -And why is that? -Budget! If you decide to install an ISA server, for example, you will get an excellent stateful firewall, with excellent proxy capabilities, no smart web categorization, no antivirus, no antispyware, limited IPS. You have to add web filtering, antivirus, antispyware, IPS with extra cost. If you can, then it is an excellent choice with unique capabilities, if you can't, it would be wise to purchase an all-in-one solution even if it is not state of the art.
Rule #5: Limit The Noise
Try to reduce the dropped packets "noise" from your firewall logs by setting simple filtering rules to you Internet routers:
Drop private networks, broadcasts and multicasts.
Setup NAT and/or PAT to your public interface
Rule #6: Test, Test and Test
Purchase a software and run security audits to your servers and workstations
Purchase a software and try to penetrate your firewalls from the inside and from the outside
Check the logs of your perimeter security devices. Is there anything unusual?
Check the logs of your local firewalls. Is there anything unusual?
Compare perimeter and local firewalls' logs. Is something passing through the perimeter device and logged to the local firewall?
Rule #7 :Train Your Users
Simple rules like don't open "strange" email messages and don't press yes to any warnings that may appear to your screen can make the difference.
Rule #8: Don’t forget to backup
It is wise to backup the latest configuration state of your devices and your data regularly. If your firewall crashes it would be much easier to restore a configuration file than to set it up from scratch. Also if a SCSI controller crashes on a SQL server or a user accidentally deletes a shared directory it would be to your benefit if you had backed up your files and databases recently.
Rule #9: Check the latest security best practices
Update your security strategy regularly by checking the latest best practices. You can find appropriate info at www.cert.org , www.sans.org, www.cisecurity.org, www.w3.org/security, etc.
collected
A few years ago maybe... But in nowadays the things are little bit different. Instant messaging, P2P networks, in-house web and mail services, streaming, Trojans, worms, and many more, can open temporary or even permanent "doors" inside your network; even if you have a firewall installed. You should think your network security as a whole! You cannot consider your network safe if:
everybody has administrative rights
you have an expired antivirus
you have not a perimeter security device
you have not reduced your "attack surface"
you have not design your "defense in depth" strategy appropriately
you use weak passwords
you do not use web filters
you do not patch your applications and O/S
you have not trained your users
Rule #1: Administrative Permissions Is Your Enemy
The first thing I do when I am hired by a company to secure their network, is to limit administrative permissions from users' workstations. These workstations are vulnerable when executing processes, like Internet explorer, with administrative rights. But you have to take care of two things first:
Users' reactions! Most users won't like that kind of restriction. I always explain why I am proceeding to such action, to avoid inconvenience. I am also committed that I will take care of any special requests that may arise.
Proprietary software side effects. You have to make sure that everything is working as expected.
Rule #2: Weak Passwords, Just Make You Weak
Weak passwords is a common practice by many companies. Most users use a simple 4-8 character password; like their birthday, a simple word, etc. From the other hand, if you enforce long passwords with complexity, you will probably end up with stickers of hand written passwords on each of your users' monitor. If you have the budget try to introduce smartcards, biometrics or OTP tokens. If you can't, train your users to use passwords that comprise of long phrases like "I like to go for shopping 5 times a week!". These are strong and easy to remember.
Rule #3: Defense!
You have to reduce your attack surface:
Uninstall unnecessary software
Disable unnecessary services
Limit the accounts that are domain administrators
Configure local firewalls to servers
Configure local Intrusion Prevention Systems to servers (most times it is part of a firewall)
Take care of expired antivirus and antispyware systems
Regularly patch your applications and O/S
Rule #4: Another Brick On The Wall
Choose your security device wisely. Although Cisco and MS ISA Server are safe choices for large organizations; For SMBs may not be. -And why is that? -Budget! If you decide to install an ISA server, for example, you will get an excellent stateful firewall, with excellent proxy capabilities, no smart web categorization, no antivirus, no antispyware, limited IPS. You have to add web filtering, antivirus, antispyware, IPS with extra cost. If you can, then it is an excellent choice with unique capabilities, if you can't, it would be wise to purchase an all-in-one solution even if it is not state of the art.
Rule #5: Limit The Noise
Try to reduce the dropped packets "noise" from your firewall logs by setting simple filtering rules to you Internet routers:
Drop private networks, broadcasts and multicasts.
Setup NAT and/or PAT to your public interface
Rule #6: Test, Test and Test
Purchase a software and run security audits to your servers and workstations
Purchase a software and try to penetrate your firewalls from the inside and from the outside
Check the logs of your perimeter security devices. Is there anything unusual?
Check the logs of your local firewalls. Is there anything unusual?
Compare perimeter and local firewalls' logs. Is something passing through the perimeter device and logged to the local firewall?
Rule #7 :Train Your Users
Simple rules like don't open "strange" email messages and don't press yes to any warnings that may appear to your screen can make the difference.
Rule #8: Don’t forget to backup
It is wise to backup the latest configuration state of your devices and your data regularly. If your firewall crashes it would be much easier to restore a configuration file than to set it up from scratch. Also if a SCSI controller crashes on a SQL server or a user accidentally deletes a shared directory it would be to your benefit if you had backed up your files and databases recently.
Rule #9: Check the latest security best practices
Update your security strategy regularly by checking the latest best practices. You can find appropriate info at www.cert.org , www.sans.org, www.cisecurity.org, www.w3.org/security, etc.
collected
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন