Hardening: Theory and General Practice - Checkpoints (Page 6 of 6 ) In this chapter, I’ve discussed theories about security, and I’ve also listed some very broad, general suggestions for hardening the hardware, network, and software owned by your organization. Here’s a recap of what’s been covered so far: - Learn the cornerstones of good security policy: privacy, trust, authentication, and integrity.
- Understand the social implications of security.
- Recognize the security dilemma—that users must understand the need for security and agree to the extent to which security is implemented.
- Consider transfers of trust in security policy.
- Understand the process of defining the concept of security: identification of the object to protect, evaluation of risk, and proposals for countermeasures to potential attacks.
- Recognize some of the enemies of a secure system: complexity, backward compatibility, backups.
- Embrace the role that hardening takes in protecting against unknown threats.
- Apply service packs to operating systems and applications throughout your company.
- Purchase, install, and keep updated antivirus software installed throughout your company networks.
- Test and scan new downloads, and practice safe computing when transferring files from public networks.
- Wipe virus-infected systems to a clean hard disk as soon as possible.
- Block malicious file attachments as they enter your network at the email server, before it reaches the client.
- Install a firewall and close off networking ports (TCP 135, 139, and 445; UDP 135, 137, and 445) and any other unused ports.
- Consider the purchase and installation of an intrusion detection system.
- Properly restrict access to remote entry points to your network, and encourage the use of virtual private networks over traditional telephonic and modem connections.
- Implement dial-back for standard telephone connections.
- Investigate the physical segmentation of your network.
- Properly harden and secure any IIS systems on the network, and relegate IIS systems to a blocked-off segment of the network during the installation of patches.
- Read the rest of this book.
 This chapter is from Hardening Windows, by Jonathan Hassell (Apress, 2004, ISBN: 1-59059-266-2). Check it out at your favorite bookstore today.
Buy this book now. |
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
|
