SlideShare ist ein Scribd-Unternehmen logo

Dr. Eric Cole - 30 Things Every Manager Should Know

‱
‱
Nuuko, Inc.
Nuuko, Inc.
Technologie
1 von 8
Downloaden Sie, um offline zu lesen
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
Network Security: 30 Questions Every Manager/Executive Must Answer in Order to Track and Validate the Security of Their Organization 1. What does your network/security architecture diagram look like? The first thing you need to know to protect your network and systems is what you are protecting. You must know: ‱ The physical topologies ‱ Logical topologies (Ethernet, ATM, 802.11, VoIP, etc.) ‱ Types of operating systems ‱ Perimeter protection measures (firewall and IDS placement, etc.) ‱ Types of devices used (routers, switches, etc.) ‱ Location of DMZs ‱ IP address ranges and subnets ‱ Use of NAT In addition, you must know where the diagram is stored and that it is regularly updated as changes are made. 2. What resources are located on your DMZ? Only systems that are semi-public should be kept on the DMZ. This includes external web servers, external mail servers, and external DNS. A split-architecture may be used where internal web, mail, and DNS are also located on the internal network. 3. What resources are located on your internal network? In addition to internal web, mail, and DNS servers, your internal network could also include databases, application servers, and test and development servers. 4. Where is your organization’s security policy posted and what is in it? There should be an overall policy that establishes the direction of the organization and its security mission as well as roles and responsibilities. There can also be system-specific policies to address for individual systems. Most importantly, the policies should address the appropriate use of computing resources. In addition, policies can address a number of security controls from passwords and backups to proprietary information. There should be clear procedures and processes to follow for each policy. These policies should be included in the employee handbook and posted on a readily accessible intranet site. Network Security: 30 Questions Every Manager Should Ask │ Page 2 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
5. What is your organization’s password policy? A password policy should require that a password: ‱ Be at least 8 characters long ‱ Contain both alphanumeric and special characters ‱ Change every 60 days ‱ Cannot be reused after every five cycles ‱ Is locked out after 3 failed attempts In addition, you should be performing regular password auditing to check the strength of passwords; this should also be documented in the password policy. 6. What applications and services are specifically denied by your organization’s security policy? Your organization’s security policy should specify applications, services, and activities that are prohibited. These can include, among others: ‱ Viewing inappropriate material ‱ Spam ‱ Peer-to-peer file sharing ‱ Instant messaging ‱ Unauthorized wireless devices ‱ Use of unencrypted remote connections such as Telnet and FTP 7. What types of IDSs does your organization use? To provide the best level of detection, an organization should use a combination of both signature-based and anomaly-based intrusion detection systems. This allows both known and unknown attacks to be detected. The IDSs should be distributed throughout the network, including areas such as the Internet connection, the DMZ, and internal networks. 8. Besides default rulesets, what activities are actively monitored by your IDS? IDSs come with default rulesets to look for common attacks. These rulesets must also be customized and augmented to look for traffic and activities specific to your organization’s security policy. For example, if your organization’s security policy prohibits peer-to-peer communications, then a rule should be created to watch for that type of activity. In addition, outbound traffic should be watched for potential Trojans and backdoors. Network Security: 30 Questions Every Manager Should Ask │ Page 3 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
9. What type of remote access is allowed? Remote access should be tightly controlled, monitored, and audited. It should only be provided over a secure communication channel that uses encryption and strong authentication, such as an IPSEC VPN. Desktop modems (including applications such as PCAnywhere), unsecured wireless access points, and other vulnerable methods of remote access should be prohibited. 10. What is your wireless infrastructure? Part of knowing your network architecture includes knowing the location of wireless networks since they create another possible entry point for an attacker. You must also confirm whether they are being used for sensitive data and are they secured as best as possible. 11. How is your wireless infrastructure secured? Wireless access must at least use WEP with 128-bit encryption. Although this provides some security, it is not very robust, which is why your wireless network should not be used for sensitive data. Consider moving to the 802.11i standard with AES encryption when it is finalized. 12. What desktop protections are used? Desktops should have a combination of anti-virus software, personal firewall, and host-based intrusion detection. Each of these software packages must be regularly updated as new signatures are deployed. They must also be centrally managed and controlled. 13. Where, when, and what type of encryption is used? VPNs should be used for remote access and other sensitive communication. IPSEC is a great choice for this purpose. Strong encryption protocols such as 3DES and AES should be used whenever possible. Web access to sensitive or proprietary information should be protected with 128-bit SSL. Remote system administration should use SSH. Sometimes file system encryption is also used to protect stored data. 14. What is your backup policy? A good backup policy includes weekly full backups with incremental backups performed daily. This includes all critical systems. In addition, the backups should be stored at an offsite location. Since backups include very valuable, easily accessible information, only trusted individuals should be performing them and have access to them. An organization should also encourage users to perform local backups as well. Network Security: 30 Questions Every Manager Should Ask │ Page 4 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
15. How is sensitive information disposed? Hard copies of sensitive information should be destroyed by pulping, shredding, or incinerating. Sensitive information on hard drives and disks should be completely erased using special software, or the disks destroyed. Simply deleting a file is not sufficient to prevent attackers from undeleting the file later. If you are disposing of a computer system, be sure to erase all sensitive files from the hard drive by using a wipeout utility. 16. What is included in your disaster recovery plan? Your disaster recovery plan (DRP) should include recovery of data centers and recovery of business operations. It should also include recovery of the accrual physical business location and recovery of the business processes necessary to resume normal operations. In addition, the DRP should address alternate operating sites. 17. How often is your disaster recovery plan tested? The plan is no good unless it is tested at least once a year. These tests will iron out problems in the plan and make it more efficient and successful if/when it is needed. Testing can include walkthroughs, simulation, or a full out implementation. 18. What types of attacks are you seeing? Typically an organization sees a constant stream of port scan attacks. These are a regular occurrence on the Internet as a result of attackers and worms. An organization should not be seeing many substantial attacks such as compromises, backdoors, or exploits on systems. This would indicate that the security defenses are weak, patching may not be occurring, or other vulnerabilities exist. 19. How often are logs reviewed? Logs should be reviewed every day. This includes IDS logs, system logs, management station logs, etc. Not reviewing the logs is one of the biggest mistakes an organization can make. Events of interest should be investigated daily. It can be a very tedious task for a single person to do this job as their only assignment (unless they really enjoy it). It is better to have a log review rotation system amongst the security team. 20. How often are you performing vulnerability scanning? An organization should be performing vulnerability scanning as often as possible, depending on the size of the network. The scanning should be scheduled to allow adequate time to review the reports, discover anything that has changed, and mitigate the vulnerability. Network Security: 30 Questions Every Manager Should Ask │ Page 5 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
21. What physical security controls are in place in your organization? Physical security is a large area that must be addressed by an organization. Examples of physical controls includes physical access controls (signs, locks, security guards, badges/PINs, bag search/scanning, metal detectors), CCTV, motion detectors, smoke and water detectors, and backup power generators. 22. What are your critical business systems and processes? Identifying your critical business systems and processes is the first step an organization should take in order to implement the appropriate security protections. Knowing what to protect helps determine the necessary security controls. Knowing the critical systems and processes helps determine the business continuity plan and disaster recovery plan process. Critical business systems and processes may include an e- commerce site, customer database information, employee database information, the ability to answer phone calls, the ability to respond to Internet queries, etc. 23. What are the specific threats to your organization? In addition to identifying the critical business systems and processes, it is important to identify the possible threats to those systems as well as the organization as a whole. You should consider both external and internal threats and attacks using various entry points (wireless, malicious code, subverting the firewall, etc.). Once again, this will assist in implementing the appropriate security protections and creating business continuity and disaster recovery plans. 24. What are the tolerable levels of impact your systems can have? An organization must understand how an outage could impact the ability to continue operations. For example, you must determine how long systems can be down, the impact on cash flow, the impact on service level agreements, and the key resources that must be kept running. 25. Are you performing content level inspections? In addition to the content level inspection performed by the IDS, specific content inspections should also be performed on web server traffic and other application traffic. Some attacks evade detection by containing themselves in the payload of packets, or by altering the packet in some way, such as fragmentation. Content level inspection at the web server or application server will protect against attacks such as those that are tunneled in legitimate communications, attacks with malicious data, and unauthorized application usage. Network Security: 30 Questions Every Manager Should Ask │ Page 6 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
26. How often are your systems patched? Systems should be patched every time a new patch is released. Many organizations don’t patch regularly and tend to not patch critical systems because they don’t want to risk downtime. However, critical systems are the most important to patch. You must schedule regular maintenance downtime to patch systems. As vulnerabilities are discovered, attackers often release exploits even before system patches are available. Therefore, it is imperative to patch systems as soon as possible. 27. How are you protecting against social engineering and phishing attacks? The best way to protect against social engineering and phishing attacks is to educate the users. Employees should attend security awareness training that explains these types of attacks, what to expect, and how to respond. There should also be a publicly posted incidents email address to report suspicious activity. 28. What security measures are in place for in-house developed applications? Any development that is taking place in house should include security from the beginning of the development process. Security needs to be a part of standard requirements and testing procedures. Code reviews should be conducted by a test team to look for vulnerabilities such as buffer overflows and backdoors. For security reasons, it is not a good idea to subcontract development work to third parties. 29. What type of traffic are you denying at the firewall? There should be a default deny rule on all firewalls to disallow anything that is not explicitly permitted. This is more secure than explicitly denying certain traffic because that can create holes and oversights on some potentially malicious traffic. 30. How are you monitoring for Trojans and backdoors? In addition to periodic vulnerability scanning, outgoing traffic should be inspected before it leaves the network, looking for potentially compromised systems. Organizations often focus on traffic and attacks coming into the network and forget about monitoring outgoing traffic. Not only will this detect compromised systems with Trojans and backdoors, but it will also detect potentially malicious or inappropriate insider activity. Network Security: 30 Questions Every Manager Should Ask │ Page 7 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
About Secure Anchor Consulting Secure Anchor Consulting provides information protection services to a great number of Fortune 500 industries, as well as government, military, energy, IT and legal industries. We have coalesced the expertise of well- known and widely respected security professionals, many of whom are respected authors and frequent speakers at venues around the globe, including the SANS Institute and BlackHat conferences. For More Information: Visit our website: www.secure-anchor.com Email us: info@secure-anchor.com Network Security: 30 Questions Every Manager Should Ask │ Page 8 Copyright © 2006 Secure Anchor Consulting. All rights reserved.

Empfohlen

SIEM
SIEMSIEM
SIEMNapier University
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklistbackdoor
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksEmmanuel Oshogwe Akpeokhai
 
Select idps
Select idpsSelect idps
Select idpsInfo-Tech Research Group
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security RequirementsSteven Cahill
 
code of conduct
code of conductcode of conduct
code of conductDavid Waddell
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 

Empfohlen

SIEM
SIEMSIEM
SIEMNapier University
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklistbackdoor
 
How Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksHow Organizations can Secure Their Database From External Attacks
How Organizations can Secure Their Database From External AttacksEmmanuel Oshogwe Akpeokhai
 
Select idps
Select idpsSelect idps
Select idpsInfo-Tech Research Group
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Basic Security Requirements
Basic Security RequirementsBasic Security Requirements
Basic Security RequirementsSteven Cahill
 
code of conduct
code of conductcode of conduct
code of conductDavid Waddell
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Chapter 15 Risk Mitigation
Chapter 15 Risk MitigationChapter 15 Risk Mitigation
Chapter 15 Risk MitigationDr. Ahmed Al Zaidy
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical ControlsMLG College of Learning, Inc
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee PresentationTony DeGonia (LION)
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareQuick Heal Technologies Ltd.
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breachesxband
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and TechnologyChapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and TechnologyDr. Ahmed Al Zaidy
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Chapter 9 Client and application Security
Chapter 9 Client and application SecurityChapter 9 Client and application Security
Chapter 9 Client and application SecurityDr. Ahmed Al Zaidy
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetInnovation Network Technologies: InNet
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagramSyed Ubaid Ali Jafri
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptxmishogelashvili28
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Chapter 15 Risk Mitigation
Chapter 15 Risk MitigationChapter 15 Risk Mitigation
Chapter 15 Risk MitigationDr. Ahmed Al Zaidy
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security IntelligenceSplunk
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
Information security principles
Information security principlesInformation security principles
Information security principlesDan Morrill
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee PresentationTony DeGonia (LION)
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareQuick Heal Technologies Ltd.
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breachesxband
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...UBM_Design_Central
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and TechnologyChapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and TechnologyDr. Ahmed Al Zaidy
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityPriyanka Aash
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Chapter 9 Client and application Security
Chapter 9 Client and application SecurityChapter 9 Client and application Security
Chapter 9 Client and application SecurityDr. Ahmed Al Zaidy
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetInnovation Network Technologies: InNet
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution hashnees
 

Was ist angesagt? (20)

002.itsecurity bcp v1
002.itsecurity bcp v1002.itsecurity bcp v1
002.itsecurity bcp v1
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 
Chapter 15 Risk Mitigation
Chapter 15 Risk MitigationChapter 15 Risk Mitigation
Chapter 15 Risk Mitigation
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
Information security principles
Information security principlesInformation security principles
Information security principles
 
Chamber Technology Committee Presentation
Chamber Technology Committee PresentationChamber Technology Committee Presentation
Chamber Technology Committee Presentation
 
Safeguard your enterprise against ransomware
Safeguard your enterprise against ransomwareSafeguard your enterprise against ransomware
Safeguard your enterprise against ransomware
 
Preventing Data Breaches
Preventing Data BreachesPreventing Data Breaches
Preventing Data Breaches
 
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...Five Essential Enterprise Architecture Practices to Create the Security-Aware...
Five Essential Enterprise Architecture Practices to Create the Security-Aware...
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
Chapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and TechnologyChapter 6Network Security Devices, Design, and Technology
Chapter 6Network Security Devices, Design, and Technology
 
Why Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum SecurityWhy Zero Trust Yields Maximum Security
Why Zero Trust Yields Maximum Security
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Chapter 9 Client and application Security
Chapter 9 Client and application SecurityChapter 9 Client and application Security
Chapter 9 Client and application Security
 
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheetCylance Ransomware-Remediation & Prevention Consulting Data-sheet
Cylance Ransomware-Remediation & Prevention Consulting Data-sheet
 
Review of network diagram
Review of network diagramReview of network diagram
Review of network diagram
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 

Ähnlich wie Dr. Eric Cole - 30 Things Every Manager Should Know

Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security ChecklistMobeen Khan
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host SecurityPACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host SecurityPace IT at Edmonds Community College
 
Information Technology Question.pdf
Information Technology Question.pdfInformation Technology Question.pdf
Information Technology Question.pdfbkbk37
 
HMI/SCADA ëŠŹìŠ€íŹ 감소
HMI/SCADA ëŠŹìŠ€íŹ 감소HMI/SCADA ëŠŹìŠ€íŹ 감소
HMI/SCADA ëŠŹìŠ€íŹ 감소GEìœ”ëŠŹì•„
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Michele Chubirka
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxcockekeshia
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Cleverence Kombe
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatanceKudzi Chikwatu
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfNeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solutionSchneider Electric India
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Mis
MisMis
Mismisecho
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1misecho
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 

Ähnlich wie Dr. Eric Cole - 30 Things Every Manager Should Know (20)

Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security Checklist
 
Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docx
 
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host SecurityPACE-IT, Security+ 4.3: Solutions to Establish Host Security
PACE-IT, Security+ 4.3: Solutions to Establish Host Security
 
Information Technology Question.pdf
Information Technology Question.pdfInformation Technology Question.pdf
Information Technology Question.pdf
 
HMI/SCADA ëŠŹìŠ€íŹ 감소
HMI/SCADA ëŠŹìŠ€íŹ 감소HMI/SCADA ëŠŹìŠ€íŹ 감소
HMI/SCADA ëŠŹìŠ€íŹ 감소
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docxWeek 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx
 
Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems Intrusion Detection Systems and Intrusion Prevention Systems
Intrusion Detection Systems and Intrusion Prevention Systems
 
security and system mainatance
security and system mainatancesecurity and system mainatance
security and system mainatance
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
Designing a security policy to protect your automation solution
Designing a security policy to protect your automation solutionDesigning a security policy to protect your automation solution
Designing a security policy to protect your automation solution
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Mis
MisMis
Mis
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 

Mehr von Nuuko, Inc.

Nuuko Enterprise Optimizer
Nuuko Enterprise OptimizerNuuko Enterprise Optimizer
Nuuko Enterprise OptimizerNuuko, Inc.
 
DOE Loans for Renewable Generation, Transmission Doubtful After September
DOE Loans for Renewable Generation, Transmission Doubtful After SeptemberDOE Loans for Renewable Generation, Transmission Doubtful After September
DOE Loans for Renewable Generation, Transmission Doubtful After SeptemberNuuko, Inc.
 
Managed care feb2009a article
Managed care feb2009a articleManaged care feb2009a article
Managed care feb2009a articleNuuko, Inc.
 
Nuuko enterprise optimizer case studies
Nuuko enterprise optimizer case studiesNuuko enterprise optimizer case studies
Nuuko enterprise optimizer case studiesNuuko, Inc.
 
Jerry tarasofsky for web 8.8
Jerry tarasofsky for web 8.8Jerry tarasofsky for web 8.8
Jerry tarasofsky for web 8.8Nuuko, Inc.
 
It's not about jobs jobs jobs
It's not about jobs jobs jobs It's not about jobs jobs jobs
It's not about jobs jobs jobs Nuuko, Inc.
 
Social media bootcamp presentation 071311.final
Social media bootcamp presentation 071311.finalSocial media bootcamp presentation 071311.final
Social media bootcamp presentation 071311.finalNuuko, Inc.
 
The death of the company
The death of the companyThe death of the company
The death of the companyNuuko, Inc.
 
Comm media advisory 6 14 final
Comm media advisory 6 14 finalComm media advisory 6 14 final
Comm media advisory 6 14 finalNuuko, Inc.
 
C suite clusters ppt for landing page
C suite clusters ppt for landing pageC suite clusters ppt for landing page
C suite clusters ppt for landing pageNuuko, Inc.
 
C suite clusters ppt for landing page
C suite clusters ppt for landing pageC suite clusters ppt for landing page
C suite clusters ppt for landing pageNuuko, Inc.
 
Communications cluster ppt 6.01
Communications cluster ppt 6.01Communications cluster ppt 6.01
Communications cluster ppt 6.01Nuuko, Inc.
 
Downstream org structure.refining ind
Downstream org structure.refining indDownstream org structure.refining ind
Downstream org structure.refining indNuuko, Inc.
 
Curtis robinson
Curtis robinsonCurtis robinson
Curtis robinsonNuuko, Inc.
 
Understanding pr tsa
Understanding pr tsaUnderstanding pr tsa
Understanding pr tsaNuuko, Inc.
 
About us poretz profile-1
About us poretz profile-1About us poretz profile-1
About us poretz profile-1Nuuko, Inc.
 
Bio for web
Bio for webBio for web
Bio for webNuuko, Inc.
 
Shelbybio for web
Shelbybio for webShelbybio for web
Shelbybio for webNuuko, Inc.
 
John caswell for web
John caswell for webJohn caswell for web
John caswell for webNuuko, Inc.
 
Web profile
Web profileWeb profile
Web profileNuuko, Inc.
 

Mehr von Nuuko, Inc. (20)

Nuuko Enterprise Optimizer
Nuuko Enterprise OptimizerNuuko Enterprise Optimizer
Nuuko Enterprise Optimizer
 
DOE Loans for Renewable Generation, Transmission Doubtful After September
DOE Loans for Renewable Generation, Transmission Doubtful After SeptemberDOE Loans for Renewable Generation, Transmission Doubtful After September
DOE Loans for Renewable Generation, Transmission Doubtful After September
 
Managed care feb2009a article
Managed care feb2009a articleManaged care feb2009a article
Managed care feb2009a article
 
Nuuko enterprise optimizer case studies
Nuuko enterprise optimizer case studiesNuuko enterprise optimizer case studies
Nuuko enterprise optimizer case studies
 
Jerry tarasofsky for web 8.8
Jerry tarasofsky for web 8.8Jerry tarasofsky for web 8.8
Jerry tarasofsky for web 8.8
 
It's not about jobs jobs jobs
It's not about jobs jobs jobs It's not about jobs jobs jobs
It's not about jobs jobs jobs
 
Social media bootcamp presentation 071311.final
Social media bootcamp presentation 071311.finalSocial media bootcamp presentation 071311.final
Social media bootcamp presentation 071311.final
 
The death of the company
The death of the companyThe death of the company
The death of the company
 
Comm media advisory 6 14 final
Comm media advisory 6 14 finalComm media advisory 6 14 final
Comm media advisory 6 14 final
 
C suite clusters ppt for landing page
C suite clusters ppt for landing pageC suite clusters ppt for landing page
C suite clusters ppt for landing page
 
C suite clusters ppt for landing page
C suite clusters ppt for landing pageC suite clusters ppt for landing page
C suite clusters ppt for landing page
 
Communications cluster ppt 6.01
Communications cluster ppt 6.01Communications cluster ppt 6.01
Communications cluster ppt 6.01
 
Downstream org structure.refining ind
Downstream org structure.refining indDownstream org structure.refining ind
Downstream org structure.refining ind
 
Curtis robinson
Curtis robinsonCurtis robinson
Curtis robinson
 
Understanding pr tsa
Understanding pr tsaUnderstanding pr tsa
Understanding pr tsa
 
About us poretz profile-1
About us poretz profile-1About us poretz profile-1
About us poretz profile-1
 
Bio for web
Bio for webBio for web
Bio for web
 
Shelbybio for web
Shelbybio for webShelbybio for web
Shelbybio for web
 
John caswell for web
John caswell for webJohn caswell for web
John caswell for web
 
Web profile
Web profileWeb profile
Web profile
 

KĂŒrzlich hochgeladen

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

KĂŒrzlich hochgeladen (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Dr. Eric Cole - 30 Things Every Manager Should Know

  • 1. Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting
  • 2. Network Security: 30 Questions Every Manager/Executive Must Answer in Order to Track and Validate the Security of Their Organization 1. What does your network/security architecture diagram look like? The first thing you need to know to protect your network and systems is what you are protecting. You must know: ‱ The physical topologies ‱ Logical topologies (Ethernet, ATM, 802.11, VoIP, etc.) ‱ Types of operating systems ‱ Perimeter protection measures (firewall and IDS placement, etc.) ‱ Types of devices used (routers, switches, etc.) ‱ Location of DMZs ‱ IP address ranges and subnets ‱ Use of NAT In addition, you must know where the diagram is stored and that it is regularly updated as changes are made. 2. What resources are located on your DMZ? Only systems that are semi-public should be kept on the DMZ. This includes external web servers, external mail servers, and external DNS. A split-architecture may be used where internal web, mail, and DNS are also located on the internal network. 3. What resources are located on your internal network? In addition to internal web, mail, and DNS servers, your internal network could also include databases, application servers, and test and development servers. 4. Where is your organization’s security policy posted and what is in it? There should be an overall policy that establishes the direction of the organization and its security mission as well as roles and responsibilities. There can also be system-specific policies to address for individual systems. Most importantly, the policies should address the appropriate use of computing resources. In addition, policies can address a number of security controls from passwords and backups to proprietary information. There should be clear procedures and processes to follow for each policy. These policies should be included in the employee handbook and posted on a readily accessible intranet site. Network Security: 30 Questions Every Manager Should Ask │ Page 2 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
  • 3. 5. What is your organization’s password policy? A password policy should require that a password: ‱ Be at least 8 characters long ‱ Contain both alphanumeric and special characters ‱ Change every 60 days ‱ Cannot be reused after every five cycles ‱ Is locked out after 3 failed attempts In addition, you should be performing regular password auditing to check the strength of passwords; this should also be documented in the password policy. 6. What applications and services are specifically denied by your organization’s security policy? Your organization’s security policy should specify applications, services, and activities that are prohibited. These can include, among others: ‱ Viewing inappropriate material ‱ Spam ‱ Peer-to-peer file sharing ‱ Instant messaging ‱ Unauthorized wireless devices ‱ Use of unencrypted remote connections such as Telnet and FTP 7. What types of IDSs does your organization use? To provide the best level of detection, an organization should use a combination of both signature-based and anomaly-based intrusion detection systems. This allows both known and unknown attacks to be detected. The IDSs should be distributed throughout the network, including areas such as the Internet connection, the DMZ, and internal networks. 8. Besides default rulesets, what activities are actively monitored by your IDS? IDSs come with default rulesets to look for common attacks. These rulesets must also be customized and augmented to look for traffic and activities specific to your organization’s security policy. For example, if your organization’s security policy prohibits peer-to-peer communications, then a rule should be created to watch for that type of activity. In addition, outbound traffic should be watched for potential Trojans and backdoors. Network Security: 30 Questions Every Manager Should Ask │ Page 3 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
  • 4. 9. What type of remote access is allowed? Remote access should be tightly controlled, monitored, and audited. It should only be provided over a secure communication channel that uses encryption and strong authentication, such as an IPSEC VPN. Desktop modems (including applications such as PCAnywhere), unsecured wireless access points, and other vulnerable methods of remote access should be prohibited. 10. What is your wireless infrastructure? Part of knowing your network architecture includes knowing the location of wireless networks since they create another possible entry point for an attacker. You must also confirm whether they are being used for sensitive data and are they secured as best as possible. 11. How is your wireless infrastructure secured? Wireless access must at least use WEP with 128-bit encryption. Although this provides some security, it is not very robust, which is why your wireless network should not be used for sensitive data. Consider moving to the 802.11i standard with AES encryption when it is finalized. 12. What desktop protections are used? Desktops should have a combination of anti-virus software, personal firewall, and host-based intrusion detection. Each of these software packages must be regularly updated as new signatures are deployed. They must also be centrally managed and controlled. 13. Where, when, and what type of encryption is used? VPNs should be used for remote access and other sensitive communication. IPSEC is a great choice for this purpose. Strong encryption protocols such as 3DES and AES should be used whenever possible. Web access to sensitive or proprietary information should be protected with 128-bit SSL. Remote system administration should use SSH. Sometimes file system encryption is also used to protect stored data. 14. What is your backup policy? A good backup policy includes weekly full backups with incremental backups performed daily. This includes all critical systems. In addition, the backups should be stored at an offsite location. Since backups include very valuable, easily accessible information, only trusted individuals should be performing them and have access to them. An organization should also encourage users to perform local backups as well. Network Security: 30 Questions Every Manager Should Ask │ Page 4 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
  • 5. 15. How is sensitive information disposed? Hard copies of sensitive information should be destroyed by pulping, shredding, or incinerating. Sensitive information on hard drives and disks should be completely erased using special software, or the disks destroyed. Simply deleting a file is not sufficient to prevent attackers from undeleting the file later. If you are disposing of a computer system, be sure to erase all sensitive files from the hard drive by using a wipeout utility. 16. What is included in your disaster recovery plan? Your disaster recovery plan (DRP) should include recovery of data centers and recovery of business operations. It should also include recovery of the accrual physical business location and recovery of the business processes necessary to resume normal operations. In addition, the DRP should address alternate operating sites. 17. How often is your disaster recovery plan tested? The plan is no good unless it is tested at least once a year. These tests will iron out problems in the plan and make it more efficient and successful if/when it is needed. Testing can include walkthroughs, simulation, or a full out implementation. 18. What types of attacks are you seeing? Typically an organization sees a constant stream of port scan attacks. These are a regular occurrence on the Internet as a result of attackers and worms. An organization should not be seeing many substantial attacks such as compromises, backdoors, or exploits on systems. This would indicate that the security defenses are weak, patching may not be occurring, or other vulnerabilities exist. 19. How often are logs reviewed? Logs should be reviewed every day. This includes IDS logs, system logs, management station logs, etc. Not reviewing the logs is one of the biggest mistakes an organization can make. Events of interest should be investigated daily. It can be a very tedious task for a single person to do this job as their only assignment (unless they really enjoy it). It is better to have a log review rotation system amongst the security team. 20. How often are you performing vulnerability scanning? An organization should be performing vulnerability scanning as often as possible, depending on the size of the network. The scanning should be scheduled to allow adequate time to review the reports, discover anything that has changed, and mitigate the vulnerability. Network Security: 30 Questions Every Manager Should Ask │ Page 5 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
  • 6. 21. What physical security controls are in place in your organization? Physical security is a large area that must be addressed by an organization. Examples of physical controls includes physical access controls (signs, locks, security guards, badges/PINs, bag search/scanning, metal detectors), CCTV, motion detectors, smoke and water detectors, and backup power generators. 22. What are your critical business systems and processes? Identifying your critical business systems and processes is the first step an organization should take in order to implement the appropriate security protections. Knowing what to protect helps determine the necessary security controls. Knowing the critical systems and processes helps determine the business continuity plan and disaster recovery plan process. Critical business systems and processes may include an e- commerce site, customer database information, employee database information, the ability to answer phone calls, the ability to respond to Internet queries, etc. 23. What are the specific threats to your organization? In addition to identifying the critical business systems and processes, it is important to identify the possible threats to those systems as well as the organization as a whole. You should consider both external and internal threats and attacks using various entry points (wireless, malicious code, subverting the firewall, etc.). Once again, this will assist in implementing the appropriate security protections and creating business continuity and disaster recovery plans. 24. What are the tolerable levels of impact your systems can have? An organization must understand how an outage could impact the ability to continue operations. For example, you must determine how long systems can be down, the impact on cash flow, the impact on service level agreements, and the key resources that must be kept running. 25. Are you performing content level inspections? In addition to the content level inspection performed by the IDS, specific content inspections should also be performed on web server traffic and other application traffic. Some attacks evade detection by containing themselves in the payload of packets, or by altering the packet in some way, such as fragmentation. Content level inspection at the web server or application server will protect against attacks such as those that are tunneled in legitimate communications, attacks with malicious data, and unauthorized application usage. Network Security: 30 Questions Every Manager Should Ask │ Page 6 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
  • 7. 26. How often are your systems patched? Systems should be patched every time a new patch is released. Many organizations don’t patch regularly and tend to not patch critical systems because they don’t want to risk downtime. However, critical systems are the most important to patch. You must schedule regular maintenance downtime to patch systems. As vulnerabilities are discovered, attackers often release exploits even before system patches are available. Therefore, it is imperative to patch systems as soon as possible. 27. How are you protecting against social engineering and phishing attacks? The best way to protect against social engineering and phishing attacks is to educate the users. Employees should attend security awareness training that explains these types of attacks, what to expect, and how to respond. There should also be a publicly posted incidents email address to report suspicious activity. 28. What security measures are in place for in-house developed applications? Any development that is taking place in house should include security from the beginning of the development process. Security needs to be a part of standard requirements and testing procedures. Code reviews should be conducted by a test team to look for vulnerabilities such as buffer overflows and backdoors. For security reasons, it is not a good idea to subcontract development work to third parties. 29. What type of traffic are you denying at the firewall? There should be a default deny rule on all firewalls to disallow anything that is not explicitly permitted. This is more secure than explicitly denying certain traffic because that can create holes and oversights on some potentially malicious traffic. 30. How are you monitoring for Trojans and backdoors? In addition to periodic vulnerability scanning, outgoing traffic should be inspected before it leaves the network, looking for potentially compromised systems. Organizations often focus on traffic and attacks coming into the network and forget about monitoring outgoing traffic. Not only will this detect compromised systems with Trojans and backdoors, but it will also detect potentially malicious or inappropriate insider activity. Network Security: 30 Questions Every Manager Should Ask │ Page 7 Copyright © 2006 Secure Anchor Consulting. All rights reserved.
  • 8. About Secure Anchor Consulting Secure Anchor Consulting provides information protection services to a great number of Fortune 500 industries, as well as government, military, energy, IT and legal industries. We have coalesced the expertise of well- known and widely respected security professionals, many of whom are respected authors and frequent speakers at venues around the globe, including the SANS Institute and BlackHat conferences. For More Information: Visit our website: www.secure-anchor.com Email us: info@secure-anchor.com Network Security: 30 Questions Every Manager Should Ask │ Page 8 Copyright © 2006 Secure Anchor Consulting. All rights reserved.