Creating Network security procedure

Posted on 2004-11-23
Last Modified: 2013-11-16
I need to create a network security procedure for my company.  Can anyone tell me what needs to be in one or can I get an example?
Question by:sweetom
    LVL 38

    Accepted Solution

    First you need policies, then they will help you define your procedures. The SANS Institute has some of the best stuff written, it's easy to understand and customize to your organization.

    Read through some of those, like the Acceptable use policy for example. The acceptable use policy has in it things like, keeping passwords safe, labeling confidential emails as confidential,  p2p software is unaccptable etc...

    I believe this will be your first step- If you need more info just right back, I'll be happy to add- I'm just unsure of your question because it's pretty brief.

    LVL 38

    Expert Comment

    by:Rich Rumble
    typo's "right"... i meant "write back"... i'm getting too old.
    LVL 2

    Expert Comment

    I agree with Rich.
    That SANS link is the best place to go.
    There are pay-sites that have sample policies, but SANS has all you need.

    Also useful (and from SANS again) would be the sans reading room for all things related to infosec:

    For things specifically related to developing and implementing policy:

    And remember - developing policy is one thing. Ensuring it's followed and reviewing it's relevance/practicality is another thing altogether and crucial. It's no use enforcing 15 character complex passwords if people are going to write them on a post-it note and stick it on the monitor! :)

    LVL 9

    Expert Comment

    I had to put these types of policies in place for my company.  Here are a list of suggestions ontop of what has already been said.  

    Once you get your policies in place make sure your Human Resources, or other Executive Managment personnel, agree with the policies and will support them.  The policies are no good if they are not supported by upper management.  Keep in mind that you will most likely have to enforce these policies at one time or another.  We had ours user sign a form stating that they read, understood, and agreed to follow all the policies.  We also had all of the policies posted on the Company intranet.

    Get a good password policy.  I am a consulatant now and I have walked into many customers sites and been able to get on their network too easily.  Blank passwords, password on sticky notes etc are a very bad thing to have in your organization and are very hard to prevent.

    A good firewall is also very important to your network.  Remember to log the firewall and to block unwanted traffic from comming in and going out.  Most people overlook the outbound policies.  Also make sure you have some intrusion detection, this is often overlooked as well.

    Keep all you machines up to date with service packs and patches.

    Have up to date anti virus software on all workstations and servers.

    If you can remove all modems from servers and workstations, this may not be cost effective or feasible for you to do.  Cisco had analog line cards that can be added to some of thier routers.  that way all modem traffic can be passed though a firewall.

    If you have Windows 2000 or Windows XP workstation prevent users from installing software.  There is usually never a good reason why a user would need to install software on thier machine.

    Use a proxy server to monitor Internet use.  Providing reports of users activities to managment is a great deterent to inappopriate use.

    Have a good backup and distaster recover procedure.  I would typically ghost my servers after new software or service packs, etc were installed.  All the actual data was backed up daily and achived once a week.  The previous weeks tapes were kept off site.  Monitor your backup logs to make sure the backup are actually running okay.

    Docuement your network, and I mean everything that you have in it.  If you have to rebuild anything it's much easier if its been documented.  Your docuementation should be kept in a secure place, since if its done right you would not want it to fall into the wrong hands.

    There are a lot of other things that can/should be done to build a godo network secuity procedure. I hope this list helped.
    LVL 1

    Expert Comment

    A couple of things that I think are going to be very important as you move forward with this.

    1.  Make sure that you raise awareness, and show the need for improving security.
    2.  Make sure that you have senior management buy in.  They can say that they want to be more secure, but they will need to back you.  

    <advertizing removed by CetusMOD per http:help.jsp#hi106>

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now