[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Creating Network security procedure

Posted on 2004-11-23
5
Medium Priority
?
1,206 Views
Last Modified: 2013-11-16
I need to create a network security procedure for my company.  Can anyone tell me what needs to be in one or can I get an example?
0
Comment
Question by:sweetom
5 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1500 total points
ID: 12661136
First you need policies, then they will help you define your procedures. The SANS Institute has some of the best stuff written, it's easy to understand and customize to your organization.
http://www.sans.org/resources/policies/

Read through some of those, like the Acceptable use policy for example. The acceptable use policy has in it things like, keeping passwords safe, labeling confidential emails as confidential,  p2p software is unaccptable etc...

I believe this will be your first step- If you need more info just right back, I'll be happy to add- I'm just unsure of your question because it's pretty brief.

-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 12661143
typo's "right"... i meant "write back"... i'm getting too old.
-rich
0
 
LVL 2

Expert Comment

by:mellowmarquis
ID: 12664226
I agree with Rich.
That SANS link is the best place to go.
There are pay-sites that have sample policies, but SANS has all you need.

Also useful (and from SANS again) would be the sans reading room for all things related to infosec:
http://www.sans.org/rr

For things specifically related to developing and implementing policy:
http://www.sans.org/rr/whitepapers/policyissues/

And remember - developing policy is one thing. Ensuring it's followed and reviewing it's relevance/practicality is another thing altogether and crucial. It's no use enforcing 15 character complex passwords if people are going to write them on a post-it note and stick it on the monitor! :)

-Mark
0
 
LVL 9

Expert Comment

by:rshooper76
ID: 12667304
I had to put these types of policies in place for my company.  Here are a list of suggestions ontop of what has already been said.  

Once you get your policies in place make sure your Human Resources, or other Executive Managment personnel, agree with the policies and will support them.  The policies are no good if they are not supported by upper management.  Keep in mind that you will most likely have to enforce these policies at one time or another.  We had ours user sign a form stating that they read, understood, and agreed to follow all the policies.  We also had all of the policies posted on the Company intranet.

Get a good password policy.  I am a consulatant now and I have walked into many customers sites and been able to get on their network too easily.  Blank passwords, password on sticky notes etc are a very bad thing to have in your organization and are very hard to prevent.

A good firewall is also very important to your network.  Remember to log the firewall and to block unwanted traffic from comming in and going out.  Most people overlook the outbound policies.  Also make sure you have some intrusion detection, this is often overlooked as well.

Keep all you machines up to date with service packs and patches.

Have up to date anti virus software on all workstations and servers.

If you can remove all modems from servers and workstations, this may not be cost effective or feasible for you to do.  Cisco had analog line cards that can be added to some of thier routers.  that way all modem traffic can be passed though a firewall.

If you have Windows 2000 or Windows XP workstation prevent users from installing software.  There is usually never a good reason why a user would need to install software on thier machine.

Use a proxy server to monitor Internet use.  Providing reports of users activities to managment is a great deterent to inappopriate use.

Have a good backup and distaster recover procedure.  I would typically ghost my servers after new software or service packs, etc were installed.  All the actual data was backed up daily and achived once a week.  The previous weeks tapes were kept off site.  Monitor your backup logs to make sure the backup are actually running okay.

Docuement your network, and I mean everything that you have in it.  If you have to rebuild anything it's much easier if its been documented.  Your docuementation should be kept in a secure place, since if its done right you would not want it to fall into the wrong hands.

There are a lot of other things that can/should be done to build a godo network secuity procedure. I hope this list helped.
0
 
LVL 1

Expert Comment

by:Robnhood
ID: 12674961
A couple of things that I think are going to be very important as you move forward with this.

1.  Make sure that you raise awareness, and show the need for improving security.
2.  Make sure that you have senior management buy in.  They can say that they want to be more secure, but they will need to back you.  

Craig.
<advertizing removed by CetusMOD per http:help.jsp#hi106>
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question