Admittedly, it's a list of network security best practices that falls far short on the sensationalism scale. But on the practicality scale, call it a 10 -- maybe even a 14.
Since September 11, Pittsburgh, Pa.-based security services and solutions provider Red Siren has developed and updated a network infrastructure security checklist. The most recent iteration of this list, which stands at 14 items, was released last week, in light of the federal government's most recent cyberterrorism alert.
"This is a list of thought processes and reminders that network administrators and security officers can do," said Red Siren president and CEO Douglas J. Goodall. "It's all in a single document that a chief security officer could distribute to administrators and the rest of the management team as sort of a primer."
Goodall admits the checklist is low on "gee-whiz, look-at-that" items.
"Many companies are already doing some or all of the items on the checklist," he said. "It's a document CSOs can have and review. It's a helpful document."
Below is the checklist:
- Check systems for zombie agent software.
- Minimize external exposure by minimizing Internet access and connectivity. [Red Siren recommends against leaving non-mission critical Internet connections open continuously and says to deny Internet access to employees who do not need it.]
- Review security policies and ensure that they are current, implemented and enforced.
- Ensure all current service-level and security patches have been installed on operating systems and software, including antivirus updates.
- Enhance the review and monitoring of all critical system logs for suspect activity, and consider implementing an intrusion-detection system.
- Revisit your firewall configurations and rules to ensure that unnecessary ports and services are turned off and that access control is tightly managed.
- Consider curtailing remote access by employees, business partners, customers and consultants to essential business.
- Consider changing passwords for all super-user or power IDs such as Root, dbadmin, application manager IDs, etc., especially if that information has become widely shared.
- Revisit access control lists to ensure that access to critical functions and resources is limited.
- Contact your Internet Service Provider (ISP) to discuss what measures they are taking to ensure the security and reliability of the services they are providing you.
- Ensure all critical systems are regularly backed up and actual systems recovery procedures have been tested.
- Consider an incident response plan for addressing actions to be taken should a debilitating cyber-incident/event occur, affecting your business.
- Ensure all users of your corporate computer systems (including employees, consultants, contractors and temporary workers) understand the importance of protecting the business and their role in the overall program.
- Users working from home via high-speed, broadband connections should be required to have a firewall installed on their system. In addition, they should only be allowed to connect to the corporate network through a VPN tunnel.
FOR MORE INFORMATION:
- FEEDBACK: What would you add to this network security checklist?
Send your thoughts to News Editor Michael S. Mimoso.