Top 10 network security tips

I was asked by a client to develop a "best practices" guide for securing Microsoft IIS 5.0. In my search for supporting reference material, I came across a very informative document called The 60 Minute Network Security Guide on the National Security Agency Web site (www.nsa.gov). The document is only about 40 pages long, but it's packed with valuable pearls of wisdom on how to secure your network enterprise, including specific information for Windows and Unix systems. The document is what is known as a "best practices" guideline for network security. Here's a summary:

1. Make sure you have a security policy in place -— The security policy is the formal statement of rules on how security will be implemented in your organization. A security policy should define the level of security and the roles and responsibilities of users, administrators and managers.
2. Make sure all of your operating systems and applications are patched with the latest service packs and hotfixes -— Keeping your systems patched will close vulnerabilities that can be exploited by hackers.
3. Keep an inventory of your network devices -— Develop and maintain a list of all hardware/software components, and understand which default software installations provide weak security configurations.
4. Scan TCP/UDP services -— Turn off or remove unnecessary services. Unneeded services can be the entry point attackers use to gain control of your system.
5. Establish a strong password policy -— Weak passwords could mean a compromised user account.
6. Don't trust code from non-trusted sources.
7. Block certain e-mail attachment types -— This list includes .bas, .bat, .exe and .vbs.
8. Don't provide more rights to system resources than necessary -— Implement the concept of "least privilege".
9. Perform your own network security ...
   
   To continue reading for free, register below or login

   Requires Membership to View

   To gain access to this and all member only content, please provide the following information:

   Email Address:
   
   
   

   By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   To read more you must become a member of SearchSecurity.com

   As an existing member of the TechTarget network please activate your SearchSecurity.com account 

   By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.
   
   TechTarget cares about your privacy. Read our Privacy Policy
   
   
   

   BROWSE BY TAG Information Security Policies, Procedures and Guidelines,   Information Security Management,   Password Management and Policy,   Enterprise Identity and Access Management,   Identity Management Technology and Strategy,   Application and Platform Security,   Email Security Guidelines, Encryption and Appliances,   Email Protection,   Network Security Tactics,   Network Intrusion Prevention (IPS),   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Enterprise Vulnerability Management,   Vulnerability Risk Assessment,   Security Patch Management,   VIEW ALL TAGS

   
   

   RELATED CONTENT Information Security Policies, Procedures and Guidelines Schneier-Ranum face-off part 6: Audience questions Editor's Desk: Apathy and the Cybersecurity Coordinator Writing security policies using a taxonomy-based approach How to detect and respond to money laundering Health Net breach failure of security policy, technology How to protect distributed information flows Whitelists, SaaS modify traditional security, tackle flaws Melissa Hathaway urges more cooperation, government attention to cybersecurity Reuters: Obama ready to select cyber security czar How a corporate Twitter policy can combat social network threats Password Management and Policy Torrent phishing scheme trips up Twitter users Microsoft, security firms warn of password meltdown How to find and remove keyloggers and prevent spyware installation How to encrypt passwords using network security certificates Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats How to determine password strength for a website Prevent password cracking with password management strategies Brute force attacks target Yahoo email accounts Best Identity and Access Management Products Email Security Guidelines, Encryption and Appliances Information security book excerpts and reviews How to confirm the receipt of an email with security protocols Best Email Security Products Can an IP spoofing tool be used to spam SPF servers? WatchGuard acquires email and Web security vendor BorderWare McAfee to acquire email SaaS vendor MX Logic What does 'invoked by uid 78' mean? How to configure firewall ports for webmail system implementation Fierce competition prompted new Cisco email security options Cisco brings email security appliances closer to SaaS

   RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary defense in depth  (SearchSecurity.com) non-disclosure agreement  (SearchSecurity.com) security policy  (SearchSecurity.com)

   RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

   
   
   testing -— Find the holes before the attackers do!

10. Implement "defense-in-depth" -— Don't rely on just one control or system to provide all the security you need.

I recommend downloading this document and reading it from cover to cover. It's packed with excellent tips and techniques to help secure your network environment.

About the author:
Mark Edmead, CISSP, SSCP, TICSA, is president of MTE Software, Inc. (www.mtesoft.com), and has more than 25 years' experience in software development, product development and network systems security.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.