Top 10 network security tips

I was asked by a client to develop a "best practices" guide for securing Microsoft IIS 5.0. In my search for supporting reference material, I came across a very informative document called The 60 Minute Network Security Guide on the National Security Agency Web site (www.nsa.gov). The document is only about 40 pages long, but it's packed with valuable pearls of wisdom on how to secure your network enterprise, including specific information for Windows and Unix systems. The document is what is known as a "best practices" guideline for network security. Here's a summary:

1. Make sure you have a security policy in place -— The security policy is the formal statement of rules on how security will be implemented in your organization. A security policy should define the level of security and the roles and responsibilities of users, administrators and managers.
2. Make sure all of your operating systems and applications are patched with the latest service packs and hotfixes -— Keeping your systems patched will close vulnerabilities that can be exploited by hackers.
3. Keep an inventory of your network devices -— Develop and maintain a list of all hardware/software components, and understand which default software installations provide weak security configurations.
4. Scan TCP/UDP services -— Turn off or remove unnecessary services. Unneeded services can be the entry point attackers use to gain control of your system.
5. Establish a strong password policy -— Weak passwords could mean a compromised user account.
6. Don't trust code from non-trusted sources.
7. Block certain e-mail attachment types -— This list includes .bas, .bat, .exe and .vbs.
8. Don't provide more rights to system resources than necessary -— Implement the concept of "least privilege".
9. Perform your own network security testing -— Find the holes before the attackers do!
10. Implement "defense-in-depth" -— Don't rely on just one control or system to provide all the security you need.

I recommend downloading this document and reading it from cover to cover. It's packed with excellent tips and techniques to help secure your network environment.

About the author:
Mark Edmead, CISSP, SSCP, TICSA, is president of MTE Software, Inc. (www.mtesoft.com), and has more than 25 years' experience in software development, product development and network systems security.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Tactics Microsoft WIL: How to take control of data integrity levels Screencast: Penetration testing with Metasploit Microsoft PatchGuard: Locking down the kernel, or locking out security? How to lock down instant messaging in the enterprise Employee-owned handhelds: Security and network policy considerations Worst practices: Exposing IAM blunders Screencast: Nessus Phased NAC deployment for compliance and policy enforcement BitLocker: Windows data protection with whole-disk encryption? Screencast: Opening up the Network Security Toolkit Creating and Managing Information Security Policies How to lock down instant messaging in the enterprise Worst practices: Security incidents to avoid Thompson calls for marriage of data and security management Incident response success in five quick steps Social networking Web site threats manageable with good enterprise policy IT GRC: Combining disciplines for better enterprise security Security management in 2008: What's in store Should keystroke loggers be used in enterprise investigations? Exploring enterprise policy management options With data breach costs soaring, companies should review data sharing policies Creating and Managing Information Security Policies Research Network Intrusion Prevention (IPS) What security risks do enterprise honeypots pose? What are the benefits of 'in-the-cloud' network security services? What is a 'top-down' IPS sensor search? Is a 'self-defending network' possible? Best practices for purchasing an intrusion detection device VeriSign, AirMagnet team up for wireless IPS Sourcefire, Nmap deal to open vulnerability scanning Interop: Vendors update software, demonstrate new security features McAfee launches IPS for 10g networks, but is IT ready? Microsoft NAP-TNC compatibility won't speed adoption, users say Network Intrusion Prevention (IPS) Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary defense in depth  (SearchSecurity.com) non-disclosure agreement  (SearchSecurity.com) security policy  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.