Protection of the environment is not a task that is defined for the lifetime of the environment but it is an ongoing process of adaptation, (update items) during routine inspections. Whether you need a senior executive or security officer in a large organization or an IT Manager in a small business you a checklist of security which is dynamic. While that uses such a checklist you, say to check that all parts of the environment be treated, would the same checklist that certain areas have become obsolete while others need more hardship. Check these reviews with the IT staff responsible would to new areas that may be missing from the list, also rotate. A high-level security checklist as she should deal one security controls implementation details below with, but it can be expanded or linked to other documents. It is a sample checklist that can be used as a starting point!
Physical security:
1. Access to the server room
2. Access procedures and guidelines
3. Redundant and memory hardware - ex: RAID, backup drives, etc..
4. Disable unused network points
5. CCTV control / theft and fire systems
6. Mobile workers guidelines for handhelds/laptops - ex: terms of use
7. Inventory of all hardware
8...
Network security:
1. Network switches configuration - ex: Replace default settings
2. Monitoring of network traffic - ex: performance problems due to malicious scan tool
3. Monitor Internet traffic (company policy!)
4. Allows protocols - ex: SNMP, community strings settings and permissions
5. DMZ Setup - ex: server in the DMZ should save not internal IP addresses
6. Firewall configuration - ex: allowed/blocked ports, secure VPN access, etc.
7. IDS or IPS configuration if implemented
8...
Wireless network:
1. WAP configuration - ex: Replace default settings such as SSID name
2. Shared key management - ex: centralized, process rules, complexity
3. Additional security - ex: disable SSID broadcast, use HTTPS, Mac filtering, etc.
4...
Application server:
1. Mail server configuration - ex: open relay!, antivirus solution, etc..
2. Web server configuration - ex: disable unused services/accounts, etc..
3. Database server configuration - ex: DB admin account, logs, etc..
(4) DNS server configuration - ex: zone transfer, cache settings, etc.
5. File server - ex: ACL, file shares, antivirus, etc.
6. AD configuration - ex: group security policies, ACL, etc.
7. Update mechanism - ex: systems and applications, updates, notifications, etc.
8. Protocols - ex: protocols are enabled, collect and review protocols
9. Remote admin-ex: Secure SSH, RDP, etc.
10. Admin scripts - ex: passwords in plain text!
11. Monitoring mechanism - ex: notified if services down
12...
Client workstations:
1. Software updates distribution – ex: car vs manual updates, central distribution
2. Anti-virus solution - ex: can not be disabled automatic updates, etc.
3. Computer policies - ex: disable idle workstations installation permissions, etc..
4. Hardware usage guidelines - ex: unused ports, media usage, etc. to lock.
5. Software inventory - ex: applications installed with version numbers
6. User access permissions - ex: DIS / allow administrator privileges!
7. Password policy - ex: strong, but not too complicated
8...
Others:
1. Staff training - ex: ethics, security awareness, etc.
2. Staff training - ex: training program
3. Data non - disclosure Agreement-
4. Social media use policy - ex: Facebook, personal blogs, etc.
5. Other policy.
The above checklist is not complete, but should you a Vorsprung.Daher be any additions you important begrüßt.Sie can keep you may submit as comments.
No comments:
Post a Comment