|
Proper network design and configuration
is the first step towards network security
Network Chico network security
guidelines:
- Maximum of one DHCP server per network segment
- Use static IP addresses when possible
- Use a hardware firewall in addition
to software firewalls to protect networks
- Use intrusion detection software or
hardware or both
- Use intrusion prevention hardware or
software or both
- Keep public services and servers in a DMZ
- Use a proxy server to protect your intranet
- Use encryption when possible [128-bit or more]
- Use firewall software on all computers
connected to the network
- Use anti-virus software on all
computers connected to the network
- Use strong passwords and enforce
a password policy
- Turn off all unused services on servers and workstations
Network Scanner
is a free multi-threaded IP, NetBIOS and SNMP scanner with a
modern interface and several advanced features. It is intended
for both system administrators and users who are interested in
computer security. The program pings computers, scans for listening
TCP ports and shows what types of resources are shared on a network
(including system and hidden). Supported platforms: Windows
95, 98, ME, NT, 2000, XP, 2003
TAKE ADVANTAGE OF FREE TOOLS
TO BENCHMARK YOUR NETWORK
When it comes to the confidentiality, integrity, and availability
of your corporate network, it should go without saying that security
is a vital concern. Of course, accepting this fact doesn't mean
you automatically know where to begin. The task of securing a
variety of platforms can be overwhelming, particularly if you
don't have the time or resources to do it thoroughly. However,
industry best practices for security have evolved enough that
there is plenty of free information available out there to help
you secure your network. Every network security project should
begin with performing a security benchmark of the devices that
run on your network. You don't need to be an expert on every
O/S and platform; you just need to know where to look for the
right tools. Let's take a look at a couple of free tools that
no administrator should be without.
For several years, members of the National Institute of Standards
and Technology, the Defense Information Systems Agency, the National
Security Agency, the General Services Administration, the SANS
Institute, and the Center for Internet Security have collaborated
on a joint project to address security concerns in networked
information systems. These agencies combined their substantial
experience and technical capabilities to provide users with an
automated system and guidelines to verify and modify the baseline
of your network devices to meet an industry standard benchmark
of security; free of charge.
This project's main offering is the Computer Information Systems
(CIS) scoring tool. Available from the Center for Internet Security,
the CIS scoring tool analyzes your system against a security
benchmark and available hot fixes for the specific platform you're
checking.
http://www.cisecurity.org/
The CIS scoring tool is a nondestructive process, which you
can run against both new installations and production systems.
The resulting report guides you in an in-depth approach to the
steps you need to take to harden your systems. Currently, you
can use the CIS scoring tool against the following operating
systems, devices, and applications: Windows XP Professional,
Windows Server 2003, Windows 2000 Professional, Windows 2000
Server, Windows 2000 (for both servers and workstations), Windows
NT, FreeBSD, Solaris, Linux, HP-UX, Cisco IOS Router, Cisco PIX,
Oracle Database, and Apache Web Server. To take advantage of
this tool, read the implementation guide, install the tool, and
run the tool against the platform you want to benchmark. Each
platform has an accompanying guide that describes in detail how
the developers created the scoring method as well as how to increase
your platform security to meet industry standards.
As an added bonus, instead of chasing down individual fixes,
several security configuration templates are available. You can
apply these templates to your systems, and they'll modify the
security configuration to meet current benchmark standards. One
word of caution: Read the information about the security configuration
templates carefully. Some of them are specifically for highly
secure environments, and they might not be appropriate for your
organization's operational systems. It's that simple; nothing
to buy and no in-depth knowledge necessary. Read a guide, run
a tool, and fix your security.
In addition to the CIS scoring tool and the accompanying benchmark
guides, the National Institute of Standards and Technology maintains
a publicly available resource of more than 50 Security Technical
Implementation Guides (STIGs) and checklists. Covering a wide
variety of platforms, these resources provide a detailed step-by-step
approach for implementing and documenting security settings that
are the accepted standards of the U.S. government.
http://csrc.nist.gov/pcig/cig.html
The security of your local network is a global concern. Be
a good Internet neighbor and take a good look at these guidelines.
Approximately 28 seconds after you connect a device to the Internet
a remote host scans it. Your only defense is to apply a level
of security against a known benchmark and follow industry best
practices. There are no ruby red slippers to click when it comes
to network and systems security. However, taking advantage of
free security tools is a good place to start to secure your corporate
network.
 
Additional security pages:
| Anti-virus | Browser
cookies | Email | Firewall
| IPS |
| Network | Passwords
| Registry | Server
| Spyware | Terms
| Wireless |
View current Windows security threats from:
|
