The ultimate network security checklist

 If you are in charge of network security, either because you work on the IT security team or you are the entire IT team, here is a simple list that you can follow, broken down by category. Which includes some tips and tricks to get the job done.

Submitted for approval, the ultimate network security checklist. It is a document that provides you with the information security areas you need to focus on, as well as specific settings or best practices to help you protect your environment from internal and external threats. Using this checklist as a starting point and working with the rest of your IT, administration, human resources, and legal advisory team, you can create the ultimate network security checklist for your specific environment. It is an important distinction; no two networks are the same, and business requirements, regulatory and contractual obligations, local laws, and other factors will influence your company's specific network security checklist, so don't think all your work is done. You will have to modify this to suit your own environment, but rest assured that most of the work is done!

We will break this list down into broad categories for your convenience. Some of the breakdowns may seem arbitrary, but you have to draw lines and separate paragraphs at some point, and that's where we draw ours.

User accounts

Let's be honest. Users are the weakest link in any network security scenario. But since they are also the reason we have IT and more to the point ... a job ... we have to make sure that we take care of them and that they take care of us. That is why they come first on this list.

Training

Before a user obtains a network account, they need training on what to do, what not to do, and how to protect themselves and the network. This must be done first and repeatedly, with at least one annual review and update.

Individual accounts

There is no shared account ... ever! Make sure each user gets a unique account that cannot be assigned to them. Make sure they know that the penalty for revealing their credentials to another is tickling death.

Separation between normal user and privileged user accounts

This applies more to system administrators who read this than to end users, so do what we say and not what you do ... be sure to log in with a regular account and authenticate with your privileged account only when you have to. do manager work. Otherwise, you never know when you can accidentally click on something running with these elevated privileges.

Multi Factor authentication

If you look at every major stunt that's been in the news for the past two years, from TJ Max to Target, Premera, and the Office of People Management ... one thing could have stopped them all. Two-factor authentication. Each of these hacks started with compromised credentials that were simply a username and password. The annoying thing about all this is that OPM was supposed to be using 2FA already, but it wasn't. Of course, most of the government doesn't either. It has finally changed, but it is a bit late for the millions of people whose personal information has been stolen.

Update information

Keep the data updated on your system. Be sure to get contact information, job titles, managers, etc. They are updated every time there is a change, so if you need to search for something about a user, they have what they need, not their phone number from seven years ago when they were first hired.

Examine group memberships when roles change

With minimal privileges, it should be standard operating procedure to review and modify group memberships and other access privileges when a user changes jobs. If your new role does not require access to the resources your old role gave you, remove that access.

Accounts are not shared between test and production, or between two external services.

This is critical. If you have multiple environments, it can be very tempting to share credentials between them. This makes a compromise much more likely to occur, especially if the lab or UAT environment does not have the same security measures as production, or if hacking from an external service could reveal your information. identification that could then be used to log in. other services. Pop quiz ... is your username and password for Facebook the same as for Twitter? If you answered yes, you are wrong.

Disable outdated accounts. Delete the very old ones.

Run a scheduled task to deactivate and report on all accounts that have not been used to authenticate in a fixed period of time. I think two weeks is fine, but most would say 30 days. Perform another run at least once a month to identify accounts that have been deactivated for 90 days and delete them. Old accounts can be "resurrected" to provide access, through social engineering or ups. Don't be a victim.