Network Security Review

BoomAM

BoomAM

BoomAM

Soldato
Joined
5 Jul 2003
Posts
16,206
Location
Atlanta, USA
Hi,
Im currently in the process of writing a network security review of our work network, to cover everything from user level stuff to physical security of servers. So everything basically. :p

Im trying to come up with topic titles for each section, and just to check i havnt missed nout out, can people suggest sections that would need to go in please?

I have upto now
  • User Security - Their passwords & assets
  • User Security - What they can access thats not theres
  • Server Security - Who can access which server via RDP
  • Server Security -Who can physically access the servers
  • Server Security - Service Accounts
  • Server Security - Enterprise/Domain Admin accounts
  • General bad practices for users
  • AUP & whats missing
  • Overall Risk Analysis
  • What will change - role based permissions
  • What will change - permissions on computers that arnt your own
  • What will change - server access
  • What will change - Enterprise/Domin admin acccess.
Bare in mind that the above are just temp titles to make it easier to see whats what. lol.

Thanks in advance all. :)
 
Ev0 said:
I'd maybe put something in about configuration of equipment, eg. do you harden your servers after building and if so how are they audited to ensure so?

Do you run vulnerability scans against the infrastructure to highlight any potential vulnerabilities?
Click to expand...
Harden/run scans? No, lol.
Whilist i'd like to, its simply not possible to do.
Standard practice for servers is install, configure, test, do first backup, make live.
After that, the GPO's kick in and enable a few things here and there but thats about as far as it goes 'hardening' wise.
 
Ev0 said:
Fair enough, guess it depends how far you want to go with the seucirty stuff :)

Vuln scans pick up on a lot of stuff that you either just don't think about or forget (or just don't care about!), but it's all relative as to how secure you need things to be.
Click to expand...

To be honest, its mainly user centric stuff i want to concentrate on.
Such as changing permissions so that only certain dept's can access certain areas, so that people cant see more than they need, and locking down the enterprise & domain admin logins to almost nil.
Although server stuff is handy to implement at the same time, as theres 4-5 people who can access almost everything, yet have no need to.
 
Some good stuff here.:)
I dont think i'll be using all of it, as some arnt applicable and some might be ott for my uses, but still all suggestions welcome and are good for seeding ideas. :)
 
You must log in or register to reply here.
Back
Top Bottom