Upload
kaitlyn-weeks
View
218
Download
1
Tags:
Embed Size (px)
Citation preview
2
Rule #1: Determine the value of Information that you want to secure
• Then decide on the investments that you need to make.
• The cost of the security solution should not exceed the value of the information
Image taken from http://dailycupoftech.com/10-ways-to-protect-your-home-network/
3
Rule #2: Classify your information
• Also determine who is authorized to access the informationImage taken from http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci995767,00.html
4
Rule #3: Different level of sensitivity will require different security levels.
Image taken from http://www.accessandprivacy.gov.on.ca/english/pub/iaa.html
5
Endpoint Security Management
Image taken from http://www.networkd.co.uk/securitysuite.html
6
Patch Management Apply patches but test before deploying on production servers.
Image taken from http://www.microsoft.com/technet/security/guidance/patchmanagement/secmod193.mspx
7
Windows Patches
Visit http://windowsupdate.microsoft.com for patches. All Critical (Express) patches should be applied
8
Microsoft Update
Get all Microsoft updates in one place: http://www.update.microsoft.com/microsoftupdate
9
Ensure that the anti-virus software is configured to receive the latest updates automatically
Image taken from http://www.secured-networking.com/email_security.htm
10
Host Based Intrusion Detection System (IDS) should be deployed on servers in addition to the network IDS
Image taken from http://www.secureworks.com/services/managed/host_intrusion_prevention.html
11
Protect your Application and database severs via additional firewalls.
• Internet users should not be able to reach the application and database servers directly.
• Only the webserver should be able to access the application servers.
• You should also have another firewall in front of the webserver preferably of a different make than the other firewalls.
Image taken from http://www.dmreview.com/editorial/dmreview/200209/200209_014_1.gif
12
Security Audit - Nessus• You should conduct a weekly audit of your infrastructure
with tools such as Nessus (Freeware)
Snapshot of Nessus product – downloaded from http://www.nessus.org/nessus/
13
Beware of Zero-day Attacks
Image taken from http://www.guardsite.com/ZeroDayProtection.asp
14
Install the Free McAfee SiteAdvisor
Snapshot of page taken from http://us.mcafee.com/root/product.asp?productid=sa&cid=26044
15
Heed the advise given by McAfee SiteAdvisor when downloading software
Google search output - http://www.google.co.in when a search was made for “free networking tools”
16
Subscribe to Security Newsletters
Snapshot of page at http://www.computerworld.com/action/member.do?command=registerNewsletters&intsrc=hm_nav_nl
17
Incident ResponseReport the computer incidents to the National Computer Incident response team. e.g. In India log the incident at http://www.cert-in.org.in/
Snapshot of US-CERT home page at http://www.us-cert.gov/
18
Thank You• T
Image taken from: http://www.shepherd-wireless.com/freequote.html
19
Disclaimer
"The images presented and products referenced are the intellectual property of their respective owners. The use of such images is for non-commercial educational purposes only and no claim otherwise is made regarding the said images."