Embed Size (px)
Citation preview
Threats
Continue reading on next page >
CRAIG PETERSØN.COM
NET
WO
RK
CY
BER
SECU
RIT
Y C
HEA
T S
HEE
T22
1
© 2019 Craig Peterson. All Rights Reserved.
more vulnerable your networkbecomes
Every Business facesthreats from manydirections. Each timeyou add devices, users,and applications the
NETWORKCYBERSECURITY
CHEAT SHEET
Closely monitor all traffic -Monitor the activity logs fornetwork traffic coming into andout of your firewall. It isimportant that these reports
1.
4
Network Security Basics
entering or infiltrating through your dataand computer systems is referred to asnetwork security. It includes managementof both hardware and softwaretechnologies. Using a combination ofdefensive security layers at the networkedge and throughout the system, itexecutes policies and controls that blockmalicious actors from deploying theirexploits and attacks while providing accessto employees supporting businessoperations.
Operations designed toprotect the integrity andfunctionality by targeting avariety of threats andstopping them from
2
Network Security for SMB
are read and analyzed carefully. You can not simplyrely on alerts to flag dangerous activity. Assignsomeone on your team who thoroughlyunderstands the data and is trained to take thenecessary action.2. Stay up on the latest threats - Watch for thediscovery of any new threats as they are postedonline. I recommend subscribing to email alertsfrom the U.S. Computer Emergency Readiness Team(US-CERT, a division of Homeland Security) on anyrecently confirmed software vulnerabilities andexploits.3. Update frontline defenses regularly - It isimportant that you have a strong frontline defenseat your network edge. Make sure your firewall andantivirus, anti-malware software is secure byenabling regular updates.4. Employee Awareness Training - Employee regulartraining for employees to assure they maintainsecurity awareness understand your acceptable usepolicy. Whenever you make changes to your policiesbe sure to provide training on why the changes weremade, how it affects them and why the changeswere necessary.
Network Security Benefits
your customers and employees demand.
Network security protectsyour reputation byprotecting proprietaryinformation from attackwhile delivering the services
3
CRAIG PETERSØN.COM
(CONTINUED)
Everyone is responsible for security. If anyone inyour organization notices anything suspicious or outof the ordinary they should notify the appropriateperson immediately.5. Protect against data loss - Data loss prevention(DLP) solutions protects your sensitive business dataand information from data breaches or unwantedcompromise of sensitive data. These systemsidentify, classify, and track the movement ofconfidential data throughout the enterprisepreventing unauthorized disclosure of data withdisclosure policies.
4
2. Access Control - The principle of leastprivilege (POLP), is a security design principlethat restricts user and program privileges toonly those necessary for the required job.
a. Make least privilege the default for allaccounts.b. Elevate privileges on a situational andtimed basis only. c. One-time use permissions are a good wayto provide necessary access whilemaintaining control.d. Monitor and track all network activity,including individual logins, system changes,and access requests. e. Ensure a flexible access managementplatform is in place so that privileges can besecurely elevated and easily downgraded.f. Identify and separate high-level systemfunctions from lower-level functions.g. Regularly audit privileges granted to usersand applications for relevance.
3. Application security - Application securityencompasses the hardware, software, andprocesses you use to close those vulnerabilitiesin applications that attackers can use to breachand infiltrate your network.4. Behavioral analytics - These types of toolsautomatically discern activities that deviate fromthe norm. They are used to better identifyindicators of compromise that pose a potentialproblem and quickly remediate threats.5. Data loss prevention - These technologiestools can stop people from uploading,forwarding, or even printing critical informationin an unsafe manner.6. Firewalls - Create a barrier between yourtrusted internal network and untrusted outsidenetworks, such as the Internet using a set ofdefined rules to allow or block traffic. Thesecome as either a hardware, software, or both.
5Security Solutions (con't)
Network Security for SMB(con't)
NETWORKCYBERSECURITY CHEAT SHEET
5 Security SolutionsThere are a number of securitysolutions that extend yourperimeter defenses and can assistyou in protecting your networkwhile promoting expeditious
business operations.Anti-Virus and Anti-Malware Software: Theseproducts are commonly usedinterchangeably as they both refer tosoftware designed to detect, protect against,and remove malicious software. Whileantivirus software uses a method ofsignature-based threat detection to protectyou from viruses and it works to a degree.Anti-malware on the other hand, detectsthreats by using heuristic techniques thatlook for malicious behavior and suspiciousactivity by scrutinizing the overall structure,programming logic, and data. It looks forthings like unusual instructions or junk codeto identify threats it has never seen before.
1.
CRAIG PETERSØN.COM
(CONTINUED)
6. Intrusion Protection System (IPS) - Scans allnetwork traffic to actively block attacks by correlatinghuge amounts of global threat intelligence to notonly block malicious activity but also track theprogression of suspect files and malware across thenetwork to prevent the spread of outbreaks andreinfection.7.Mobile Device Security - Cybercriminals areincreasingly targeting mobile devices and apps. Youneed to control which devices are allowed to accessyour network and configure their connections tokeep network traffic private.8. Network Segmentation - Using software-definedsegmentation allows network traffic to be classifieddifferently in order to make enforcing securitypolicies easier. With these systems can assign accessrights based on role, location, and more so that theright level of access is given to the right people andsuspicious devices are contained and remediated.9. Virtual Private Network (VPN) - Is responsible forencrypting the connection from an endpoint to anetwork, often over the Internet. Using IPsec orSecure Sockets Layer to authenticate thecommunication between device and network.10. Web Security - A web security solution willcontrol your staff’s web use, block web-basedthreats, and deny access to malicious websites. It willprotect your web gateway on site or in the cloud.
3 Security Solutions (con't)
NETWORKCYBERSECURITY CHEAT SHEET
1. Policies and Rules - At minimum you shouldimplement and enforce the following:
Acceptable Use PolicyInternet Access PolicyEmail and Communications PolicyNetwork Security PolicyRemote Access PolicyBYOD PolicyEncryption PolicyPrivacy Policy
2. Provision Servers - Your servers are wheremost of your company’s most valuable dataresides. Create a server deployment checklist,and make sure each of the following steps areperformed before any server is put intoproduction.
Create Server listNamePurposeIP.addressDate of serviceService tag (if physical)Rack location or default hostOperating systemResponsible person
Assign Responsible party per serverUse Naming conventionConfigure NetworkInstall IP Address Management (IPAM)Perform patching Install Anti-Virus/Anti-MalwareInstall Host Intrusion ProtectionInstall Remote AccessEmploy UPS and Power SavingRename administrator account and setpasswordSet local group memberships and assignpermissionsCreate organizational units with appropriatepolicies
© 2019 Craig Peterson. All Rights Reserved. Continue reading on next page >
Get Started Now 6
Confirm reporting to management consolesDisable unnecessary servicesConfigure SNMPInstall AgentsPerform complete backupRestore from backupPerform Vulnerability ScanSign into Production
3. Deploy WorkstationsCreate Workstation listAssign the userUse naming conventionConfigure the networkPerform PatchesInstall Anti-Virus/Anti-MalwareConfigure Host Intrusion Prevention/FirewallEnable Remote Access (one method) Deploy Power SavingAssign DomainsCreate Administrator AccountSet local group memberships and assignpermissionsCreate organizational units with appropriatepoliciesConfirm reporting to management consolesPerform complete backupRestore from backupSet EncryptionPerform Vulnerability Scan
4.Network EquipmentCreate Network Hardware ListConfigure NetworkInstall IP Address Management (IPAM)
Get Started Now (con't)6
CRAIG PETERSØN.COM
(CONTINUED)
NETWORKCYBERSECURITY CHEAT SHEET
Perform patching Install Remote AccessUse unique credentialsConfigure SNMPPerform complete backupRestore from backupPerform Vulnerability Scan
SwitchesServerComputers (Desktops/Laptops)Printers/ScannersNetwork SwitchesADSL ModemUse VLANs for SegregationSet port restrictions of promiscuous devicesand hubsDisable ports not assigned to specific devicesFirewalls
Explicit Permits/Implicit DeniesLogging & AlertsRouters & Routing Protocols
Vulnerability ScansWeekly external scanCompare differences weeklyInternal Scans monthly
BackupsTape/Hard Disk RotationDestruction of Old Tapes/DisksSecure Offsite StorageEncryptionRestricted Access to Backup OperatorsGroupRegularly Complete full restores
Remote AccessSet up Approved methodMaintainTwo-Factor Authentication
Get Started Now (con't) 6
© 2019 Craig Peterson. All Rights Reserved. Continue reading on next page >
Regular reviewsSet and enforce strong lockout policiesConfigure VPNs
8. Wireless NetworkingSSIDEncryptionAuthenticationGuest NetworkBYOD
9. EmailEmail Filtering - inbound and outboundConfirm edge device rejection rulesDeploy mail filtering on full range of emailthreats
10. Internet AccessEncryptionMalware ScanningBandwidth RestrictionsPort Blocking
11. File SharesRemove "the everyone" and authenticated usergroupsLeast PrivilegeGroupsAvoid Deny Access
12. Log Solution and Correlation13. Time Management for syncing
Get Started Now (con't)6
CRAIG PETERSØN.COM
(CONTINUED)
NETWORKCYBERSECURITY CHEAT SHEET
© 2019 Craig Peterson. All Rights Reserved.
The information and content in this document is provided for informational purposes only and is provided “as is”with no warranty of any kind, either express or implied, including but not limited to the implied warranties of
merchantability, fitness for a particular purpose, and non-infringement. We are not liable for any damages,including any consequential damages, of any kind that may result from the use of this document. The informationis obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of thedata provided, we make no claim, promise or guarantee about the completeness, accuracy, recency or adequacy ofinformation and is not responsible for misprints, out-of-date information, or errors. We make no warranty, express
or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any informationcontained in this document.
If you believe there are any factual errors in this document, please contact us and we will review your concerns assoon as practical.
