The best and most important practice is
the creation and enforcement of I.T security policies, there must also have the
system specific rules to address the policies for the individual systems &
data. The policies can address or point to any security controls from password
to backup, applications to servers. The most important of all is the proper use
of the I.T resources. Each and everyone in the organization must have to
understand his responsibility, must use the I.T resources in a limit. All the
I.T security policies or other policies have to be available in the
organizations intranet.The
best of all practice is to have DMZ (Demilitarized)
zone. DMZ is logical network separating LAN (Local Area Network) from the Internet (Untrusted Network.). DMZ provides the extra layer of security as it
restricts the attackers or someone else to access the internal servers and data
via internet. Any service that is being provided to users on the Internet
should be placed in the DMZ. The most common of these services are: Web, Mail, and
FTP.
There are various ways to design a network with a DMZ. The two most common methods are with a single or dual firewalls. These architectures can be expanded to create very complex architectures depending on the network requirements. A single firewall with at least three network interfaces can be used to create a network architecture containing a DMZ. The external network is formed from the ISP to the firewall on the first network interface, the internal network is formed from the second network interface, and the DMZ is formed from the third network interface. Different sets of firewall rules for traffic between the Internet and the DMZ, the LAN and the DMZ, and the LAN and the Internet tightly control which ports and types of traffic are allowed into the DMZ from the Internet, limit connectivity to specific hosts in the internal network, and prevent unrequested connections either to the Internet or the internal LAN from the DMZ.
A more secure approach is to use two firewalls to create a DMZ. The first firewall also called the perimeter firewall is configured to allow traffic destined to the DMZ only. The second or internal firewall only allows traffic from the DMZ to the internal network. This is considered more secure since two devices would need to be compromised before an attacker could access the internal LAN.
Always keep the inventory of all the devices (Laptops, desktops, routers, switches, and firewalls including the Operating Systems installed on each devices etc.), provide the limited internet access, user’s must not have the access to USB, CD-ROM or other peripheral devices.
The users must not have the administrative rights.
Antivirus have to be installed on all the system and must be up-to-date, auto scanning have to be configured.
No unauthorized & Unwanted software must be installed which are not meeting the organization need and requirement.
Different departments users must have their data kept on the shared drive over file server must be permitted to access only their departmental folder.
Always have training session for the user’s to make them aware of the new trend in information security.
Don’t ever click on to the attachment in the spam mail.
Don’t use your official mail Id on non-business sites.
Always lock the system if you are not on the desk.
Have the clear desk policy clear your desk before going to home at end of the day.
Always shutdown the system if you are no longer in the office.
There are various ways to design a network with a DMZ. The two most common methods are with a single or dual firewalls. These architectures can be expanded to create very complex architectures depending on the network requirements. A single firewall with at least three network interfaces can be used to create a network architecture containing a DMZ. The external network is formed from the ISP to the firewall on the first network interface, the internal network is formed from the second network interface, and the DMZ is formed from the third network interface. Different sets of firewall rules for traffic between the Internet and the DMZ, the LAN and the DMZ, and the LAN and the Internet tightly control which ports and types of traffic are allowed into the DMZ from the Internet, limit connectivity to specific hosts in the internal network, and prevent unrequested connections either to the Internet or the internal LAN from the DMZ.
A more secure approach is to use two firewalls to create a DMZ. The first firewall also called the perimeter firewall is configured to allow traffic destined to the DMZ only. The second or internal firewall only allows traffic from the DMZ to the internal network. This is considered more secure since two devices would need to be compromised before an attacker could access the internal LAN.
Always keep the inventory of all the devices (Laptops, desktops, routers, switches, and firewalls including the Operating Systems installed on each devices etc.), provide the limited internet access, user’s must not have the access to USB, CD-ROM or other peripheral devices.
The users must not have the administrative rights.
Antivirus have to be installed on all the system and must be up-to-date, auto scanning have to be configured.
No unauthorized & Unwanted software must be installed which are not meeting the organization need and requirement.
Different departments users must have their data kept on the shared drive over file server must be permitted to access only their departmental folder.
Always have training session for the user’s to make them aware of the new trend in information security.
Don’t ever click on to the attachment in the spam mail.
Don’t use your official mail Id on non-business sites.
Always lock the system if you are not on the desk.
Have the clear desk policy clear your desk before going to home at end of the day.
Always shutdown the system if you are no longer in the office.
Comments
Post a Comment