Building and securing networks
- Plan for network security: address all security requirements and issues in selecting network and server and deployment including the management policy, technical training and outsourcing requirements and address security
- Design physical and environmental security: e.g. put critical assets such as network communication lines, servers, switches, firewalls and file servers in server room or a secured area.
- Design network security model by zoning i.e. segregation of network according to security requirements, e.g. the office network is totally isolated from the Internet, or the company servers and computers are located behind the firewall, or set up a demilitarized zone (DMZ) network. Unsecured or unmanaged systems should not be allowed to make connection to internal network.
- Configure firewalls and network routers: harden the firewall and router by limiting the administrative access to specified locations, closing unnecessary network services for incoming and outgoing traffic or using encrypted communication channel for administration.
- Configure servers: e.g. secure the server operating system by uninstalling unnecessary services and software, patch the system timely and disable unused accounts.
- Filter virus and malicious code: anti-virus software with up-to-date signature should be installed in desktop and network servers to prevent the spread of virus / worm.
- Manage accounts and access privileges: e.g. access rights should be granted on an as-needed basis and should be reviewed regularly.
- Develop backup and recovery strategies
- Develop security management procedure: e.g. security log monitoring procedure, change management procedure or patch management procedure.
- Maintain good documentation of configuration and procedure