©dr. respickius casmir network security best practices – session 2 by dr. respickius casmir
TRANSCRIPT
![Page 1: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/1.jpg)
©Dr. Respickius Casmir
Network Security Best Practices – Session 2
By
Dr. Respickius Casmir
![Page 2: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/2.jpg)
©Dr. Respickius Casmir
Outline
Introduction to IT Security Best Practices The Security Team Security Policy Enforceability Minimum Security Requirements
![Page 3: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/3.jpg)
©Dr. Respickius Casmir
Introduction to Security Best Practices
Best practices in network security are more about the what and why of securing the organization's information assets than about the how.
The IT Security Policy is a formal definition of an organization's stance on security, meaning what is allowed and what is not allowed.
![Page 4: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/4.jpg)
©Dr. Respickius Casmir
Introduction to Security Best Practices (2)
Policy statements, in particular "Acceptable Use" statements, define users' roles and responsibilities and can be stated as general high-level statements that cover all network systems and data within the organization. The statements should include acceptable use of systems and data for ALL categories of USERS including the system administrator.
![Page 5: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/5.jpg)
©Dr. Respickius Casmir
Introduction to Security Best Practices (3)
The intent of this policy is to clearly define the purpose, providing guidelines and responsibilities. The policy should also identify specific actions that could be taken in response to a violation of security policy, including disciplinary action. Put it in print and post it on the walls.
![Page 6: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/6.jpg)
©Dr. Respickius Casmir
Introduction to Security Best Practices (4)
Security awareness training is a MUST to make the policy enforceable.
All employees must be aware of the security policy and if possible every employee sign on a copy of the acceptable-use statement.
![Page 7: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/7.jpg)
©Dr. Respickius Casmir
The Security Team
The security team needs to be a cross-functional team with participants from every operational area. The team is responsible for policy awareness and enforcement as well as being informed on the technical aspects of the security architecture. The team is also responsible for responding to security breaches and reporting to senior management. .
![Page 8: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/8.jpg)
©Dr. Respickius Casmir
The Security Team (2)
The security team should also be responsible for approving security changes, or alternatively, a security team member should sit on the change management team. Monitoring the security of the network, creating an incident response process that includes being part of the restoration team when a loss occurs – they are all responsibilities of the security team.
![Page 9: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/9.jpg)
©Dr. Respickius Casmir
Security Policy Enforceability
In order for a policy to be enforceable, it needs to be
Consistent with other corporate policies Accepted by the network support staff as well
as the appropriate levels of management Enforceable using existing network
equipment and procedures Compliant with local and national laws.
![Page 10: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/10.jpg)
©Dr. Respickius Casmir
Minimum Security Requirements
1. Software patch updates 2. Anti-virus software 3. Host-based firewall software 4. Passwords 5. No unencrypted authentication 6. No unauthenticated email relays 7. No unauthenticated proxy services 8. Physical security 9. Unnecessary services
![Page 11: ©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir](https://reader036.vdocuments.mx/reader036/viewer/2022082518/5697bfef1a28abf838cb9cc4/html5/thumbnails/11.jpg)
©Dr. Respickius Casmir
Conclusion
Remember that it is impossible to completely secure distributed systems. The goal is to create security awareness and implement security mechanisms, minimize risk and maximize the use of technology.