"The enemy, the Baizhanbudai, the unknown and the bosom friend, one wins a loss, does not know, does not have the bosom friend, every war will be dangerous." "Grandson (ancient Chinese military strategist)."
The words of the grandson can still resonate with us today. Organizations can gain a foothold in the ongoing cyber-security battle only by understanding their enemies and their strengths and weaknesses. Do not raise awareness of the importance of network security after an organization is attacked by cyber attacks. We should resist cyber attackers.
Several ways to ensure institutional networks improve adaptability and resilience our annual report investigates and analyzes the annual global cyber threat, so we created the following tactical network security checklist based on the 2016 Internet Threat Report (ISTR).
- Ensure that all devices on the corporate network are adequately protected.
Use proactive monitoring and configuration management to update the directory of Enterprise network connectivity devices in a timely manner. These devices include servers, workstations, laptops, and remote devices.
- Implement the mobile media usage policy.
If possible, restrict unauthorized devices, such as external portable hard drives and other removable media. This device can intentionally or unintentionally introduce malware, making it easier for cyber attackers to infringe intellectual property. If the system allows the use of external media devices, it should be automatically scanned before the device is connected to the network, and data Loss Prevention (DLP) scenarios are used to monitor and restrict others from copying confidential data to unencrypted external storage devices.
- actively update and patch related programs.
Updates to patch and remove outdated dangerous browsers, applications, and browser plugins. This approach is also applicable to the operating system and not only to the operating system of the computer, but also to the operating systems of mobile phones, Internet Connection Sharing (ICS), and IoT devices. Update the definition of viruses and intrusion prevention in a timely manner using the vendor-provided automatic upgrade feature. Most software vendors are aggressively patching software vulnerabilities; However, only field-installed patches can be effective. If possible, you should choose to automatically download patches to protect your organization's network from vulnerability attacks.
-
ensures that the password is strong enough and consists of at least 8-10 characters mixed with letters and numbers. Encourage users to avoid using the same password on multiple websites, and prohibit users from risk passwords with others. You should change your password regularly-at least once every 90 days.
- ensure regular backups.
regularly creates and maintains backups for critical systems and endpoints. In the event of a security or data emergency, you should be able to easily backup to minimize service disruption and employee downtime.
- restrict receipt of email attachments.
Configures the mail server to block or remove e-mail attachments that are commonly used to spread viruses, such as. VBS,. BAT,. Exe. PIF, and. SCR file. Companies should investigate policies that allow PDF files to be sent as attachments to email messages. Ensure that your mail server is adequately protected by using security software and scanning your messages completely.
- ensure appropriate anti-infection and incident response procedures are in place. ??
- Make it easy for you to get contact information for your security service provider. After one or more systems are infected, you should know who to contact and what steps to take.
- Ensure that an appropriate backup and recovery solution is in place to recover lost or destroyed data after a successful network attack or a catastrophic loss of data.
- Identify infected systems with network gateways, endpoint security solutions, and post-infection detection capabilities of firewalls.
- Isolate the infected computer, prevent further infection by the organization network, and then restore the computer using a trusted backup medium.
- If the network service is exploited by malicious code or some other malicious software, these services should be disabled or blocked prior to the release of the patch.
After performing these best practices, be sure to test, test, and test again. Do you regularly update security solutions? Do you know how your team will respond to data breaches? In order to prevent this, you should not only constantly test the relevant safety technology, but also should be evaluated by the solution management team.
From for notes (Wiz)
Tactical Network Security Checklist | Symantec Connect
