Announcement

Collapse
No announcement yet.

network security hardning document

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • network security hardning document

    Dear All,

    I have to create hardning document for my network. But I have not exact idea of creating this sort of document. If any one has solution Please give it to me.

    Thanks & Regards,

    HARRY

  • #2
    Re: network security hardning document

    I created one of these for the server build on a former contract I was working on. I had no idea when I started either!

    First, it needs to specify (in overview) the security environment the servers built using the build will be operating in; the subnets, where the firewalls are, internet connectivity, etc. Also specify what role the build is targeted at; i.e. do you build servers with the intention they will be DCs and then soften them from there for other roles?

    Then it will specify the "Patch Status" of the server at build, and the patching environment it will operate within - i.e. are you using WSUS, PatchLink, SMS etc to patch the servers.

    You should specify any Security Vuln scanning you have had done on a server built using this build.

    In the fine details, you should specify what security products are running within the OS (e.g. Internet Explorer Enhanced Security Config, Windows Firewall etc) and what additional security products are installed (e.g. Anti-Virus, Third Party Firewall etc) and how they are configured (what central server they connect to etc). You should list the services which are running/stopped/disabled/enabled, and any security related registry/local policy changes which are applied to the build.

    This document will likely run to at least 50 sides of A4; and you may think of other security related actions and configs which you need to document. The list above serves as a reasonable start, nothing more. Anything else will depend upon your local configuration and setup.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: network security hardning document

      p.s. This was a hardening document for a server build... obviously this is only useful as a "sort of thing" guide for a network document; but you can see where I was going with it, and the sort of structure expected of a document like this.


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: network security hardning document

        I'd also like to add the ubiquitous reference. I too have looked around for server hardening guidelines and found an embarrassment of information on the 'net. I'd recommend parsing through the www.SANS.org and csrc.NIST.gov web sites. The NIST site is geard mostly towards American government standards for computer security, but can of course be applied to any situation in any country and/or business. csrc.NIST.gov also offers information for hardening desktop computers (I'm sure SANS does as well, but can't verify it at the moment).

        Oh, and remember: You can harden your server OS all you want, but if everyone and their dog can get into the server room your efforts are in vain. Yes, I realize that network security does reduce the pool of attackers to only those that have physical access to the machines, but it's still something to keep in mind.
        Last edited by Nonapeptide; 25th August 2008, 17:14.
        Wesley David
        LinkedIn | Careers 2.0
        -------------------------------
        Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
        Vendor Neutral Certifications: CWNA
        Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
        Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

        Comment

        Working...
        X