Infrastructure Security Management
Security breaches now a days are becoming more sophisticated and multifaceted. keeping up to date cyber security defense strategy is the challenge now. Certain areas need to be focused along with adopting best solutions in the market. An Infrastructure Audit is another way to check the gaps and update the network. All the controls need to be checked and implemented to keep secure of the infrastructure.
Below is the security check list with respect to Infrastructure Security;
- Set offline access protection or end point protection on desktops, laptops and servers should be there (BitLocker etc.).
- Implementation of the process execution prevention (AppLocker, BeyondTrust, Avecto, Viewfinity etc.).
- Log centralization, log reviews - searching for the anomalies, certain log error codes. Performing the regular audits of code running on the servers (SIEM, Sysmon, Splunk etc.).
- Maintenance: Backup implementation and regular updating. Take your back up in time and regularly. Use automatic backup solution. (vendor specific solutions, WSUS, etc.).
- Review of the settings and services running on servers and workstations (examples: using the accounts that are not built in, that are too privileged, reviewing service files locations, changing permissions where necessary – Security Description Definition Language, changing accounts to gMSAs where possible.
- Set limitation of the amount of services running on the servers (SCW and manual activities).
- Implementation of the anti-exploit solutions (EMET etc.) and anti-virus solutions (McAfee, Symantec, NOD32 etc.).
- Reviewing the configuration of the client-side firewall and enabling the programs that can communicate through the network only.
- Manage the local administrator’s password.
- Implementation of scoping (role management) for permissions and employee roles (SQL Admins, Server Admins etc.). On the other way, this can be referred as user access management. Establishment of access control policy is also needed.
- Implementation of the network segmentation (VLANs, VPN, IPSec Isolation, 802.1x etc.). Network segregation is very important. All the domains should be separated such as desktop domain, server domain, public access domain, cloud domain, network domain etc.
- Implement Data protection techniques or DLP through out the network.
- Implement Identity Management, Password Management.
- Periodically review configurations and carry out Vulnerability Assessment and Penetration Testing (Internal / External) by internal team or 3rd party vendors.
- Finally, Security Awareness Program among employees and technical training to administrators and new joiners are also important.
Therefore the above points may be considered for strengthening your infrastructure whether its is large, medium or small.
Do you have any comments and suggestions. Feel free to post below.
-DR
No comments:
Post a Comment