Contact:http://www.packetnexus.com
Essential Action Lists There are three levels of security actions: LevelOne Security Actions In LevelOne, security, system, and networking administrators make the computing environment less vulnerable by correcting flaws in the software installed on their computers and by implementing technical controls. Each action is usually authorized and controlled by a policy. 1.1 - Implement online warnings to inform each user of the rules for access to your organization's systems. Without such warnings, internal and external attackers can often avoid prosecution even if they are caught. 1.2 - Establish a protective net of filters to detect and eradicate viruses - covering workstations (PCs), servers, and gateways. Ensure that virus signatures are kept up-to-date. 1.3 - Make sure that back-ups are run regularly, that files can be restored from those backups, and that sysadmins have up-to-date skills needed to run special backups on all systems immediately in case an attack is detected. Without good backups, small security breaches can become calamities - both in terms of financial loss and time wasted. 1.4 - Enable logging for important system level events and for services and proxies, and set up a log archiving facility. Systems without effective logging are blind and make it difficult to learn what happened during an attack, or even whether an attack actually was successful. 1.5 - Perform system audits to learn who is using your system, to assess the existence of open ports for outsiders to use, and to review several other security-related factors about your system. 1.6 - Run password-cracking software to identify easy-to-guess passwords.* Weak passwords allow attackers to appear as "authorized" users. That allows them to test weaknesses until they find ways to take control of those systems. 1.7 - Install a firewall and enhance the firewall rule sets to block most sources of malicious traffic. Running a network system without a firewalls is equivalent to leaving the doors of your house unlocked in a dangerous neighborhood. 1.8 - Set access control lists (ACLs) on routers. *** Routers can provide an extra layer of protection. 1.9 - Scan the network to create and maintain a complete map of systems to which you are connected. 1.10 - Use network-based vulnerability scanners to look for any of the 22 LevelOne vulnerabilities and correct those that are found.** The LevelOne vulnerabilities have been developed in conjunction with the Common Vulnerabilities and Exposures project, a partnership of Government, industry and academia. 1.11 - Implement the latest applicable patches, remove or tighten unnecessary services, and tighten system settings on each host operating system (as described in SANS Step-by-Step guides). 1.12 - Establish a host-based perimeter. 1.13 - Implement a file integrity (cryptographic fingerprinting) system to ensure that you can tell which files were changed in an attack. 1.14 - Select an incident response team and establish the procedures to be used to respond to various types of attacks. For many smaller organizations and for any organization whose business does not depend on the internet-based commerce or on the public trust, the actions of LevelOne may be sufficient if coupled with an ongoing monitoring system to ensure that new problems are uncovered and solved quickly. For most large organizations, however, and those for whom public trust means survival, higher levels of security action are required. * Each action on this list should be preceded by the creation of policies that authorize the action. Several of the actions, and this one in particular, must be fully and carefully covered by policy