Computerworld | Time for a stand-down review
From the column:
Here are some basic computer security checks you can do for your own stand-down review:
* Do a complete inventory of all managed assets.
* Inventory all installed software and remove unauthorized software.
* Review running server services and remove unnecessary software.
* Inventory security permissions and implement correct security permissions.
* Inventory user accounts and remove unused accounts.
* Review the number of highly privileged accounts and who needs them.
* Review router and firewall access control lists.
* Review password policy and enforce complex passwords.
* Review physical protection of assets.
* Review patch management success.
* Do a spread spectrum analysis on network traffic and review any unexpected protocols.
* Review anti-virus infrastructure success.
* Review e-mail security policy.
* Review small computer security policies for potential management efficiencies.
* Review security automation tool success.
* Review software programming secure coding practices.
* Review backup policies and audit success.The key is that reviewing and implementing all the things we are always told to do will provide more bang-for-the-buck security than all the expensive, specialized security devices you can purchase.
A good overview of some immediate checks you can do within your environment.
