Security Implementation

20 pts.
Tags:
information assurance
Security
Security management
With the recent spate of news stories about the apparent information assurance/security failures that have come to light as a result of the events that transpired between Aaron Bar and Anonymous, I’ve been discussing security program implementation with my classmates at the Universtity of Advancing Technology. We've argued back and forth about what could have been done differently but I wanted to see what kind of guidance the security administrators of the world might have to offer in regards to security implementation frameworks with these kinds of incidents in mind. I know there are quite a few security frameworks and guidance available, but I wanted to keep it as simple as possible.  With that in mind, I’ve started out by looking at a document from the NSA titled “The 60 Minute Network Security Guide (First Steps Towards a Secure Network Environment)”. To me, this document looks like your basic how-to on locking down any system you might be using. It covers Windows, Unix, and even breaks out into firewalls and intrusion detection systems. It appears to be a good start, but as it states, it was written with the less experienced administrators and Information Systems Managers in mind. Have any of the more experienced admins or Information Systems Managers on this site used this guide or something similar, and if so what kind of “gotchas” have you come across? Is this just a good baseline, but really lacking when it comes to actually managing the security of your environment?  If not, do you have any other/better suggestions on implementing security in an organization that would be less likely to lead to events like those suffered by HBGary?

Answer Wiki

Thanks. We'll let you know when a new response is added.

The article you mention “The 60 Minute Network Security Guide (First Steps Towards a Secure Network Environment)” covers a few great and time-proven methods for hardening your system. However, the last REAL update to it was 29 March 2006. (in computer years, thats a LONG time ago)

Using the concepts in the document are great, but with the official IANA IPv4 depletion announcement, you also have to add in, at least from the Networking (Routing/Switching) perspective, new filters/ACLs for IPv6-formatted addresses and other technologies and standards that have come about since the document was published.

Another great over-view can be found at www.net-security.org

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Subhendu Sen
    I read this thread twice, but could not understand actually what do u want ! There r several Q's on one thread.... sorry I confused
    29,210 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following