This security plan is our first. We will take a broad view of the security risks facing the firm and take prompt action to reduce our exposure. Everyone remembers the virus attack we had earlier this year, and we hope to avoid another disaster like that! However, I hope that by taking a wider view, we may be able to plan for threats we don’t know about yet.
I realize that we are limited in time, people, and (of course) cash. Our main priority is to continue to grow a successful business. We cannot hope for Central Intelligence Agency (CIA)-like security, and it wouldn’t be good for our culture to turn Adventure Works into
I am taking responsibility for leading this review and ensuring that all the action items are carried out. I am concerned about the risks we face, although having reviewed the plan, I am sure we can address them properly. This project has my full support and is a high priority for the business.
User Security Steps :
- Select, purchase, and install a hardware firewall (or ask our ISP or technology consultant to provide one).
- Enable Windows Firewall on the server and on all desktop computers.
- Make sure that antivirus software is installed on all computers and that it is set to automatically update virus definitions.
- Configure computers running Office Outlook 2003 to use Junk E-mail filtering. Select, purchase, and install spam-filtering software on the mail server, if necessary.
- On the wireless network, disable service set identifier (SSID) broadcasting, choose and configure a sensible SSID, enable WPA encryption, enable MAC filtering, and configure the access point to allow traffic only from the desktop and laptop computers in the office.
- Replace the four computers running Windows 98 with computers running Windows XP Professional with SP2.
- Review all machines to make sure that they are fully updated, and set them to automatically refresh those updates.
- Buy new, nondescript laptop computer bags and locks.
- Security mark all desktop computers, laptop computers, and their components.
- Log all serial numbers.
- Buy and install desk security locks for desktop computers.
- Find a suitable, lockable room for the server and move it there.
- Review backup and restore procedures. Ensure that user data is either stored on the server or copied across regularly prior to backups. Implement daily backups. Ensure that a full backup goes offsite once a week. Ensure that the backup is password protected and encrypted. Review paper documents, and make photocopies for secure offsite storage of critical documents.
- Configure Small Business Server 2003 and individual machines to enforce reasonably strong passwords. Discuss with users what would be an acceptable balance of convenience and security. (We don’t want them writing down their new passwords.)
- Configure workstations to log users out and require a password to log on again if the workstation is idle for more than 5 minutes.
- Buy cheap printers for accounts, HR, and the two directors so that they can have private documents printed securely.
This plan was developed by Matthew, Managing Director of Adventure Works, in cooperation with other key members of the Adventure Works staff
Popularity: 16% [?]
1) - there is no such thing as ‘hardware firewall’. all of them are software. maybe you mean ‘dedicated box’ with ‘ pre instaled closed source software’. The only true in this is that the fw should be dedicated box.
3) should be 2)
4) is almost not relevant, except that you should have ‘first line’ antivirus and antispam on the mail server. policy deny the people to use other, web based and such mail systems and chats.
5) trash the wireless, or at least dump it on a different lan/vlan W/O any access to the main lan/s. best - sell it and purchase an hacker course for your management to explain why.
12 should become “zero” - just before 1.