Planning Distributed Security
Planning Distributed Security |
|
To develop your network security deployment plan, complete the tasks listed in Table 11.4.
Table 11.4 Security Planning Task List
| Task | Location in Chapter |
|---|---|
| Identify the security risks that apply to your network. Tabulate and explain them in the plan. | Security Risks |
| Provide background material on security concepts and vocabulary to orient the reader of your plan. | Security Concepts |
| Introduce and explain the security strategies that address the risks in your plan. | Distributed Security Strategies |
| Ensure that all access to network resources requires authentication using domain accounts. | Authenticating All User Access |
| Determine what part of the user community needs to use strong authentication for interactive or remote access login. | Authenticating All User Access |
| Define the password length, change interval, and complexity requirements for domain user accounts and develop a plan to communicate these requirements to the user community. | Authenticating All User Access |
| Define your organization policy to eliminate transmission of clear text passwords on any network and develop a strategy to enable single sign on or protect password transmission. | Authenticating All User Access |
| Identify a plan to deploy public key security for smart card logon if strong authentication meets your security objectives. | Smart Card Logon |
| Describe your policy for enabling remote access for users. | Remote Access |
| Develop a plan to communicate remote access procedures, including connection methods, to general user community. | Remote Access |
| Identify how your organization currently uses groups and establish conventions for group names and how group types are used. | Applying Access Control |
| Describe the top-level security groups you intend to use for broad security access to enterprise-wide resources. These are likely to be your enterprise universal groups. | Applying Access Control |
| Describe your access control policies with specific reference to how security groups are used in a consistent manner. | Applying Access Control |
| Define the procedures for creating new groups and who has responsibility to manage group membership. | Applying Access Control |
| Determine which existing domains belong in the forest, and which domains use external trust relationships. | Establishing Trust Relationships |
| Describe your domains, domain trees, and forests, and explicitly state the trust relationships among them. | Establishing Trust Relationships |
| Define a policy for identifying and managing sensitive or confidential information and your requirements to protect sensitive data. | Enabling Data Protection |
| Identify network data servers that provide sensitive data that might require network data protection to prevent eavesdropping. | Enabling Data Protection |
| Develop a deployment plan for using IPSec for protection data for remote access or for accessing sensitive application data servers. | Enabling Data Protection |
| If using EFS, describe your Data Recovery Policy, including the role of Recovery Agent in your organization. | Encrypting File System |
| If using EFS, describe the procedures you plan to use to implement data recovery process and verify that the process works for your organization. | Encrypting File System |
| If using IPSec, identify the scenarios for how it will be used in your network and understand the performance implications. | IP Security |
| Define domain-wide account policies and communicate those policies and guidelines to the user community. | Setting Uniform Security Policies |
| Determine the local security policy requirements for different categories of systems on the network, such as desktops, file and print servers, e-mail servers. Define the Group Policy security settings appropriate to each category. | Setting Uniform Security Policies |
| Define application servers where specific security templates can be used to manage security settings and consider managing them through Group Policy. | Setting Uniform Security Policies |
| Apply appropriate security templates for systems that upgrade from Windows NT 4.0 instead of a clean install. | Security Templates |
| Use security templates as a means of describing the level of security you intend to implement for different classes of computers. | Security Templates |
| Develop a test plan to verify your common business applications run correctly under properly configured secure systems. | Deploying Secure Applications |
| Define what additional applications are needed that provide enhanced security features to meet your organization security objectives. | Deploying Secure Applications |
| State the levels of security you require for downloaded code. | Authenticode and Software Signing |
| Deploy internal procedures for implementing code signing for all in-house developed software that is publicly distributed. | Authenticode and Software Signing |
| State your policies for securing the Administrator account and the administration consoles. | Managing Administration |
| Identify the situations where you plan to delegate administrator control for specific tasks. | Delegation |
| Identify your policies regarding auditing, including staffing. | Auditing |