Planning Distributed Security |
To develop your network security deployment plan, complete the tasks listed in Table 11.4.
Table 11.4 Security Planning Task List
Task | Location in Chapter |
---|---|
Identify the security risks that apply to your network. Tabulate and explain them in the plan. | Security Risks |
Provide background material on security concepts and vocabulary to orient the reader of your plan. | Security Concepts |
Introduce and explain the security strategies that address the risks in your plan. | Distributed Security Strategies |
Ensure that all access to network resources requires authentication using domain accounts. | Authenticating All User Access |
Determine what part of the user community needs to use strong authentication for interactive or remote access login. | Authenticating All User Access |
Define the password length, change interval, and complexity requirements for domain user accounts and develop a plan to communicate these requirements to the user community. | Authenticating All User Access |
Define your organization policy to eliminate transmission of clear text passwords on any network and develop a strategy to enable single sign on or protect password transmission. | Authenticating All User Access |
Identify a plan to deploy public key security for smart card logon if strong authentication meets your security objectives. | Smart Card Logon |
Describe your policy for enabling remote access for users. | Remote Access |
Develop a plan to communicate remote access procedures, including connection methods, to general user community. | Remote Access |
Identify how your organization currently uses groups and establish conventions for group names and how group types are used. | Applying Access Control |
Describe the top-level security groups you intend to use for broad security access to enterprise-wide resources. These are likely to be your enterprise universal groups. | Applying Access Control |
Describe your access control policies with specific reference to how security groups are used in a consistent manner. | Applying Access Control |
Define the procedures for creating new groups and who has responsibility to manage group membership. | Applying Access Control |
Determine which existing domains belong in the forest, and which domains use external trust relationships. | Establishing Trust Relationships |
Describe your domains, domain trees, and forests, and explicitly state the trust relationships among them. | Establishing Trust Relationships |
Define a policy for identifying and managing sensitive or confidential information and your requirements to protect sensitive data. | Enabling Data Protection |
Identify network data servers that provide sensitive data that might require network data protection to prevent eavesdropping. | Enabling Data Protection |
Develop a deployment plan for using IPSec for protection data for remote access or for accessing sensitive application data servers. | Enabling Data Protection |
If using EFS, describe your Data Recovery Policy, including the role of Recovery Agent in your organization. | Encrypting File System |
If using EFS, describe the procedures you plan to use to implement data recovery process and verify that the process works for your organization. | Encrypting File System |
If using IPSec, identify the scenarios for how it will be used in your network and understand the performance implications. | IP Security |
Define domain-wide account policies and communicate those policies and guidelines to the user community. | Setting Uniform Security Policies |
Determine the local security policy requirements for different categories of systems on the network, such as desktops, file and print servers, e-mail servers. Define the Group Policy security settings appropriate to each category. | Setting Uniform Security Policies |
Define application servers where specific security templates can be used to manage security settings and consider managing them through Group Policy. | Setting Uniform Security Policies |
Apply appropriate security templates for systems that upgrade from Windows NT 4.0 instead of a clean install. | Security Templates |
Use security templates as a means of describing the level of security you intend to implement for different classes of computers. | Security Templates |
Develop a test plan to verify your common business applications run correctly under properly configured secure systems. | Deploying Secure Applications |
Define what additional applications are needed that provide enhanced security features to meet your organization security objectives. | Deploying Secure Applications |
State the levels of security you require for downloaded code. | Authenticode and Software Signing |
Deploy internal procedures for implementing code signing for all in-house developed software that is publicly distributed. | Authenticode and Software Signing |
State your policies for securing the Administrator account and the administration consoles. | Managing Administration |
Identify the situations where you plan to delegate administrator control for specific tasks. | Delegation |
Identify your policies regarding auditing, including staffing. | Auditing |