Support Silicon Dojo at:
Layered Security Introduction
Layering Security
Got Root?
Site Survey and Initial Audit
What are we looking at?
Verify what you are told is true is in fact true.
Communicate with all parties and make sure everyone is on the same page.
Security is as much ART as it is a Science.
“Good Security” is in the eye of the check writer…
Operational Security
Securing HOW your organization runs
Physical Security
Locks
Doors
Walls
Patch Management
Update OS, Software, Firmware on computers, servers AND DEVICES
Patch Management Solutions
Software Privileges
Keep people from modifying records
Accounts Within
Quickbooks
Database Apps
Security Policy
OS Level Security
Active Directory is AMAZEBALLS
Lock down abilities to:
Change network settings
Install Software
Use USB ports
Sharing Permissions
Do you have permission to delete the folder that contains the database that you don’t have permission to login to?
Password Policy / Multi Factor Authentication
DON’T CHECK YOUR EMAIL WITH AN ADMIN ACCOUNT!!!
Expiration Time Period
Password Reuse
Password Complexity
Antivirus / Antimalware/ Antispyware
Verify what your solution does
Central Management
Proper License?
Scaleable?
Standardization
Firewalls
Make sure you don’t break something
Make sure you understand your environment
Should you use a Firewall, or turn off server services (Should SSH be available?)
Layered Networking
Siloing Servers
Subnet Logical Business Units or Physical Locations
Parallel Networking in “Converged” Environments
Understand how VLANs work and Vulnerabilities in your equipment
Services
Server Services
FTP
HTTP
VPN
Administrative Services
SNMP
ICMP
Backups
Not necessarily to tape
Backup of Database tables
Disaster Recovery
How long until services are accessible?
Failover
DRaaS
Intrusion Detection
Honey Pots
Systems to detect intrusions and issues
Service Agreements
HELP!!!
Auditing
Never Stop Auditing!
