bembry.org
Home / Technology / Security
Directory_Logo

Network Security Analysis:

  • Run nmap from outside the network to identify open ports
  • Create baseline of existing specifications (free disk space, etc.)
  • Identify all running services. Close unneeded services.
  • Analyze physical security (is server locked in a cage, are switches and routers accessible, etc.)
  • Audit password policies (min length of password, expiration dates, can new match old, etc.)
  • Wireless connections available
  • Ability to boot from floppy or CD
  • CMOS access for setting floppy or CD boot
  • Are all accounts of previous employees and student disabled?
  • Are users assigned to correct groups (for security privileges)
  • Are computers assigned to appropriate subnetworks or OU
  • What logs are being maintained? Are these sufficient for network needs? For example, does network admin need to know who logged in when
  • Are all software applications up to date (containing latest security and bug patches)
  • Is there a "security@organization.com" email on website for folks to contact
  • List of all software that needs to be watched for security updates, etc.
  • Remove guest accounts, or limit logins to specific computers on network especially important for kindergarten level, etc.
  • Are login times in place (i.e. Students cannot login between 9pm and 6am)
  • Do different services have different passwords? (in other words, is the administrative password on a local machine the same as the network administrative password, or the administrator's email password, etc.)
  • Perform a security impact analysis and focus on areas that have the most impact if security is breached. The impact ratings are based on value of information (how hard is it to recreate this info), public exposure (how stupid do we look), denial of business, and ease of attack for areas such as:
    • website
    • email systems
    • accounting systems
    • student management systems (report cards, grades, etc.)
    • desktop virus
    • network uptime
    • desktop software
  • Test anti-virus software on desktop / clients
  • Test web filtering on desktops
  • Are office files accessible from student desktops?
  • Is network information easily available (i.e. Can I find a map of the network online, etc.)
  • What intrusion detection systems are in place?
  • What network monitoring systems are in place?
  • Are default accounts changed in common software? (i.e. Is Accelerated Reader still set for the login "admin" with the password "admin"?)
  • Are disk quotas in place to limit disk usage?
  • Are directory permissions set correctly (do regular users have write access to program directories, etc.). Replace "everyone" access with "authorize users".
  • Check security on printers. Only authorized users should be allowed to print, not "everyone".
  • Use only secure file systems for partitions (no FAT32).
  • Is security set correctly for event logs (accessible only by admin account)
  • Rename "administrator" account
  • Do not display last login name
  • Disable autorun for CDs
  • Avoid using MS Outlook
References:
LabMice checklist
Securing MS Outlook
Restricted access