Scribd
Upload
17 views3 pages

Network Security Policy Best Practices

The document outlines the importance of a security policy in organizations, detailing how to implement network security measures effectively. It discusses various aspects such as device security, internet access, VPN, port communication, wireless LAN, remote connection, and firewall rules, emphasizing the need for layered security and adherence to best practices. The document serves as a guide for establishing comprehensive network security policies to protect critical assets and maintain operational integrity.

Uploaded by

shippinggbi2019
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
17 views3 pages

Network Security Policy Best Practices

The document outlines the importance of a security policy in organizations, detailing how to implement network security measures effectively. It discusses various aspects such as device security, internet access, VPN, port communication, wireless LAN, remote connection, and firewall rules, emphasizing the need for layered security and adherence to best practices. The document serves as a guide for establishing comprehensive network security policies to protect critical assets and maintain operational integrity.

Uploaded by

shippinggbi2019
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd

Abstract

A security policy designates an organization’s security controls, without specifying


technologies, as well as offers high-level directives on acceptable and unacceptable actions to
protect critical assets. A policy should also be applied throughout the organization in a
consistent manner and provide a reference for employees to operate their typical activities.
The previous article dealt with data privacy and integrity norms, and in the continuation of
this series, this article provides a complete understanding about how to impose network
security policies onto devices, protocols, communication or else in generic and uniform
manner. This part will focus on best practices and methodologies of network security in the
form of policies, instead of the actual implementation

Network Security Policy


There is no definitive mechanism for protecting a network because any security system can be
subverted or compromised, if not from the outside then certainly from the inside. Ultimately
to secure a network is to implement different layers of security so that an attacker must
compromise two or more systems to gain access to critical assets. The first step in enforcing
policies is to define the policies that will be enforced. Security measures often restrict
personnel in their operating practices and make some activities less convenient which results
in a temptation to boost security regulations. Network policies are, therefore, govern how a
network should be implemented and configured to streamline employee’s operation in
ordinary conditions as well as guides how to react during the occurrence of abnormalities. In
this context, the following section explains the imposition of policies measures of each term
or principle of network security to protect information and systems.

Device Security
You will most likely identify different network segments with different security requirements
while designing security for your network. For instance, some servers will need to be
accessible by the employees. Some of on the other hand will be openly accessible. Hence, to
implement security for different divisions or subdivision, you will erect perimeters that can
only be crossed by certain types of traffic in the form of Public network, Private network, and
semi-private network. The limitations of such network segments are founded by devices such
as a router, gateway, bridge, and switch which are capable of regulating and controlling the
flow of packets into and out of the segment. Communication and monitoring devices are
typically deployed in the network for various purpose, must be configured properly according
to requirement and accessed on the ground of given privilege and profile of users as well as,
their inbuilt software most up to dated. Apart from that following measure should be taken in
the context of device security as

1. The company must sign an NDA to each employee about not disclosing the details of
deployed devices inside the perimeter.
2. Regularly applied patches and security updates released by vendors.
3. ACL should be maintained to permit or deny TCP and UDP traffic.
4. Services must be disabled if they are not in use.
Internet Access
Internet access policies include automatically blocking of all websites identified as
inappropriate (especially social media related sites) for company user. Moreover, internet
access should be based on the work nature of the employee. The Internet constructs a network
topology in itself and connects various crucial assets of the company for example server,
account sections, etc. therefore, must be filtered, and monitored properly before wielding.

VPN Policy
VPN provides a means to protect data while it travels over an untrusted network. VPN is
intended for employee use of organization-owned computer system only. All kind of remote
access to corporate network should be routed via VPN with a valid corporate-approval,
standard operating system along with appropriate security patches. Access to company
computer from home via the internet should not be allowed. To protect the network when
VPN are used for remote user access, the security administrator should ensure that adequate
protection is implemented over endpoints by applying L2TP with IPSec. Moreover, VPN
vendors include firewalling functionality in their client to filter traffic.

Port Communication Policy


Communication ports either inbound or outbound at the workstation for unnecessary services
must strictly be in the blocked state apart from essential service such as HTTP, HTTPS, etc.
as it being mostly noticed that ports open for several services opened needlessly, that typically
induces the hacker to breach the system with ease. Such security measures could be applied
by the system administrator at Firewall end as the first line of defense. Hence, a workstation
that does directly communicate to the internet must be limited to use only authorized
communication services or ports in inbound connection.

Wireless LAN Policy


To stop the possible abuse of wireless network, there should be proper user authentication
ensured along with the appropriate replacement of WEP and anomaly tracking mechanism on
wireless LAN. Moreover, 802.11i security measures such as TKIP, CCMP should be
employed for encryption. At the same time, there is the following list of suspicious events on
wireless LAN which should always consider for intrusion detection as;

 Beacon frames from unsolicited access point


 Flood of unauthenticated frames (MITM attack)
 Multiple incorrect SSID on closed network
 Frames with duplicated MAC address.
 Randomly changing MAC address
Remote Connection Policy
Data security is becoming a vital issue as more organizations establish network links between
their employees to share information and increase productivity. As personnel more often
prefer to work from home, security begins with a terminal session between an authorized user
and a remote host on a network and user can perform all functions as if he were actually on
the remote host. At the same, mismanagement of user credentials can lead to exploitation too.
Hence, direct access to critical server or system of an organization should be strictly in
restricted mode via remote login or SSH utility in exception to authorized user. However,
encrypted access could be permissible.

Firewall Rules Policy


When a user connects to an insecure, open network, such as the Internet, he opens a large
doorway for potential attacks. One of the best ways to defense against exploitation from the
insecure network is to employ firewalls at the connection point end, as it is a necessity to
safeguard their private networks and communication facilities. There should be rules
enforcement policy varies to the type of firewall and resource deployment on the network as.

 In the case of dedicated server access, an application proxy firewall must be placed
between the remote user and dedicated server to hide the identity of the server.
 Secondly, if the requirement of traffic filtering based on source and destination IP/Port
address, packet-filtering firewall placement is quite useful which augment speed of
transmission too.
 On the other hand, when speed is not a concern, state table (stateful inspection
firewall) filters configuration at the network is an appropriate choice which
dynamically validates the connection and forwards the packet.
 Moreover, NAT should also be employ as it complements the use of firewalls in
providing an extra measure of security for an organization’s internal network,
especially preventing DDOS or many SYN flooding attacks.
 If you need a higher level of control than is available by preventing an IP address from
communicating with your server, IP packet filtering can be used.

You might also like