Planning Task List for Distributed Security
To develop your network security deployment plan, complete the tasks listed in Table 11.4.
Table 11.4 Security Planning Task List
Task |
Location in Chapter |
|---|---|
Identify the security risks that apply to your network. Tabulate and explain them in the plan. |
Security Risks |
Provide background material on security concepts and vocabulary to orient the reader of your plan. |
Security Concepts |
Introduce and explain the security strategies that address the risks in your plan. |
Distributed Security Strategies |
Ensure that all access to network resources requires authentication using domain accounts. |
Authenticating All User Access |
Determine what part of the user community needs to use strong authentication for interactive or remote access login. |
Authenticating All User Access |
Define the password length, change interval, and complexity requirements for domain user accounts and develop a plan to communicate these requirements to the user community. |
Authenticating All User Access |
Define your organization policy to eliminate transmission of clear text passwords on any network and develop a strategy to enable single sign on or protect password transmission. |
Authenticating All User Access |
Identify a plan to deploy public key security for smart card logon if strong authentication meets your security objectives. |
Smart Card Logon |
Describe your policy for enabling remote access for users. |
Remote Access |
Develop a plan to communicate remote access procedures, including connection methods, to general user community. |
Remote Access |
Identify how your organization currently uses groups and establish conventions for group names and how group types are used. |
Applying Access Control |
Describe the top-level security groups you intend to use for broad security access to enterprise-wide resources. These are likely to be your enterprise universal groups. |
Applying Access Control |
Describe your access control policies with specific reference to how security groups are used in a consistent manner. |
Applying Access Control |
Define the procedures for creating new groups and who has responsibility to manage group membership. |
Applying Access Control |
Determine which existing domains belong in the forest, and which domains use external trust relationships. |
Establishing Trust Relationships |
Describe your domains, domain trees, and forests, and explicitly state the trust relationships among them. |
Establishing Trust Relationships |
Define a policy for identifying and managing sensitive or confidential information and your requirements to protect sensitive data. |
Enabling Data Protection |
Identify network data servers that provide sensitive data that might require network data protection to prevent eavesdropping. |
Enabling Data Protection |
Develop a deployment plan for using IPSec for protection data for remote access or for accessing sensitive application data servers. |
Enabling Data Protection |
If using EFS, describe your Data Recovery Policy, including the role of Recovery Agent in your organization. |
Encrypting File System |
If using EFS, describe the procedures you plan to use to implement data recovery process and verify that the process works for your organization. |
Encrypting File System |
If using IPSec, identify the scenarios for how it will be used in your network and understand the performance implications. |
IP Security |
Define domain-wide account policies and communicate those policies and guidelines to the user community. |
Setting Uniform Security Policies |
Determine the local security policy requirements for different categories of systems on the network, such as desktops, file and print servers, e-mail servers. Define the Group Policy security settings appropriate to each category. |
Setting Uniform Security Policies |
Define application servers where specific security templates can be used to manage security settings and consider managing them through Group Policy. |
Setting Uniform Security Policies |
Apply appropriate security templates for systems that upgrade from Windows NT 4.0 instead of a clean install. |
Security Templates |
Use security templates as a means of describing the level of security you intend to implement for different classes of computers. |
Security Templates |
Develop a test plan to verify your common business applications run correctly under properly configured secure systems. |
Deploying Secure Applications |
Define what additional applications are needed that provide enhanced security features to meet your organization security objectives. |
Deploying Secure Applications |
State the levels of security you require for downloaded code. |
Authenticode and Software Signing |
Deploy internal procedures for implementing code signing for all in-house developed software that is publicly distributed. |
Authenticode and Software Signing |
State your policies for securing the Administrator account and the administration consoles. |
Managing Administration |
Identify the situations where you plan to delegate administrator control for specific tasks. |
Delegation |
Identify your policies regarding auditing, including staffing. |
Auditing |