Export (0) Print
Expand All

Planning Task List for Distributed Security

To develop your network security deployment plan, complete the tasks listed in Table 11.4.

Table   11.4 Security Planning Task List

Task

Location in Chapter

Identify the security risks that apply to your network. Tabulate and explain them in the plan.

Security Risks

Provide background material on security concepts and vocabulary to orient the reader of your plan.

Security Concepts

Introduce and explain the security strategies that address the risks in your plan.

Distributed Security Strategies

Ensure that all access to network resources requires authentication using domain accounts.

Authenticating All User Access

Determine what part of the user community needs to use strong authentication for interactive or remote access login.

Authenticating All User Access

Define the password length, change interval, and complexity requirements for domain user accounts and develop a plan to communicate these requirements to the user community.

Authenticating All User Access

Define your organization policy to eliminate transmission of clear text passwords on any network and develop a strategy to enable single sign on or protect password transmission.

Authenticating All User Access

Identify a plan to deploy public key security for smart card logon if strong authentication meets your security objectives.

Smart Card Logon

Describe your policy for enabling remote access for users.

Remote Access

Develop a plan to communicate remote access procedures, including connection methods, to general user community.

Remote Access

Identify how your organization currently uses groups and establish conventions for group names and how group types are used.

Applying Access Control

Describe the top-level security groups you intend to use for broad security access to enterprise-wide resources. These are likely to be your enterprise universal groups.

Applying Access Control

Describe your access control policies with specific reference to how security groups are used in a consistent manner.

Applying Access Control

Define the procedures for creating new groups and who has responsibility to manage group membership.

Applying Access Control

Determine which existing domains belong in the forest, and which domains use external trust relationships.

Establishing Trust Relationships

Describe your domains, domain trees, and forests, and explicitly state the trust relationships among them.

Establishing Trust Relationships

Define a policy for identifying and managing sensitive or confidential information and your requirements to protect sensitive data.

Enabling Data Protection

Identify network data servers that provide sensitive data that might require network data protection to prevent eavesdropping.

Enabling Data Protection

Develop a deployment plan for using IPSec for protection data for remote access or for accessing sensitive application data servers.

Enabling Data Protection

If using EFS, describe your Data Recovery Policy, including the role of Recovery Agent in your organization.

Encrypting File System

If using EFS, describe the procedures you plan to use to implement data recovery process and verify that the process works for your organization.

Encrypting File System

If using IPSec, identify the scenarios for how it will be used in your network and understand the performance implications.

IP Security

Define domain-wide account policies and communicate those policies and guidelines to the user community.

Setting Uniform Security Policies

Determine the local security policy requirements for different categories of systems on the network, such as desktops, file and print servers, e-mail servers. Define the Group Policy security settings appropriate to each category.

Setting Uniform Security Policies

Define application servers where specific security templates can be used to manage security settings and consider managing them through Group Policy.

Setting Uniform Security Policies

Apply appropriate security templates for systems that upgrade from Windows NT 4.0 instead of a clean install.

Security Templates

Use security templates as a means of describing the level of security you intend to implement for different classes of computers.

Security Templates

Develop a test plan to verify your common business applications run correctly under properly configured secure systems.

Deploying Secure Applications

Define what additional applications are needed that provide enhanced security features to meet your organization security objectives.

Deploying Secure Applications

State the levels of security you require for downloaded code.

Authenticode and Software Signing

Deploy internal procedures for implementing code signing for all in-house developed software that is publicly distributed.

Authenticode and Software Signing

State your policies for securing the Administrator account and the administration consoles.

Managing Administration

Identify the situations where you plan to delegate administrator control for specific tasks.

Delegation

Identify your policies regarding auditing, including staffing.

Auditing

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft