Firewall & Security Policy Checklist
Its important to evaluate your security measures once in a while, try to regularly check your corporate security policies after a major change or before adding a security product to your infrastructure. move on these steps:
- Identify wihich Resources must be secure and which order of priority (Risk Management).
- determine minimum Security needs for WAN connections like:
-Employee remote VPN
-Employee and vendor Broadband
- The Security team must have quick access to Network Documentation: Network diagrams, trending data, Protocol Utilization, Data points, configuration Documentaion.
- The Security team must know how systems should be restored
- The information disclosure policy must address the following relationship to a security issue:
-what information is shared?
-is information shared with others?
-Mission critical information
- Provide a way of documenting security violation reports, for example: denied access messages,failed passwords, login attempts and attempts to access back doors.
- Provide alternative communication methods for intrusions and penetrations.
- Establish Cycle of updates to secure your computers and changing any security policies.
- Review the legality of your Security policies and procedures.
- Review Lessons learned:
-Does you Intrusion detection system work?
-How does your responce procedures work?
-Do you provide the correct steps to neutralize any threats?
-What happened? what did not work?
These steps can help you measure your corporate overall security, from the perspective of products, policies, procedures, backup and disaster recovery.