Network Security Management

Network security management can be one of the most imposing tasks to set your mind to; how exactly do you go about ensuring the functionality, security and general health of an entire network?

“Over 70% of organisations report having been compromised by a successful cyber attack in the last 12 months” – David Shephard at NetIQ

Not only does the task cover a huge base of potential entry points for the aspiring hacker, but the field on which your battles are fought is constantly changing.

Routine system updates can sometimes prove just as dangerous as dubious software installs from unverified vendors, and given enough time, vulnerabilities in your system security will be uncovered.

However, by running this network security management checklist regularly (we recommend once every fortnight), you can protect your system and prepare for the worst.

From locking down potential access points to backing up important data, read on to cover your network with the security it needs.

First things first; you need to record some important information such as the date this checklist was run and the technician who is carrying it out.

This is primarily to ensure that you have a running record of when your network security management checklist was last run and who by.

In the event of a breach, you will be able to look into these records and assess who was not thorough enough as well as the window of opportunity when the vulnerability must have appeared.

Two-factor authentication should be set up for every single one of your users already, and should also be enforced for new user sign-ups, but new applications recently installed system-wide may need setting up.

If you’re using Google Apps, you’ll be able to see exactly who has 2FA enabled from within the admin control panel.

Follow the sub-checklist below to check whether there are users who aren’t 2FA activated yet.

Here you will see the “2-Step Verification Enrolment” tab, and the users not yet set up with 2FA will be marked as “Not Enrolled”. Record your findings below.

It’s possible that some of your new users may have slipped through the cracks and won’t have 2FA enabled yet. In that case, you should send them a friendly reminder email about how and why they should enable 2FA.

Lucky for you, this checklist contains a pre-formatted email for issuing a 2FA reminder, auto-filled with the relevant details to make your life easier. 

Before you send anything, set the deadline date for 2FA activation.

Now all you need to do is fill out the emails of the users who need to be reminded, then once everything looks good, hit “Send”.

Whatever email filter system you are using, you should test that it is working correctly. Within your filtration settings, you should have control over a number of parameters, including the ability to block certain domains and file types.

Follow the sub-checklists below to test that your email filters are working as they should be.

Next, perform the same test, but this time for a specific file type.

Old, inactive accounts pose a security threat and should be disabled in a timely manner. 

You can check which user accounts haven’t been logged on within the past 90 days by running a simple command in the Linux terminal whilst logged into a server machine as admin:

lastlog -b 90

Check that everything in this list looks right, and then run the following command to both print the output to a text file and disable all the user accounts listed:

lastlog -b 90 | tail -n+2 | grep -v 'Never log' | awk '{print $1}' | tee -a ~/usermod-L.log | xargs -I{} usermod -L {}

Remote access audit logs can be a major flag for unauthorized access to your network, and so they must be reviewed.

You should keep an eye out for any users logging on under suspicious circumstances, such as in the middle of the night, or signing into the system despite already being in the office working.

Suspicious logins should be flagged and followed up by contacting the account owner to enquire as to their reasoning. If they refuse knowledge of the log-in, check for any sensitive data that was accessed during the logged on period and take measures to ensure the account’s security (eg; change passwords or even temporarily suspend the account).

You need to make backups, for everything, regularly. Ideally, it should be automated. 

Your job is to be the custodian of the backups. Best practice backup processes rely on real people checking that the automated processes are running properly, and testing that the backups are actually working.

Checking that backups are happening is a must – but it’s also crucial that you make sure those backups are working. Take a random sample from the most recent backup and try loading it onto a machine to see if it works. Three backups should be tested to get a more reliable result. 

If there are problems with the test images, then you should perform extensive testing to get to the route of the problem.

This may include re-making and re-testing system-wide backup images or switching the backup process that’s currently in use to a new one.

For all systems, both server and workstation, a comprehensive list should be maintained and appended as and when new systems are integrated into the network.

Open up your database and add the details of new server and workstation computers.

Check out our guide to IT naming conventions for some best practice tips on how to organize your itinerary database.

Security patch management is one of the largest points of failure in any computer network, and often holes appear as a result of bad processes for systems maintenance.

Whilst building a complete security patch management process is out of the scope of this checklist, check off the sub-tasks below to keep on top of the latest updates and employ best practice for computer and software inventory management:

Each device in your network should be able to produce comprehensive event logs that can be reviewed and filtered to help gain insight on emergent issues and security threats. 

Part of your routine network security protocol should include a check of these logs to make sure that they’re being recorded as expected, and also to make sure nothing unusual has been detected.

No doubt you already have a system in place to ensure all your endpoints are secure – but every good network security protocol will incorporate regular checks like this to make sure all existing systems are foolproof.

Seqrite offers a web-based graphical interface with comprehensive reports of the health of all system endpoints. Endpoint threats such as virus infection, urgent security patches and more have alerts enabled for immediate action.

To see the reports for Seqrite’s EPS tools, follow these steps:

Firewall security should be checked regularly, and there are a few things you can do to test out just how secure your system actually is.

Before you start, you should take the following measures to be sure your testing does not compromise the network:

The first method involves using a service like openphish to test out whether your firewall blocks that page as a threat.

Now try entering a botnet command from this public list to see if your firewall catches it.

Finally, you should check to see which ports are open/forwarded and perform a port scan with Nmap. 

If the firewall security test did not perform as expected, then you should evaluate your firewall configuration.

This essentially involves looking at the different settings available and tightening the security a bit more. If one of the tests from the previous task failed, it’s likely the result of a certain filter not being active, or a certain parameter being disabled. 

Review the sub-checklist below and consider what might have caused the firewall security test to fail.

Fire up your antivirus weapon of choice and run a routine virus and malware test.

Antivirus is a preventative measure, not a perfect solution to every problem. It’s hard to know if your antivirus is even doing its job sometimes.

You can test out the resilience of your antivirus software by downloading an EICAR file designed to simulate a virus or malware infection. This is completely safe and will indicate whether or not your antivirus is doing its job.

The full process is outlined in the sub-checklist below.

Your antivirus should flag the EICAR file and quarantine it accordingly. If this is not the case, you should seriously consider switching to another antivirus software.

Following the EICAR test, you are set up for a full system scan:

For the most streamlined experience for both user and administrator, regular server and workstation maintenance needs to be carried out. 

As with any electronic system, poor care can lead to a degradation of part quality, and ultimately, performance.

You’ve updated your list of each and every computer active in your network, so now all you need to do is put each and every one through routine maintenance.

We’ve got you covered – check out both our Server Maintenance Checklist as well as the Computer Maintenance Guide for the full maintenance process.

Following these steps, you’ll have everything you need to ensure tight network security. Just check off the sub-tasks below:

• David Shephard – 84 Fascinating & Scary IT Security Statistics
• Cisco – Network Security Checklist
• GFI – The Ultimate Network Security Checklist
• Solarwinds – IT Security Management Checklist
• J. Craig Lowery – A Checklist for Network Security
• FireHOL – Firewall Testing
• Pete Lindstrom – A Patch in Time: Considering Automated Patch Management
• SearchSecurity – Six Steps For Security Patch Management Best Practices
• NetworkWorld – Best Practices For Network Security Management
• SearchSecurity – Week 1: The Security Manager’s Daily Checklist
• Rochester Institute of Technology – Network Security Documentation Checklist
• ITSColumn – Key Considerations For Your IT Security Management Checklist
• QualityManager123 – Network Security Management Security Audit Checklist

• Inventory Management Process
• Client Data Backup Best Practices
• Computer Maintenance Guide
• Server Setup Process
• Virtual Private Server Setup
• IT Support Process
• Helpdesk Management
• Server Maintenance Checklist
• Server Security Checklist
• Information Security Incident Response
• SQL Server Audit Checklist