.NET Framework Security
Checklist: Securing Your Network
 

Patterns and Practices home

Improving Web Application Security: Threats and Countermeasures

J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Microsoft Corporation

Published: June 2003

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.

Contents

How to Use This Checklist Router Considerations Firewall Considerations Switch Considerations

How to Use This Checklist

This checklist is a companion to Chapter 15, "Securing Your Network." Use it to help secure your network, or as a quick evaluation snapshot of the corresponding chapters.

This checklist should evolve as you discover steps that help implement your secure network.

Router Considerations

CheckDescription
Aa302346.z02bthcm01(en-us,MSDN.10).gifLatest patches and updates are installed.
Aa302346.z02bthcm01(en-us,MSDN.10).gifYou subscribed to router vendor's security notification service.
Aa302346.z02bthcm01(en-us,MSDN.10).gifKnown vulnerable ports are blocked.
Aa302346.z02bthcm01(en-us,MSDN.10).gifIngress and egress filtering is enabled. Incoming and outgoing packets are confirmed as coming from public or internal networks.
Aa302346.z02bthcm01(en-us,MSDN.10).gifICMP traffic is screened from the internal network.
Aa302346.z02bthcm01(en-us,MSDN.10).gifAdministration interfaces to the router are enumerated and secured.
Aa302346.z02bthcm01(en-us,MSDN.10).gifWeb-facing administration is disabled.
Aa302346.z02bthcm01(en-us,MSDN.10).gifDirected broadcast traffic is not received or forwarded.
Aa302346.z02bthcm01(en-us,MSDN.10).gifUnused services are disabled (for example, TFTP).
Aa302346.z02bthcm01(en-us,MSDN.10).gifStrong passwords are used.
Aa302346.z02bthcm01(en-us,MSDN.10).gifLogging is enabled and audited for unusual traffic or patterns.
Aa302346.z02bthcm01(en-us,MSDN.10).gifLarge ping packets are screened.
Aa302346.z02bthcm01(en-us,MSDN.10).gifRouting Information Protocol (RIP) packets, if used, are blocked at the outermost router.

Firewall Considerations

CheckDescription
Aa302346.z02bthcm01(en-us,MSDN.10).gifLatest patches and updates are installed.
Aa302346.z02bthcm01(en-us,MSDN.10).gifEffective filters are in place to prevent malicious traffic from entering the perimeter
Aa302346.z02bthcm01(en-us,MSDN.10).gifUnused ports are blocked by default.
Aa302346.z02bthcm01(en-us,MSDN.10).gifUnused protocols are blocked by default.
Aa302346.z02bthcm01(en-us,MSDN.10).gifIPsec is configured for encrypted communication within the perimeter network.
Aa302346.z02bthcm01(en-us,MSDN.10).gifIntrusion detection is enabled at the firewall.

Switch Considerations

CheckDescription
Aa302346.z02bthcm01(en-us,MSDN.10).gifLatest patches and updates are installed.
Aa302346.z02bthcm01(en-us,MSDN.10).gifAdministrative interfaces are enumerated and secured.
Aa302346.z02bthcm01(en-us,MSDN.10).gifUnused administrative interfaces are disabled.
Aa302346.z02bthcm01(en-us,MSDN.10).gifUnused services are disabled.
Aa302346.z02bthcm01(en-us,MSDN.10).gifAvailable services are secured.

Patterns and Practices home

Page view tracker