Checklist: Securing Your Network

 

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

patterns & practices Developer Center

Improving Web Application Security: Threats and Countermeasures

J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Microsoft Corporation

Published: June 2003

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.

Contents

How to Use This Checklist Router Considerations Firewall Considerations Switch Considerations

How to Use This Checklist

This checklist is a companion to Chapter 15, "Securing Your Network." Use it to help secure your network, or as a quick evaluation snapshot of the corresponding chapters.

This checklist should evolve as you discover steps that help implement your secure network.

Router Considerations

CheckDescription
Ff648249.z02bthcm01(en-us,PandP.10).gifLatest patches and updates are installed.
Ff648249.z02bthcm01(en-us,PandP.10).gifYou subscribed to router vendor's security notification service.
Ff648249.z02bthcm01(en-us,PandP.10).gifKnown vulnerable ports are blocked.
Ff648249.z02bthcm01(en-us,PandP.10).gifIngress and egress filtering is enabled. Incoming and outgoing packets are confirmed as coming from public or internal networks.
Ff648249.z02bthcm01(en-us,PandP.10).gifICMP traffic is screened from the internal network.
Ff648249.z02bthcm01(en-us,PandP.10).gifAdministration interfaces to the router are enumerated and secured.
Ff648249.z02bthcm01(en-us,PandP.10).gifWeb-facing administration is disabled.
Ff648249.z02bthcm01(en-us,PandP.10).gifDirected broadcast traffic is not received or forwarded.
Ff648249.z02bthcm01(en-us,PandP.10).gifUnused services are disabled (for example, TFTP).
Ff648249.z02bthcm01(en-us,PandP.10).gifStrong passwords are used.
Ff648249.z02bthcm01(en-us,PandP.10).gifLogging is enabled and audited for unusual traffic or patterns.
Ff648249.z02bthcm01(en-us,PandP.10).gifLarge ping packets are screened.
Ff648249.z02bthcm01(en-us,PandP.10).gifRouting Information Protocol (RIP) packets, if used, are blocked at the outermost router.

Firewall Considerations

CheckDescription
Ff648249.z02bthcm01(en-us,PandP.10).gifLatest patches and updates are installed.
Ff648249.z02bthcm01(en-us,PandP.10).gifEffective filters are in place to prevent malicious traffic from entering the perimeter
Ff648249.z02bthcm01(en-us,PandP.10).gifUnused ports are blocked by default.
Ff648249.z02bthcm01(en-us,PandP.10).gifUnused protocols are blocked by default.
Ff648249.z02bthcm01(en-us,PandP.10).gifIPsec is configured for encrypted communication within the perimeter network.
Ff648249.z02bthcm01(en-us,PandP.10).gifIntrusion detection is enabled at the firewall.

Switch Considerations

CheckDescription
Ff648249.z02bthcm01(en-us,PandP.10).gifLatest patches and updates are installed.
Ff648249.z02bthcm01(en-us,PandP.10).gifAdministrative interfaces are enumerated and secured.
Ff648249.z02bthcm01(en-us,PandP.10).gifUnused administrative interfaces are disabled.
Ff648249.z02bthcm01(en-us,PandP.10).gifUnused services are disabled.
Ff648249.z02bthcm01(en-us,PandP.10).gifAvailable services are secured.

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.


© Microsoft Corporation. All rights reserved.

Show: