Currently implimented: IPS, IDS, Firewall, IAM(includes encryption, SSO, etc.), logging, biometrics, updating and patching, SSL, pen tests (30 day), anti-malware (spyware, virus, rootkit, trojan, etc.), user monitoring, site restrictions, e-mail filtering, policy against social engineering and media import/export, backups, and physical security (ie locks, video surv, etc.)
Can you think of any extras that would make this network more secure?
What extra security measure should be in place for a large scale network?
switch the wedge to an iron and use IPS with ASIC
ensure proper configuration of devices and software
disable the use of java, flash, and other content based scripting
use proxy chains for annon surfing (watch for DNS leak, tho)
get two pit-bulls to guard the server room
Reply:Make sure everyone is updated on policy, test people on them. hire experts to periodically test your system. Shred and if possible burn all physical documents with sensitive data, limit wireless and remote access as much as possible. House backups in a different location.
Reply:if not using disconnect the line.
dentures
No comments:
Post a Comment