TC2027

Network Security Policies

Directly from googles search “security policies”. I came first to the definition of security policy just like that. Security Policy is a document with a protection plan on physical and information technology assets. Then I came to the definition of “network security policy” and that is a generic document that specifies or outlines rules for computer network access.

So I guess the second one was the one oriented for this course. With this sort of document organizations can greatly improve the security of their Information and Communications Technologies systems and keep the patched against known vulnerabilities.

cadenero

Security policies must be subject to the  following risks:

-Unauthorized changes to systems (remember.. THE CIA TRIAD OMG)
-Exploitation of unpatched vulnerabilities (Keep those databases updated)
-Exploitation of insecure system configurations (do not draw on intentional vulnerabilities they might cause backdoors).

So to get this sort of risks to be managed, security policies have to:

  • Ensure that updates and system patchs are applied in a timeframe.
  • Maintain hardware and software orientates
  • Conduct regular vulnerability scans
  • Disable unnecessary I/O devices and removable media access
  • Maintain a whitelist and execution control.
  • Limit user ability to change core configurations.

Whitelist: List with authorized applications and software that has permissions to execute.

https://en.wikipedia.org/wiki/Network_security_policy

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s