Please enable JavaScript.
Coggle requires JavaScript to display documents.
(The Manageable Network Plan, Have you discovered that your network is…
-
-
Have you discovered that your network is insecure? Are your network administrators always running around
putting out fires? Does it seem to be impossible to get anything implemented or fixed on your network? If so,
-
-
The Manageable Network Plan is a series of milestones to take an unmanageable and insecure network and
make it manageable, more defensible, and more secure. The Plan is intended to be a long term solution;
implementing the milestones may take a significant amount of resources and time (possibly months or even
years). But consider: If your network is not manageable, or only barely manageable, it will be very difficult for
you to fully implement any security measures. Once your network is manageable, you will be able to consider
and implement security measures²and verify their implementation²much more efficiently and effectively.
Admins may start shouting, ³We have no free time! How can we do all this???´ Having a manageable network
increases your free time; it allows you to be proactive instead of reactive. And if you do have a huge network,
-
Each RI WKH 3ODQ¶V milestones contains a ³To Do´ list, and may also contain documentation requirements,
points to consider, and ongoing tasks. Ideally, each milestone should be fully implemented before moving on
to the next one, although some milestones can be implemented in parallel. If the earlier milestones are
already implemented on your network, skip ahead to the first one that is not yet fully implemented. To
determine this, each milestone has a checklist. For each question in a milestone¶s checklist, answer Yes or
No; if No, provide an explanation. If you consider the
explanation acceptable from a risk management standpoint,
-
-
-
Yes or Accepts Risk, the milestone is complete. Document
-
future network evaluation finds problems on your network, it
-
you did in some areas, and that changes are needed.
The Plan provides overall direction, offers suggestions, calls
out crucial security tips,
-
and gives references to books,
Web resources, and tools.
-
Every network is different, so
use the Plan milestone ³To Do´ lists, documentation
requirements, and ongoing tasks as a guide, and generate
-
-
network. When developing these tasks, be mindful of any
-
must comply with. Use relevant standards and communityvetted data models (such as SCAP standards,
-
of Defense data models, etc.), so that you can benefit from
-
each task states what is to be done, who is to do it, and
-
-
-
-
-
For information on risk management, see NIST Special Publication 800-39� ³0DQDJing Information Security Risk: Organization,
-
-
These crucial security tips are consistent with the top mitigations noted in the Australian Defence Signals Directorate¶V ³7RS ��
-
3 Note that the tools mentioned have not been evaluated by the NSA and might not be approved for use in your organization.
-
For information on using SCAP, see NIST Special Publication 800-117: ³*XLGH WR $GRSWLQJ DQG 8VLQJ WKH 6HFXULW\ &RQWHQW $XWRPDWLRQ
-
-
In order for this Plan to work, it will require²as with any
-
-
-
The risk of an unmanageable network is that, although it
may be available, it is most likely not secure. It may be
-
-
-
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
Check Yes or No. If No, provide (or provide reference to) an Explanation. If explanation is acceptable from a risk management standpoint, check Accepts Risk.
-
-
-
-
-
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
In order to have any sort of control over your network, you first need to know where everything is. This
milestone and the next focus primarily on gathering information about your network (although the points to
consider may prompt you to investigate making network changes). Note that, depending on your network, it
may be easier to implement Milestones 2 through 5 first for the infrastructure and then for the endpoint
devices, instead of trying to do everything at once.
-
-
network map is stored in a way that is secure, but yet still allows easy updates as
-
± Suggestion: If you have any devices connected by wireless, they should be included on the map.
Connections to any clouds, external networks, and the Internet should also be included on the map.
Create an accurate list of ALL devices (computers, printers, routers, gateways, etc.) on your network. For
each device, record host name, role (its purpose on your network), MAC address (and IP address if
static), service tag, physical location, and operating system or firmware. (Your organization may require
-
± Suggestion: Store this information in a database. Applications can be written to query this database
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
Asset management. The ideal way to keep track of all the devices on your network is to implement a
formal IT inventory (or asset) management process. Such a process can help you keep track of devices
-
-
Update the network map and list of devices any time a device is added to or removed from your network.
Update the list of protocols any time a new protocol is added to your network, or an old protocol is no
-
Periodically use the tools mentioned above to check your network map and your lists of devices and
protocols for accuUDF\�5HPHPEHU�WKH WRROV ZRQ¶t find everything, but they may find things that were
-
-
Check Yes or No. If No, provide (or provide reference to) an Explanation. If explanation is acceptable from a risk management standpoint, check Accepts Risk.
-
-
-
Do you have a current, accurate network map?
Do you have a current, accurate list of ALL devices (computers, printers,
routers, gateways, etc.) on your network, including host name, role, MAC
address, service tag, physical location, and OS/firmware?
Do you have a current, accurate list of ALL protocols that are running
-
-
-
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
-
- Identify the products your organization produces.
- Understand your production process.
- Identify your high-value network assets:
-
-
-
production process, where that data cannot be easily
-
-
sensitive data, i.e., data that would cause your
-
-
-
-
A sound network architecture protects your high-value assets by limiting access to them, provides important
functionality consistent with your business model, and ensures business continuity in the event of a disaster.
-
-
have access to what types of information. For example, the Engineering enclave
has access to the CAD drawings, the HR enclave has access to the personnel files, etc.
-
-
-
-
-
The machines where this data resides (for example,
-
implemented (for example, your domain controllers) are
-
-
-
³VHcWLRQV´ RI \RXU QHWZRUN, such as sections with
different trust levels, or your different enclaves. Ideally,
-
-
sure to identify the FKRNHSRLQWV RQ WKH³HGJH,´ i.e., the
-
-
-
-
Document which systems are dependent on which other systems in your network (system dependencies).
-
Damage containment. Your network should be designed to keep any damage to it contained. A potential
-
defenses: loss of one network asset should not be loss of all. Users on your network may not need open
access to all the information and assets on your network: only allowing access to sensitive information by
-
-
those who need it. For example, Engineering should have access to the CAD drawings, but not the
-
separated, consider redesigning your network architecture and migrating to that new design.
For guidance on network architecture and design, see Top-Down Network Design, Second
Edition by Priscilla Oppenheimer (Cisco Press, © 2004).
For guidance on isolating assets based on security dependencies (specific to a Windows network, but
the general principles apply to any network), see Microsoft Windows Server 2008 Security Resource
Kit by Jesper Johansson (Microsoft Press, © 2008)�&KDSWHU���³6HFXULQJWKH1HWZRUN´�.
-
-
Isolate your wired and your wireless networks, either physically or logically.
Isolate your VoIP and your data networks, either physically or logically.
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
-
-
-
physically, consider using VLANs and/or IPsec Encapsulating Security Payload (ESP).
Keep internal administrative functions, internal user functions, and external user functions
separate: Physically separate server functions onto different servers²for example, a domain
controller should not also be running a customer database. In addition, your servers should never
-
-
-
determine these boundaries. At a minimum, there should be trust boundaries between your
RUJDQL]DWLRQ¶V LQWHUQDO QHWZRUN�WKH H[WHQGHG HQWHUSULVH�DQGWKH,QWHUQHW. This is the idea behind, for
example, putting all your publicly-accessible assets into DMZs (demilitarized zones). There should
also be a trust boundary between your internal network and your remote access users, and there
-
-
± Suggestion: Be sure the choke points on your network are positioned to most effectively protect your highvalue assets. Place security gateways, proxies, or firewalls at your network choke points so that traffic over
them can be monitored and controlled (see the Security Gateways, Proxies, and Firewalls and Network
Security Monitoring Network Security Tasks). Consider placing choke points at your other trust boundaries
as well, and allowing only the approved protocols documented in Milestone 2 to go through. To decrease
your attack surface, limit the number of Internet gateways/access points into your network.
-
-
RUJDQL]DWLRQ¶V mission. Eliminate all those that are not needed. Trust relationships can be exploited
by malicious intruders to gain access to your network. Traditional network defenses (e.g., firewalls,
malware scanners, etc.) cannot defend your network against an exploited trust relationship!
-
Cloud computing. If all or part of your network is intHJUDWHG ZLWK³WKH FORXG´²or you are considering
-
± Suggestion: For more information on the benefits and risks of cloud computing, see the following:
-
-
-
-
Virtualization security. If your network includes virtual servers and/or desktops²or you are considering
using these²be sure that you understand the security implications. For more information, see NIST
-
-
-
-
Physical security. Physical security of your network assets is extremely important! If an adversary can
-
± Suggestion: At the very least, implement some kind of monitored physical access control so that
-
No single points of failure. Are there any single points of failure for critical systems on your network?
These should be eliminated. Think end-to-end when considering this. For example, is all your critical
outgoing network traffic routed through only one physical cable? Even if you have multiple cables out, do
they ever run together, such as through a single conduit under a river? Are both the main and backup
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
Custom Web applications. Do you have custom Web applications facing the Internet? If so, are they
protected and/or are your developers trained in writing secure, robust, and fault-tolerant code?
-
-
-
-
Developing your own security controls can lead to wasted time and security holes. Use the OWASP Enterprise
-
The best place to defend a Web application from malicious activity may be within the application itself. Consider using
-
Legacy systems. Do you have legacy systems and software that your organization depends on? If so,
are they protected from more modern attacks and other misuse? If they ever get compromised, is the rest
-
-
-
± Suggestion: For guidance on migrating legacy systems, see ³'R' /HJDF\ 6\VWHP 0LJUDWLRQ
-
Risk assessment. If you want to go more in-depth than just ³what¶s a high-value asset and what¶s not´
on your network, consider doing a complete risk assessment.
± Suggestion: For more information on risk assessment and risk management, see the following:
-
-
-
-
Update the documentation whenever your network enclaves, high-value assets, choke points, or system
dependencies change (added, removed, or relocated).
Re-evaluate your network architecture periodically. Your security and manageability requirements may
change, especially as your organization grows.
-
Check Yes or No. If No, provide (or provide reference to) an Explanation. If explanation is acceptable from a risk management standpoint, check Accepts Risk.
-
-
-
-
-
-
-
sure it most effectively protects your high-value assets, limits access
to sensitive information, and keeps damage contained?
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
Hard-to-administer devices on your network will be looked at less often and thus are more likely to have
-
-
Make sure EVERY device (all computers, printers, routers, gateways, etc) on your network can be
-
± Suggestion: For Windows machines, implement Active Directory.
-
machines in a Windows network domain. For more information on Windows Group Policy, see Group
Policy: Fundamentals, Security, and Troubleshooting by Jeremy Moskowitz (Addison-Wesley, © 2008).
± Suggestion: To configure and administer non-Windows machines on your network, consider using
Puppet. For more information on Puppet, see www.puppetlabs.com.
For any devices that cannot be accessed on a regular basis, such as laptops and other mobile devices,
develop a plan to administer them. Consider using a network access control solution (see the Network
-
± Suggestion: If a user is allowed full administrative control of such a device, the device should be
-
-
Document your plan to administer ALL your devices, especially those that cannot be accessed on a
-
-
No insecure administration protocols. Do not use insecure, clear-text protocols (telnet, rsh, ftp, tftp,
etc.) to administer devices. Use SSH instead of telnet or rsh. Use SCP or SFTP instead of ftp. If using
SNMP, use SNMPv3 and its security features (versions 1 and 2 are insecure).
± Suggestion: On Windows machines, use the PuTTY SSH client and the WinSCP SFTP client. SSH
-
For more information on PuTTY, see www.chiark.greenend.org.uk/~sgtatham/putty.
-
± Suggestion: Block the insecure protocols mentioned above on your network, in order to prevent
-
-
critical device, because this makes the security of the critical device dependant on the security of the less
critical device. For example, a domain controller should never be administered from an Internetconnected workstation. Consider using dedicated management stations for administering critical devices.
-
your network? If so, make sure that that connection is extremely secure; once this Milestone is complete,
if that connection is compromised, an intruder would gain access to your entire network! (See the Remote
-
Physical security. Not just anyone should be able to walk up and access your network devices in an
administrative mode. Do you have some sort of physical access control in place to prevent this? Do your
-
Automating administration. Automating administrative tasks frees up network administrator time. Is as
-
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
-
-
Check Yes or No. If No, provide (or provide reference to) an Explanation. If explanation is acceptable from a risk management standpoint, check Accepts Risk.
-
-
-
-
and administer EVERY device (all computers, printers, routers,
gateways, etc.) on your network?
-
on a regular basis, such as laptops and other mobile devices?
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
Have you discovered that your network is insecure? Are your network administrators always running around
putting out fires? Does it seem to be impossible to get anything implemented or fixed on your network? If so,
-
-
The Manageable Network Plan is a series of milestones to take an unmanageable and insecure network and
make it manageable, more defensible, and more secure. The Plan is intended to be a long term solution;
implementing the milestones may take a significant amount of resources and time (possibly months or even
years). But consider: If your network is not manageable, or only barely manageable, it will be very difficult for
you to fully implement any security measures. Once your network is manageable, you will be able to consider
and implement security measures²and verify their implementation²much more efficiently and effectively.
Admins may start shouting, ³We have no free time! How can we do all this???´ Having a manageable network
increases your free time; it allows you to be proactive instead of reactive. And if you do have a huge network,
-
Each RI WKH 3ODQ¶V milestones contains a ³To Do´ list, and may also contain documentation requirements,
points to consider, and ongoing tasks. Ideally, each milestone should be fully implemented before moving on
to the next one, although some milestones can be implemented in parallel. If the earlier milestones are
already implemented on your network, skip ahead to the first one that is not yet fully implemented. To
determine this, each milestone has a checklist. For each question in a milestone¶s checklist, answer Yes or
No; if No, provide an explanation. If you consider the
explanation acceptable from a risk management standpoint,
-
-
-
Yes or Accepts Risk, the milestone is complete. Document
-
future network evaluation finds problems on your network, it
-
you did in some areas, and that changes are needed.
The Plan provides overall direction, offers suggestions, calls
out crucial security tips,
-
and gives references to books,
Web resources, and tools.
-
Every network is different, so
use the Plan milestone ³To Do´ lists, documentation
requirements, and ongoing tasks as a guide, and generate
-
-
network. When developing these tasks, be mindful of any
-
must comply with. Use relevant standards and communityvetted data models (such as SCAP standards,
-
of Defense data models, etc.), so that you can benefit from
-
each task states what is to be done, who is to do it, and
-
-
-
-
-
For information on risk management, see NIST Special Publication 800-39� ³0DQDJing Information Security Risk: Organization,
-
-
These crucial security tips are consistent with the top mitigations noted in the Australian Defence Signals Directorate¶V ³7RS ��
-
3 Note that the tools mentioned have not been evaluated by the NSA and might not be approved for use in your organization.
-
For information on using SCAP, see NIST Special Publication 800-117: ³*XLGH WR $GRSWLQJ DQG 8VLQJ WKH 6HFXULW\ &RQWHQW $XWRPDWLRQ
-
-
In order for this Plan to work, it will require²as with any
-
-
-
The risk of an unmanageable network is that, although it
may be available, it is most likely not secure. It may be
-
-
-
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
Check Yes or No. If No, provide (or provide reference to) an Explanation. If explanation is acceptable from a risk management standpoint, check Accepts Risk.
-
-
-
-
-
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
In order to have any sort of control over your network, you first need to know where everything is. This
milestone and the next focus primarily on gathering information about your network (although the points to
consider may prompt you to investigate making network changes). Note that, depending on your network, it
may be easier to implement Milestones 2 through 5 first for the infrastructure and then for the endpoint
devices, instead of trying to do everything at once.
-
-
network map is stored in a way that is secure, but yet still allows easy updates as
-
± Suggestion: If you have any devices connected by wireless, they should be included on the map.
Connections to any clouds, external networks, and the Internet should also be included on the map.
Create an accurate list of ALL devices (computers, printers, routers, gateways, etc.) on your network. For
each device, record host name, role (its purpose on your network), MAC address (and IP address if
static), service tag, physical location, and operating system or firmware. (Your organization may require
-
± Suggestion: Store this information in a database. Applications can be written to query this database
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
Asset management. The ideal way to keep track of all the devices on your network is to implement a
formal IT inventory (or asset) management process. Such a process can help you keep track of devices
-
-
Update the network map and list of devices any time a device is added to or removed from your network.
Update the list of protocols any time a new protocol is added to your network, or an old protocol is no
-
Periodically use the tools mentioned above to check your network map and your lists of devices and
protocols for accuUDF\�5HPHPEHU�WKH WRROV ZRQ¶t find everything, but they may find things that were
-
-
Check Yes or No. If No, provide (or provide reference to) an Explanation. If explanation is acceptable from a risk management standpoint, check Accepts Risk.
-
-
-
Do you have a current, accurate network map?
Do you have a current, accurate list of ALL devices (computers, printers,
routers, gateways, etc.) on your network, including host name, role, MAC
address, service tag, physical location, and OS/firmware?
Do you have a current, accurate list of ALL protocols that are running
-
-
-
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
-
- Identify the products your organization produces.
- Understand your production process.
- Identify your high-value network assets:
-
-
-
production process, where that data cannot be easily
-
-
sensitive data, i.e., data that would cause your
-
-
-
-
A sound network architecture protects your high-value assets by limiting access to them, provides important
functionality consistent with your business model, and ensures business continuity in the event of a disaster.
-
-
have access to what types of information. For example, the Engineering enclave
has access to the CAD drawings, the HR enclave has access to the personnel files, etc.
-
-
-
-
-
The machines where this data resides (for example,
-
implemented (for example, your domain controllers) are
-
-
-
³VHcWLRQV´ RI \RXU QHWZRUN, such as sections with
different trust levels, or your different enclaves. Ideally,
-
-
sure to identify the FKRNHSRLQWV RQ WKH³HGJH,´ i.e., the
-
-
-
-
Document which systems are dependent on which other systems in your network (system dependencies).
-
Damage containment. Your network should be designed to keep any damage to it contained. A potential
-
defenses: loss of one network asset should not be loss of all. Users on your network may not need open
access to all the information and assets on your network: only allowing access to sensitive information by
-
-
those who need it. For example, Engineering should have access to the CAD drawings, but not the
-
separated, consider redesigning your network architecture and migrating to that new design.
For guidance on network architecture and design, see Top-Down Network Design, Second
Edition by Priscilla Oppenheimer (Cisco Press, © 2004).
For guidance on isolating assets based on security dependencies (specific to a Windows network, but
the general principles apply to any network), see Microsoft Windows Server 2008 Security Resource
Kit by Jesper Johansson (Microsoft Press, © 2008)�&KDSWHU���³6HFXULQJWKH1HWZRUN´�.
-
-
Isolate your wired and your wireless networks, either physically or logically.
Isolate your VoIP and your data networks, either physically or logically.
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
-
-
-
physically, consider using VLANs and/or IPsec Encapsulating Security Payload (ESP).
Keep internal administrative functions, internal user functions, and external user functions
separate: Physically separate server functions onto different servers²for example, a domain
controller should not also be running a customer database. In addition, your servers should never
-
-
-
determine these boundaries. At a minimum, there should be trust boundaries between your
RUJDQL]DWLRQ¶V LQWHUQDO QHWZRUN�WKH H[WHQGHG HQWHUSULVH�DQGWKH,QWHUQHW. This is the idea behind, for
example, putting all your publicly-accessible assets into DMZs (demilitarized zones). There should
also be a trust boundary between your internal network and your remote access users, and there
-
-
± Suggestion: Be sure the choke points on your network are positioned to most effectively protect your highvalue assets. Place security gateways, proxies, or firewalls at your network choke points so that traffic over
them can be monitored and controlled (see the Security Gateways, Proxies, and Firewalls and Network
Security Monitoring Network Security Tasks). Consider placing choke points at your other trust boundaries
as well, and allowing only the approved protocols documented in Milestone 2 to go through. To decrease
your attack surface, limit the number of Internet gateways/access points into your network.
-
-
RUJDQL]DWLRQ¶V mission. Eliminate all those that are not needed. Trust relationships can be exploited
by malicious intruders to gain access to your network. Traditional network defenses (e.g., firewalls,
malware scanners, etc.) cannot defend your network against an exploited trust relationship!
-
Cloud computing. If all or part of your network is intHJUDWHG ZLWK³WKH FORXG´²or you are considering
-
± Suggestion: For more information on the benefits and risks of cloud computing, see the following:
-
-
-
-
Virtualization security. If your network includes virtual servers and/or desktops²or you are considering
using these²be sure that you understand the security implications. For more information, see NIST
-
-
-
-
Physical security. Physical security of your network assets is extremely important! If an adversary can
-
± Suggestion: At the very least, implement some kind of monitored physical access control so that
-
No single points of failure. Are there any single points of failure for critical systems on your network?
These should be eliminated. Think end-to-end when considering this. For example, is all your critical
outgoing network traffic routed through only one physical cable? Even if you have multiple cables out, do
they ever run together, such as through a single conduit under a river? Are both the main and backup
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
Custom Web applications. Do you have custom Web applications facing the Internet? If so, are they
protected and/or are your developers trained in writing secure, robust, and fault-tolerant code?
-
-
-
-
Developing your own security controls can lead to wasted time and security holes. Use the OWASP Enterprise
-
The best place to defend a Web application from malicious activity may be within the application itself. Consider using
-
Legacy systems. Do you have legacy systems and software that your organization depends on? If so,
are they protected from more modern attacks and other misuse? If they ever get compromised, is the rest
-
-
-
± Suggestion: For guidance on migrating legacy systems, see ³'R' /HJDF\ 6\VWHP 0LJUDWLRQ
-
Risk assessment. If you want to go more in-depth than just ³what¶s a high-value asset and what¶s not´
on your network, consider doing a complete risk assessment.
± Suggestion: For more information on risk assessment and risk management, see the following:
-
-
-
-
Update the documentation whenever your network enclaves, high-value assets, choke points, or system
dependencies change (added, removed, or relocated).
Re-evaluate your network architecture periodically. Your security and manageability requirements may
change, especially as your organization grows.
-
Check Yes or No. If No, provide (or provide reference to) an Explanation. If explanation is acceptable from a risk management standpoint, check Accepts Risk.
-
-
-
-
-
-
-
sure it most effectively protects your high-value assets, limits access
to sensitive information, and keeps damage contained?
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
Hard-to-administer devices on your network will be looked at less often and thus are more likely to have
-
-
Make sure EVERY device (all computers, printers, routers, gateways, etc) on your network can be
-
± Suggestion: For Windows machines, implement Active Directory.
-
machines in a Windows network domain. For more information on Windows Group Policy, see Group
Policy: Fundamentals, Security, and Troubleshooting by Jeremy Moskowitz (Addison-Wesley, © 2008).
± Suggestion: To configure and administer non-Windows machines on your network, consider using
Puppet. For more information on Puppet, see www.puppetlabs.com.
For any devices that cannot be accessed on a regular basis, such as laptops and other mobile devices,
develop a plan to administer them. Consider using a network access control solution (see the Network
-
± Suggestion: If a user is allowed full administrative control of such a device, the device should be
-
-
Document your plan to administer ALL your devices, especially those that cannot be accessed on a
-
-
No insecure administration protocols. Do not use insecure, clear-text protocols (telnet, rsh, ftp, tftp,
etc.) to administer devices. Use SSH instead of telnet or rsh. Use SCP or SFTP instead of ftp. If using
SNMP, use SNMPv3 and its security features (versions 1 and 2 are insecure).
± Suggestion: On Windows machines, use the PuTTY SSH client and the WinSCP SFTP client. SSH
-
For more information on PuTTY, see www.chiark.greenend.org.uk/~sgtatham/putty.
-
± Suggestion: Block the insecure protocols mentioned above on your network, in order to prevent
-
-
critical device, because this makes the security of the critical device dependant on the security of the less
critical device. For example, a domain controller should never be administered from an Internetconnected workstation. Consider using dedicated management stations for administering critical devices.
-
your network? If so, make sure that that connection is extremely secure; once this Milestone is complete,
if that connection is compromised, an intruder would gain access to your entire network! (See the Remote
-
Physical security. Not just anyone should be able to walk up and access your network devices in an
administrative mode. Do you have some sort of physical access control in place to prevent this? Do your
-
Automating administration. Automating administrative tasks frees up network administrator time. Is as
-
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-
-
-
-
Check Yes or No. If No, provide (or provide reference to) an Explanation. If explanation is acceptable from a risk management standpoint, check Accepts Risk.
-
-
-
-
and administer EVERY device (all computers, printers, routers,
gateways, etc.) on your network?
-
on a regular basis, such as laptops and other mobile devices?
-
-
-
-
The Mitigations Group National Security Agency 9800 Savage Road Fort Meade, MD 20755-6704
-