Exercise 1 Developing a Security Plan
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (29.62 KB, 2 trang )
Copyright 2002 Microsoft Corporation. All Rights Reserved.
Exercise 1 Developing a Security Plan
Design Worksheet A
Risk Policy Design solution
Virus infection from
the Internet
All incoming files must
be scanned by a virus
scanner.
Use Group Policy to deploy a desktop
virus scanner and configure scanning
preferences. Virus scanner must scan
files being downloaded from the
Internet.
Loss of internal
data from file
servers due to
accidental deletion
of data
Cannot tolerate a loss of
more than one day’s
worth of data.
Implement a training plan to make sure
that all staff members know where to
store data and how to save data to file
servers. Implement disaster recovery
plan and make sure that the backup
strategy can recover at least all of the
data from the previous day.
Information from
HR database stolen
by internal staff
Must make sure that
access to HR database
is granted on an as-
needed basis.
Make sure that permissions on the HR
database secure the information.
Information from
HR database stolen
by external partners
Must make sure that
external partners have
access only to the
information that they
need in the HR
database.
Partition the information available in
the HR database so that information
that can be accessed externally is in a
different section of the database from
internal information. Set permissions
on the internal information to deny
access to external partners.
Compromise of
data on internal
servers due to VPN
connection to the
Internet
Must not allow attacks
from the Internet to
compromise HR data.
Implement certificate-based
authentication for partners. Use remote
access policies and require strong
encryption of data. Grant VPN access
on an as-needed basis.
Copyright 2002 Microsoft Corporation. All Rights Reserved.
Design Worksheet B
Design solution Strategy for maintenance
Use Group Policy to deploy a desktop virus
scanner and configure scanning preferences.
The virus scanner must scan e-mail.
Monitor virus information sources and make
sure that virus scanner files are up-to-date.
Monitor audit logs to identify attacks before
they happen to minimize the chance of a
successful attack. Make sure that all file
server security issues are implemented on all
internal servers.
Monitor security information sources for
software updates and configuration changes
that affect file server security. Test and apply
updates to file servers as security issues
become known. Regularly check audit logs to
identify attacks before they cause problems.
Train staff on which printer to use for each
form of data. Use permissions to restrict
access to printers for staff members who
have access to confidential data. Use scripts
to configure printer connections for staff with
access to confidential information.
Update courseware as changes occur and
make sure that staff members receive
notifications of updates. Perform audits on
print servers to make sure that staff members
have print permissions as needed. Regularly
audit who has access to confidential data.
Use Group Policy to deploy a desktop virus
scanner and configure scanning preferences.
The virus scanner must scan files being
downloaded from the Internet.
Monitor information sites regarding attacks,
and monitor event logs for evidence of DoS
attacks and attempted DoS attacks.
Implement a training plan to make sure that
all staff members know where to store data
and how to save data to file servers.
Implement a disaster recovery plan and make
sure that the backup strategy can recover at
least all of the data from the previous day.
Regularly update the training plan and advise
internal users of the changes. Test the backup
strategy and recovery plan regularly to ensure
that it meets your policies.
Make sure that permissions on the HR
database secure the information.
Perform regular security audits on
permissions. Perform regular checks on the
physical security of servers to ensure that
they are secure. Perform checks on
passwords to make sure that users are not
using easily breakable passwords.
Partition the information available in the HR
database so that information that can be
accessed externally is in a different section of
the database from internal information. Set
permissions on the internal information to
deny access to external partners.
Monitor for remote access software updates,
and make sure that all dial-up clients have
correct dial-up settings.
Implement certificate-based authentication for
partners. Use remote access policies and
require strong encryption of data. Grant VPN
access on an as-needed basis.
Monitor firewall event logs to determine
whether DoS attacks are occurring, and
whether they are being prevented. Monitor for
software updates to firewall and Web
software.
