Checklist: Securing Your Network

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

patterns & practices Developer Center

Improving Web Application Security: Threats and Countermeasures

J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Microsoft Corporation

Published: June 2003

See the "patterns & practices Security Guidance for Applications Index" for links to additional security resources.

See the Landing Page for the starting point and a complete overview of Improving Web Application Security: Threats and Countermeasures.

Contents

How to Use This Checklist Router Considerations Firewall Considerations Switch Considerations

How to Use This Checklist

This checklist is a companion to Chapter 15, "Securing Your Network." Use it to help secure your network, or as a quick evaluation snapshot of the corresponding chapters.

This checklist should evolve as you discover steps that help implement your secure network.

Router Considerations

Check Description
Ff648249.z02bthcm01(en-us,PandP.10).gif Latest patches and updates are installed.
Ff648249.z02bthcm01(en-us,PandP.10).gif You subscribed to router vendor's security notification service.
Ff648249.z02bthcm01(en-us,PandP.10).gif Known vulnerable ports are blocked.
Ff648249.z02bthcm01(en-us,PandP.10).gif Ingress and egress filtering is enabled. Incoming and outgoing packets are confirmed as coming from public or internal networks.
Ff648249.z02bthcm01(en-us,PandP.10).gif ICMP traffic is screened from the internal network.
Ff648249.z02bthcm01(en-us,PandP.10).gif Administration interfaces to the router are enumerated and secured.
Ff648249.z02bthcm01(en-us,PandP.10).gif Web-facing administration is disabled.
Ff648249.z02bthcm01(en-us,PandP.10).gif Directed broadcast traffic is not received or forwarded.
Ff648249.z02bthcm01(en-us,PandP.10).gif Unused services are disabled (for example, TFTP).
Ff648249.z02bthcm01(en-us,PandP.10).gif Strong passwords are used.
Ff648249.z02bthcm01(en-us,PandP.10).gif Logging is enabled and audited for unusual traffic or patterns.
Ff648249.z02bthcm01(en-us,PandP.10).gif Large ping packets are screened.
Ff648249.z02bthcm01(en-us,PandP.10).gif Routing Information Protocol (RIP) packets, if used, are blocked at the outermost router.

Firewall Considerations

Check Description
Ff648249.z02bthcm01(en-us,PandP.10).gif Latest patches and updates are installed.
Ff648249.z02bthcm01(en-us,PandP.10).gif Effective filters are in place to prevent malicious traffic from entering the perimeter
Ff648249.z02bthcm01(en-us,PandP.10).gif Unused ports are blocked by default.
Ff648249.z02bthcm01(en-us,PandP.10).gif Unused protocols are blocked by default.
Ff648249.z02bthcm01(en-us,PandP.10).gif IPsec is configured for encrypted communication within the perimeter network.
Ff648249.z02bthcm01(en-us,PandP.10).gif Intrusion detection is enabled at the firewall.

Switch Considerations

Check Description
Ff648249.z02bthcm01(en-us,PandP.10).gif Latest patches and updates are installed.
Ff648249.z02bthcm01(en-us,PandP.10).gif Administrative interfaces are enumerated and secured.
Ff648249.z02bthcm01(en-us,PandP.10).gif Unused administrative interfaces are disabled.
Ff648249.z02bthcm01(en-us,PandP.10).gif Unused services are disabled.
Ff648249.z02bthcm01(en-us,PandP.10).gif Available services are secured.

patterns & practices Developer Center

Retired Content

This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.

© Microsoft Corporation. All rights reserved.