Verify the current connections Look at network traffic statistics Look at your antivirus logs Read the security logs on your domain servers
The changing face of NAC’s, URL filtering, gateway appliances,. SaaS: Security as-a Service instead of appliances or Layer 7 Filtering. Set it and forget it Opening more firewall ports than necessary Pulling double duty Ignoring networks workstations Failing to use SSL encryption where it counts Using self-signed certificates Excessive security logging Randomly grouping virtual servers (Don’t put FW and Production on same physical hosts) 9. Some states classify academic records as Private and the PII laws protect that informationġ0 Common Security Flaws 1. Inform Students Remove Social Security Numbers Updating the Computer System Hash / Encrypt SSNs Make sure all transmission of SSN’s is Secure (Use SSL or other form of encryption) Comply with State Regulations – (More Info & edmodo). Passwords should be at least 10 Characters long. Top ten bad passwords and abc123 & 123456 is in the top ten! –. Render PII Information unreadable whenever stored. Never send unencrypted PII or confidential information by email. Both (DLP/ILP) Should be a part of your SLA with specific controls in place. Information Leak/Loss Prevention (ILP)– Cloud vendors site. Data Leak/Loss Prevention (DLP) your site. HTTPS SSL/TLS for ODBC SSN and Passwords PII stored in a hashed format Encrypt ALL Communications between remote and corporate infrastructures. Password strength (Length matters more than complexity) IP range blacklists/whitelists (IP Spoofing) Login hours /Timeouts Account Lockouts Access Control Authentication and Authorization – – – – –. 
On-premises Security Systems /Controls? – Outside Testing of Security systems – Backup verification / test in production.
The information presented here is accurate to the best of my knowledge! I AM NOT A LAWYER! For legal advice contact legal counsel on your campus or your General Counsel’s Office. Got a Network / Security Check List? I Do (You can too! Lots of Resources and Best Practices ) MS Information Assurance, CISSP, CWNA, CEH, MCSE, Security+, I-Net+, Network+, Server+, CNA, A+
0 kommentar(er)
