Chapter 4. Network Security Standards and Guidelines
By the end of this chapter, you should know and be able to explain the following:
• Identify resources for use within your organization
• Harden a Cisco IOS or operating system
• Harden an Apple OS X operating system
• Harden a Microsoft Server and desktop environment
Let’s have an ’80s movie flashback with Chevy Chase to set the stage for this chapter. One of his best movies was and still is Fletch. In this scene, you see Fletch looking for clues in an aircraft hangar dressed as a mechanic....
Willy: What do you need ball bearings for?
Fletch: Awww, come on guys, it’s so simple. Maybe you need a refresher course. [leans arm on hot aircraft engine]
Fletch: Hey! It’s all ball bearings nowadays. Now you prepare that Fetzer valve with some 3-in-1 oil and some gauze pads. And I’m gonna need ’bout ten quarts of antifreeze, preferably Prestone. No, no make that Quaker State.
Although ball bearings might have worked given the right circumstance, they weren’t the right tools for the job. That is what this chapter is about: using the right security tool for the right job. In many cases, it’s also knowing where that tool is and how to correctly apply it; fortunately, much of the work is already done for you so that you can protect that Fetzer valve from any ball bearings Fletch might want to test it with!
This chapter discusses and provides an overview of common design guidelines and provides some example of how they should be considered and adapted in a production environment.
You learn some of the best practices and guidelines from major industry players such as Cisco, Microsoft, and Apple, along with delving into the some best practices set forth from the National Security Agency (NSA) and the Computer Security Division Computer Resource Center of NIST (National Institute of Standards and Technology). Then this chapter talks about how to apply these best practices within your organization.
We’ll start with a few Cisco resources/tools: Cisco SAFE and Cisco Validated Designs, and follow up with best practices from Cisco on hardening the IOS, and configuring a firewall/ASA and an Intrusion Prevention System (IPS).