 |
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|
Step 1: Creating a network baseline
In order to create a solid network security policy, you need to first determine the purpose of every machine on your network.
You should know which machines are web servers and which are mail servers. For example, your receptionist's workstation should probably not be running an FTP server or a web server.
Once you have determined the purpose of every machine, gather each system's identifying attributes (e.g. DNS, MAC address, ownership information, etc.). By doing this, you are creating a network baseline. The baseline states which machines are allowed on the network and their intended role.
|
|
|
Now the network can be scanned for deviation from your policy baseline. The scan results are compared the baseline to determine if there are any new machines on your network ("stowaways"), or if a mission critical machine (e.g. web server) is down. Also you should determine if your web server is performing its role specific function and nothing else.
The NETFOX quickly and easily creates this baseline for you. Once the NETFOX is installed, all you need to do is run a WHO scan. The WHO scan will return all of the machines that are currently up on your network and identify those machines by DNS name, netbios name, username, MAC address, and determine the operating system. The NETFOX 'Set as Master' functionality allows you to set any scan results as part of the policy baseline.
Step 1A: Creating an IP profile
Every system within your network baseline should have an associated IP Profile. The IP Profile contains the system identifying attributes and ownership information. This information should include contact information about who is responsible for that system, the physical location, and determine which TCP/UDP services should be running in order to perform its intended role. Now you have accountability for every asset upon your network.
The NETFOX has an IP profile for every system in your network baseline and stores all system identifying attributes, a contact name, phone number, email address, and physical location of the machine. The NETFOX IP profile also stores information such as if the system is mission critical, and you can associate a machine template. The NETFOX uses machine templates to determine the role of a system and which TCP/UDP services are required to perform its duties. For example, a web server should only be running the HTTP protocol on TCP port 80. You will want to create a machine template called 'Web Server' which only allows for TCP port 80 to be active. In this example any IP host that is a web server should have the 'Web Server' machine template assigned to it within it's IP Profile. Therefore a system running a mail server (SMTP TCP 25) with an associated "web server" machine template can quickly be identified as "non policy compliant."
|
|
|
|
|
|
|
