Skip to content

CyberSecurity Advisory Checklist - Red Siren Technologies

CyberSecurity Advisory Checklist

The security experts at Red Siren Technologies have developed this list, to help your company ensure that your network infrastructure, and the information stored on it, is protected from unauthorized access.

This list has been developed in response to a Terrorist Threat Advisory, issued by the FBI on September 11, 2001.

Red Siren recommends that your company consider each of the points listed below.

  1. Minimize external exposure by minimizing Internet access and connectivity. This includes:
  • Distinguishing between convenience access and essential business access. Convenience access can be identified as such services as mail lists, traffic and weather advisories, PointCast, multicast, instant messaging, etc. These services automatically open Internet access providing an access point into your network that can be exploited;
  • Consider opening and closing connections as needed rather than leaving services up continuously; and
  • Removing Internet access from those employees who may not need it for business purposes.

  • Review security policies and ensure that they are current. More importantly, ensure that they are fully implemented, managed to, and vigorously enforced. The corporate world is full of companies that have very well thought out, carefully crafted policies that are never implemented.
  • Ensure all current service-level and security patches have been installed on operating systems and software, including anti-virus updates.
  • Enhance the review and monitoring of all critical system logs for suspect activity and consider implementing an intrusion detection system.
  • Revisit your firewall configurations and rules to ensure that unnecessary ports and services are turned off and that access control is tightly managed.
  • Considering curtailing remote access by employees, business partners, customers and consultants to essential business.
  • Consider changing passwords for all super-user or power IDs such as Root, dbadmin, application manager IDs, etc. especially if that information has become widely shared.
  • Revisit access control lists to ensure that access to critical functions and resources is limited.
  • Contact your Internet Services Provider (ISP) to discuss what measures they are taking to ensure the security and reliability of the services they are providing you.
  • Ensure all critical systems are regularly backed up and actual systems recovery procedures have been tested.
  • Consider an incident response plan for addressing actions to be taken should a debilitating cyber incident/event occur affecting your business. Review plans and determine who within your company has the authority to make decisions and to take action.
  • Click here for pdf version.

    If you have any questions that these recommendations have not addressed, please email our security team at redsiren.security.helpdesk@redsiren.com.

    RedSiren experts will also provide access to its CISSP-certified security professionals to answer questions regarding network security issues.

    First published on 01/01/2000

    Filed under: 
    Filed under security as: 

    Search Topics