Eight daily steps to a more secure network

Takeaway: While many companies have a 9-to-5 security staff, hackers don't punch a clock. However, your network can still remain secure in the 16 hours inetween!you "ust need to focus activities to provide ma#imum covera$e for the network. %ike %ullins $ets you started with a list of ei$ht daily tasks in this edition of &ecurity &olutions. 'n today's connected world, hackin$ is a ()*+ usiness. Whether approachin$ it as a "o or a ho y, hackers don't punch a clock. While many companies don't have the ud$et for ()*+ security mana$ers, that doesn't mean you should "ust $ive up on security. 'f your security staff, or your one security staff mem er, is on a 9-to-5 schedule, your network can still remain secure in the 16 hours in- etween!you "ust need to focus activities to provide ma#imum covera$e for the network. ,evelop a methodical, comprehensive task list that provides the most efficient means of securin$ your network. -o "ump-start your plannin$, here are ei$ht simple tasks you should make sure to check off every day.

In the morning
.fter arrivin$ at work, $et some coffee, check your e-mail, and do the followin$/ 1. Verify the current connections: -here's nothin$ like catchin$ malicious ehavior while it's occurrin$. 'nspect all the connections $oin$ throu$h your firewall! oth in and out. 0ook for anomalies and investi$ate them1 this could include out ound 2-3 or in ound -elnet*&&H sessions. 4ou're lookin$ for thin$s that aren't normal. (. Look at network traffic statistics: How much activity took place while you weren't there5 What type of traffic was it, and what was the destination and source5 6. Look at your antivirus logs: ,id a virus hit your e-mail system last ni$ht5 .re the antivirus si$natures up to date5 ). Read the security logs on your domain servers: ,id the system lock out any accounts last ni$ht5 3ay special attention to any accounts with administrator access. 7erify that lockouts were human error!and not part of a reach attempt. 5. Check for new security patches: ,etermine whether any of your vendors released patches for any software in your aseline. 8'f you don't have a aseline, ' hi$hly recommend developin$ one.9 'f a new patch is availa le, read the release notes thorou$hly. -hen, make a decision or recommendation whether to implement it now or wait for scheduled system downtime.

In the afternoon
When you arrive ack from lunch, there's still a lot left to do/ 1. Meet and rief: %ana$ers like to know what's $oin$ on, so don't wait for them to ask!tell them. %eet and rief on anythin$ that occurred durin$ the evenin$ and the actions you've taken so far. -his is also a $ood time to pitch new ideas1 such as tools that could help you defend the network or staff trainin$. (. Check more logs: -ake an in-depth look at ',& and firewall lo$s. Who on the 'nternet is knockin$ on your door5 What are they lookin$ for5 Who on the inside of your network is doin$ somethin$ they shouldn't e5. 'f you find unauthori:ed and*or ille$al activity, report it immediately, and take action to stop it. 6. Turn knowledge into action: ;ow that you know what went on while you weren't there, develop an action plan to prevent the ehavior in the future. ,o you need to ad"ust your firewall rules5 's your ',& catchin$ and reportin$ the proper events5 ,o you need to archive lo$s to save space on your servers5 ,o you need to $ive a final riefin$ on any actions that occurred durin$ the last () hours5

!inal thoughts
. lot of companies don't run ()*+ security operations, and sometimes you mi$ht find yourself as the only person providin$ security for a network. While it's easy to $et cau$ht up in events and miss important items on your security checklist, you'll never know what you're missin$ if you don't create a list in the first place. ;etwork security shouldn't e reactionary!don't wait for events to drive you into action. -he a ove list isn't complete, ut it's a startin$ point. <reate your own security todo list that's specific to your or$ani:ation's needs, and keep your security on track.