Cybersecurity: Difference between revisions
From Supporting Role Wiki
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
== Firewalls == |
== Firewalls == |
||
There are three main types of firewall: |
There are three main types of firewall: |
||
# Boundary Protection |
# Boundary Protection |
||
We make sure that the main incoming connection has a firewall and that it is correctly configured, that the default passwords are changed, and that the only incoming traffic is the traffic we want to get through. |
#: We make sure that the main incoming connection has a firewall and that it is correctly configured, that the default passwords are changed, and that the only incoming traffic is the traffic we want to get through. |
||
# Server firewall |
# Server firewall |
||
The server we supply is also fire-walled, and the settings are managed so that even if someone managed to turn the firewall off, or change settings, it will revert back to the original settings within the hour. |
#: The server we supply is also fire-walled, and the settings are managed so that even if someone managed to turn the firewall off, or change settings, it will revert back to the original settings within the hour. |
||
# Workstation firewall<br /> |
# Workstation firewall<br /> |
||
If we are also looking after your desktop computers, we will also make sure that it's firewall is turned on as well, and is correctly configured. |
#: If we are also looking after your desktop computers, we will also make sure that it's firewall is turned on as well, and is correctly configured. |
||
== Passwords == |
== Passwords == |
||
# Default Configuration |
# Default Configuration |
||
We change all the default settings of any network device that could be used as a stepping-off point for an external breach. |
#: We change all the default settings of any network device that could be used as a stepping-off point for an external breach. |
||
# Separate user names and passwords |
# Separate user names and passwords |
||
We set up separate accounts for each user, with passwords that they can manage. If required we can impose a minimum password complexity and age. |
#: We set up separate accounts for each user, with passwords that they can manage. If required we can impose a minimum password complexity and age. |
||
# Monitoring<br /> |
# Monitoring<br /> |
||
The server has monitoring software that checks for brute force password attacks on externally accessible accounts, and after a certain number of password guesses, the attackers location will be blacklisted. |
#: The server has monitoring software that checks for brute force password attacks on externally accessible accounts, and after a certain number of password guesses, the attackers location will be blacklisted. |
||
== Access to Data and Services == |
== Access to Data and Services == |
||
# Administrative Accounts<br /> |
# Administrative Accounts<br /> |
||
If we are looking after your desktop computers, users normally have no administrative rights. If we do not look after your desktops, we usually only allow administrative access to a user's own computer. Since Forget About IT Ltd looks after the server, end users have no administrative access to the server. |
#: If we are looking after your desktop computers, users normally have no administrative rights. If we do not look after your desktops, we usually only allow administrative access to a user's own computer. Since Forget About IT Ltd looks after the server, end users have no administrative access to the server. |
||
# Group membership<br /> |
# Group membership<br /> |
||
Access to data is controller by group membership, and only users authorised to access an area are members of the group used to control access. |
#: Access to data is controller by group membership, and only users authorised to access an area are members of the group used to control access. |
||
# Access to Software<br /> |
# Access to Software<br /> |
||
If we are looking after your desktop computers, then we will uninstall all redundant software, and also limit what is installed. |
#: If we are looking after your desktop computers, then we will uninstall all redundant software, and also limit what is installed. |
||
== Viruses and other Malware == |
== Viruses and other Malware == |
||
# Servers<br /> |
# Servers<br /> |
||
The server regularly scans itself for viruses and alerts us to any concerns. Since the server itself is not allowed to open any files from unknown sources, it's exposure is limited. The server also prevents a known program from accessing areas on the server not explicitly authorised. |
#: The server regularly scans itself for viruses and alerts us to any concerns. Since the server itself is not allowed to open any files from unknown sources, it's exposure is limited. The server also prevents a known program from accessing areas on the server not explicitly authorised. |
||
# Desktops<br /> |
# Desktops<br /> |
||
If we are looking after your desktop computers, we will make sure there is an an anti-virus / anti-malware solution in place. |
#: If we are looking after your desktop computers, we will make sure there is an an anti-virus / anti-malware solution in place. |
||
== Updating == |
== Updating == |
||
# Servers<br /> |
# Servers<br /> |
||
The servers install security patches automatically, and we will install all others at the next maintenance interval, which is usually the first "out of hours" period after the patch is released. |
#: The servers install security patches automatically, and we will install all others at the next maintenance interval, which is usually the first "out of hours" period after the patch is released. |
||
# Desktops<br /> |
# Desktops<br /> |
||
If we are looking after your desktop computers, we will regularly check that the devices are up to date. Where possible, we will also make sure automatic updating is enabled. |
#: If we are looking after your desktop computers, we will regularly check that the devices are up to date. Where possible, we will also make sure automatic updating is enabled. |
||
[[Category:Business Continuity]] |
|||
Latest revision as of 12:26, 14 May 2018
CyberSecurity with a Forget About IT® Server
Forget About IT Ltd use a number of tools to minimise the risks of a breach to your Forget About IT® server. Based on the 5 technical controls of the UK government's Cyber Essentials, this is what we do:
Firewalls
There are three main types of firewall:
- Boundary Protection
- We make sure that the main incoming connection has a firewall and that it is correctly configured, that the default passwords are changed, and that the only incoming traffic is the traffic we want to get through.
- Server firewall
- The server we supply is also fire-walled, and the settings are managed so that even if someone managed to turn the firewall off, or change settings, it will revert back to the original settings within the hour.
- Workstation firewall
- If we are also looking after your desktop computers, we will also make sure that it's firewall is turned on as well, and is correctly configured.
Passwords
- Default Configuration
- We change all the default settings of any network device that could be used as a stepping-off point for an external breach.
- Separate user names and passwords
- We set up separate accounts for each user, with passwords that they can manage. If required we can impose a minimum password complexity and age.
- Monitoring
- The server has monitoring software that checks for brute force password attacks on externally accessible accounts, and after a certain number of password guesses, the attackers location will be blacklisted.
Access to Data and Services
- Administrative Accounts
- If we are looking after your desktop computers, users normally have no administrative rights. If we do not look after your desktops, we usually only allow administrative access to a user's own computer. Since Forget About IT Ltd looks after the server, end users have no administrative access to the server.
- Group membership
- Access to data is controller by group membership, and only users authorised to access an area are members of the group used to control access.
- Access to Software
- If we are looking after your desktop computers, then we will uninstall all redundant software, and also limit what is installed.
Viruses and other Malware
- Servers
- The server regularly scans itself for viruses and alerts us to any concerns. Since the server itself is not allowed to open any files from unknown sources, it's exposure is limited. The server also prevents a known program from accessing areas on the server not explicitly authorised.
- Desktops
- If we are looking after your desktop computers, we will make sure there is an an anti-virus / anti-malware solution in place.
Updating
- Servers
- The servers install security patches automatically, and we will install all others at the next maintenance interval, which is usually the first "out of hours" period after the patch is released.
- Desktops
- If we are looking after your desktop computers, we will regularly check that the devices are up to date. Where possible, we will also make sure automatic updating is enabled.
