Contact:[email protected]
(1) Identify what we are trying to protect. (2) Determine what we are trying to protect it from. (3) Determine how likely the threats are. (4) Implement measures which will protect our assets in a cost-effective manner. (5) Review the process continuously and make improvements each time a weakness is found. We need to get to a point where we know what is secure and what isn't. Automated scans that send reports. Well documented access procedures (what ports are open) We need to identify the high risk areas and move towards making them more secure and closely monitored Currently no monitoring is happening. At least not IDS type monitoring. IDS will allow us to discover patterns and modify firewall configs based on attacks. High Risk's Database LDAP Medium Risk's DNS We Back to the Index