The following are some tips to build a secure
Plan for network security: address all security
requirements and issues in selecting network
and server and deployment including the management
policy, technical training and outsourcing
requirements and address security.
Design physical and environmental security:
e.g. put critical assets such as network communication
lines, servers, switches, firewalls and file
servers in server room or a secured area.
Use private IP addressing scheme for internal
networks: to prevent internal network from
access by external network.
Design network security model by zoning
i.e. segregation of network according to security
requirements, e.g. the office network is totally
isolated from the Internet, or the company
servers and computers are located behind the
firewall, or set up a demilitarised zone (DMZ)
network. Unsecured or unmanaged systems should
not be allowed to make connection to internal
Configure firewalls and network routers:
harden the firewall and router by limiting
the administrative access to specified locations,
closing unnecessary network services for incoming
and outgoing traffic or using encrypted communication
channel for administration.
Configure servers: e.g. secure the server
operating system by uninstalling unnecessary
services and software, patch the system timely
and disable unused accounts.
Secure the application: by means of installing
security patch, hardening the configuration
of the applications or running the application
with a least privilege account.
Filter virus and malicious code: anti-virus
software with up-to-date signature should
be installed in desktop and network servers
to prevent the spread of virus / worm.
Manage accounts and access privileges: e.g.
access rights should be granted on an as-needed
basis and should be reviewed regularly.
Log security events and review regularly:
Logging and auditing functions should be provided
to record network connection, especially for
unauthorised access attempt. The log should
be reviewed regularly.
Develop a standard building of secure desktop:
design a secured workstation configuration
as the standard build of the company and make
image backup of the build and replicate to
the company desktops.
Develop backup and recovery strategies.
Develop security management procedure: e.g.
security log monitoring procedure, change
management procedure or patch management procedure.
Maintain good documentation of configuration
Train the staff: training should be given
to network/security administrator and supporting
staff as well as users to ensure that they
follow the security best practice and follow