Daily Security Checklist
In today's connected world, hacking is a 24/7 business. Whether approaching it as a job or a hobby, hackers don't punch a clock. Maybe your company doesn't have the budget for 24/7 security managers, but that doesn't mean you should just give up on security.
If your security staff is on a 9-to-5 schedule, your network can still remain secure in the 16 hours in-between. You just need to focus activities to provide maximum coverage for the network. Develop a methodical, comprehensive task list that provides the most efficient means of securing your network. To jump-start your planning, here's a sample list of basic tasks you should be sure to check off every day.
MORNING
After arriving at work, get some coffee, check your email, and do the following:
Verify the current connections
Inspect all the connections going through your firewall — both in and out. Look for anomalies and investigate them this could include outbound FTP or inbound Telnet/SSH sessions.
Look at network traffic statistics
How much activity took place while you weren't there? What type of traffic was it? What was the destination and source? Use Network monitoring to achieve this.
Look at your antivirus logs
Did a virus hit your email system last night? Are the antivirus signatures up to date?
Check antivirus server logs, update logs, etc.
Read the security logs on your domain servers
Did the system lock out any accounts last night? Pay special attention to any accounts with
Administrator access. Verify that lockouts were human error — and not part of a breach attempt.
Check for new security patches
Determine whether any of your vendors released patches for any software in your baseline. (If you don't have a baseline, I highly recommend developing one.) If a new patch is available, read the release notes thoroughly. Then, make a decision or recommendation whether to implement it now or wait for scheduled system downtime. Test the new patch roll on test environment, rather than implementing directly to production.
AFTERNOON
When you arrive back from lunch, there's still a lot left to do:
Meet & Brief
Managers like to know what's going on, so don't wait for them to ask — tell them. Meet and brief on anything that occurred during the evening and the actions you've taken so far. This is also a good time to pitch new ideas, such as tools that could help you defend the network or staff training.
Check more logs
Take an in-depth look at IDS, firewall, and Wireless devices logs .Who on the Internet is knocking on your door? What are they looking for? Who on the inside of your network is doing something they shouldn't be? If you find unauthorized and/or illegal activity, report it immediately and take action to stop it.
Turn knowledge into action
Now that you know what went on while you weren't there, develop an action plan to prevent the behavior in the future. Do you need to adjust your firewall rules? Is your IDS catching and reporting the proper events? Do you need to archive logs to save space on your servers? Do you need to give a final briefing on any actions that occurred during the last 24 hours?
Final thoughts
A lot of companies don't run 24/7 security operations, and sometimes you might be the only person providing security for a network. It's easy to get caught up in events and miss important items on your security checklist, but you'll never know what you're missing if you don't create a list in the first place. Network security shouldn't be reactionary — don't wait for events to drive you into action.
The above list isn't complete, but it's a starting point. Create your own security to-do list that's specific to your organization's needs, and keep your security on track.