Agenda

1
Agenda
2
Our client...

• Antwerp-based, worldwide branch offices.
• Mid-size IT environment
• Roughly 50 servers
• Approximately 250 workstations
• High business dependency on databases e-mail
  traffic (high availability requirements).
• Primary request regulate permissions and
  security for the entire IT environment.

3
IT situation

• Very good WAN security setup, however...
• No endpoint security
• No intrusion detection systems / network auditing
• No password policies!
• No permission regulation (fileservers IT
  department)

• Xylos provided an answer to these issues...

4
Security Framework (1)

• Xylos offered a complete framework to encompass
  all security-related aspects.
• A detailed set of policies and guidelines to
• Prevent (un)intentional loss of information,
• Detect unauthorized access,
• Recover lost or corrupt information.

5
Security Framework (2)

• Examples of contents of the framework
• Regulation for user and IT operator permissions,
• External storage guidelines (USB stick/HD),
• IT equipment lost and theft guidelines,
• Backup retention and storage policies,
• Password policy,
• Security configuration for servers
  workstations,
• Network monitoring auditing.

6
Implementation (1)

• Security groups in Active Directory
• Introduce the company organigram into the IT
  infrastructure (creation of OUs).
• Permissions can be assigned based on
  organizational unitsusing Group Policies.
• Creation of IT operator roles
• No more unlimited access for IT personnel.
• Only Sr. IT management has Domain Administrator
  privileges.

7
Implementation (2)

• Encryption of data on laptops
• Encrypted partitions using 256 bit encryption
  keys.
• Certainty that stolen/lost equipment does not
  automatically lead to stolen/lost information.
• Server security configuration
• Service pack / patch status,
• Testing for common security misconfigurations,
• Testing against international security standards
  (NSA, NIST).

8
Implementation (3)

• Network security consultancy
• Installation of network auditing tools (MSBA),
• Event log collection and analysis tools,
• Installation of IDS solutions,
• Automatic workstation and server patch management
  systems (WSUS third party)

9
Conclusion

• From a security point of view...

• The network security looked good.
• Xylos identified several securityissues in the
  IT environmentand proposed solutions to fix
  them.