Security recommendations for infrastructure
- DISTRIBUTE THE NETWORK INTO SMALLER UNITS (SEGMENTATION) AND STRICTLY SEPARATE USER RIGHTS ACROSS USERS (SEGREGATION)
By doing so, you will separate sensitive information and critical services like user authentication (for example, Microsoft Active Directory). At the same time, you will create zones with different levels of security restrictions of currently saved files or configuration changes.
- CHECK RECEIVED E-MAILS
You can do it using mechanisms like Sender ID, SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication). It would be best if you also blocked forged messages. Set up these mechanisms also for possible checking of outgoing messages by the other party.
- USE ENCRYPTED COMMUNICATION BETWEEN MAIL SERVERS (TLS)
You will ensure the confidentiality of e-mail communication. Check content only after the e-mail traffic is decrypted.
- VALIDATE CERTIFICATES USED
Make sure to do this, especially for SSH authentication, web servers, remote desktops, etc., and where possible, use encrypted communication.
- CREATE A DISASTER RECOVERY PLAN (DRP)
At the same time, have correct and working e-mail addresses and phone numbers ready for other administrators, supervisors, and CSIRT-MU Team.
The advice listed is based on recommendations issued by The National Cyber and Information Security Agency.