>The company I work for had no security at all when I started here.
I've>made a number of improvements, but I'm trying to come up with a defense in >depth security plan, and I thought I'd run it past you guys to see if I've >missed anything. In no particular order, they are as follows: >1) MAC address filtering on Switches & Routers I'd add: Using those numeric generating cards that match numbers, for remote user connections. If you do allow incoming modem calls (sales people in hotels etc.) refuse incoming calls from a number after three failed passwords. A trick logon question "What color is Mr. Bob''s shirt?" the answer could be anything (your logon, the boss's dog's name, etc.), but the hacker wouldn't know it. A well defined backup schedule with off site storage. Complete documentation of all details of the defense plan, in a secure location. If your network has printers with ip addressing, that save to floppy, export files etc. make sure all ports are password protected. Monitor the internal network for port scanners etc. (some employees hack from inside). Automated virus definitions updating for all machines. James Zuchelli SQA Engineer
