In order to secure the information that flows across internal networks and to/from the Internet, colleges and universities need to effectively manage their physical and logical network infrastructure. The protection of networked information assets requires policies, standards, and a sound network control strategy. If you are just getting started in this area of your security program, then the following steps can be very helpful to get underway: Develop policies and standards that support the: Establishment of clear authority and accountability for network management. Risk based segregation of groups of systems, users, and information systems Authority to control, actively monitor, and log traffic traversing designated ingress and egress points.
Identify threats related to the communications environment. (see HEISC Risk Management Framework) Evaluate threat scenarios and methods of network attack (reconnaissance, exploitation, data exfiltration)
Identify the most critical systems, data, or equipment within the network. (see Asset Management) Use routing and firewalls to define the network perimeter. Use a border firewall and/or Intrusion Detection/Prevention devices to limit entry/exit of network traffic. Define the “demilitarized zone” of the network where the public can access limited network resources, as well as public access points to the network such as open access ports and public WiFi. Define restricted portions of the network for use by authorized staff and facility personnel; use identity and access management controls for users and systems on the network. Define highly restricted portions of the network such as within data centers, communications facilities, or other highly restricted areas. Establish information transfer policies and encryption standards that address varied needs for confidentiality, integrity, and non-repudiation of internal and external data exchanges.
| 