Network And Security
2y ago
28 Views
1 Downloads
655.33 KB
82 Pages
Report/dmca
Download PDF

Transcription

Network and SecurityEnterprise Provisioner and Staging Hub ServerUser Guide

DisclaimerHoneywell International Inc. (“HII”) reserves the right to make changes in specifications and other information contained inthis document without prior notice, and the reader should in all cases consult HII to determine whether any such changeshave been made. The information in this publication does not represent a commitment on the part of HII.HII shall not be liable for technical or editorial errors or omissions contained herein; nor for any damages, whether direct,special, incidental or consequential resulting from the furnishing, performance, or use of this material. HII disclaims allresponsibility for the selection and use of software and/or hardware to achieve intended results.To the extent permitted by applicable law, Honeywell disclaims all warranties whether written or oral, including any impliedwarranties of merchantability and fitness for a particular purpose.This document contains proprietary information that is protected by copyright. All rights are reserved. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of HII.Web Address: www.honeywellaidc.comTrademarksGoogle, Google Play and Android are trademarks of Google Inc.Microsoft is either a registered trademark or registered trademark of Microsoft Corporation in the United States and/orother countries.The Bluetooth trademarks are owned by Bluetooth SIG, Inc., U.S.A. and licensed to Honeywell.microSD and microSDHC are trademarks or registered trademarks of SD-3C, LLC in the United States and/or other countries.MITRE is a registered trademark of The MITRE Corporation.Cisco and Catalyst are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries.UNIX is a registered trademark of The Open Group.Wi-Fi and Miracast are registered trademarks of the Wi-Fi Alliance.OpenSSL is a registered trademark of The OpenSSL Software Foundation, Inc.Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companiesand are the property of their respective owners.For patent information, refer to www.hsmpats.com.Copyright 2014-2019 Honeywell International Inc. All rights reserved.

TABLE OF CONTENTSCustomer Support . ixTechnical Assistance . ixProduct Service and Repair . ixLimited Warranty . ixChapter 1 - Introduction . 1Intended Audience. 1Product Detail. 1Honeywell Service Limitations . 3How to Use this Guide . 4Chapter 2 - Security Checklist. 5Infection by Viruses and Other Malicious Software Agents. 5Mitigation Steps. 5Unauthorized External Access . 6Mitigation Steps. 6Unauthorized Internal Access . 7Mitigation Steps. 7Accidental System Change. 8Mitigation Steps. 8Protecting Enterprise Provisioner and Staging Hub Server System . 9Chapter 3 - Develop a Security Program. 11Form a Security Team . 11Identify Assets to be Secured . 12Identify and Evaluate Threats . 12Identify and Evaluate Vulnerabilities . 13Identify and Evaluate Privacy Issues. 13Create a Mitigation Plan. 13Enterprise Provisioner and Staging Hub Server Network and Security User Guideiii

Implement Change Management.14Plan Ongoing Maintenance .14Additional Security Resources .15Security Response Team.16Chapter 4 - Disaster Recovery Plan. 17Formulating a Disaster Recovery Policy.17Backup.17Availability of Spare Equipment.18Disaster Recovery Testing.18Physical and Environmental Considerations .18Physical Location.18Protecting Against Unauthorized System Access .19Network and Device Access .20Reliable Power.20Chapter 5 - Security Updates And Service Packs . 21Microsoft Security Updates.21Microsoft Service Packs .22Distributing Microsoft Updates and Virus Definition Files .22Chapter 6 - Virus Protection . 25Choosing Antivirus Software.25Installing Antivirus Software .25Ensuring Frequent Updates to Antivirus Signature Files .26Testing the Deployment of Antivirus Signature Files .26Configuring Active Antivirus Scanning .27Tuning Antivirus Scanning for System Performance.27Virus Scanning and System Performance .27Prohibiting Email and Messaging Clients .28Viruses and Email .28Instant Messaging .28Spyware.29ivEnterprise Provisioner and Staging Hub Server Network and Security User Guide

Chapter 7 - Network Planning and Security.31The Demilitarized Zone .31Configuring The DMZ Firewall .32Securing Network Equipment .32Domain Name Servers .32Mitigating Actions:.32Remote Access .33Port Scanning.33Third-Party Applications .34Remote Monitoring Applications.34Chapter 8 - System Monitoring.35Using Microsoft Baseline Security Analyzer .35Setting Up and Analyzing Windows Audit Logs.35Considerations .36To Enable Auditing: .36Auditing Enterprise Provisioner and Staging Hub Server Database Access.37Restricting Access to Event Logs .38Detecting Network Intrusion .38Setting Up An Event Response Team .40Chapter 9 - Windows Domains .41Domains.41Organization Units and Group Policy .41Windows Domains: Forests, Trees, and DNS.42Domain Membership .42Active Directory Forests and Trees .42Inter-Domain Trusts .43Limiting Inter-Domain Trust .43Chapter 10 - Securing Access to Windows OS .45Windows User Accounts and Passwords .45User Account Policies and Settings .45Enterprise Provisioner and Staging Hub Server Operator Accounts .45Enterprise Provisioner and Staging Hub Server Network and Security User Guidev

Non-Operator User Accounts.46New Accounts .46Administrator Accounts.46Service and Server Accounts .46Password Policies and Settings.47Password Settings .47Strong Passwords .48Account Lockout .48System Services .49Required Windows Services.49Services Required by Antivirus Programs .49File System and Registry Protection .50Managing File System ACLs.50Managing Registry ACLs .51Managing File Shares .51SNMP Configuration .52Remote Access Configuration.52Chapter 11 - Windows Security Features. 53Hardening the Operating System to Local Threats .53Securing the Desktop .53Restricting Anonymous Logon .54Disabling Unused Subsystems.54Using NTLM Version 2 .54Hardening the TCP/IP Stack.55Disabling the Use of Removable Storage .55Disabling Auto Run Functionality .55Removing Access to Task Manager and Windows Explorer.56Preventing Operators From Shutting Down the Server Computer .56Chapter 12 - Security Features . 59User Roles .59Administrators/Installers.59Enterprise Provisioner and Staging Hub Server Administrator .60Enterprise Provisioner and Staging Hub Server Device Managers .60Security Settings for Staging Hub Server.60viEnterprise Provisioner and Staging Hub Server Network and Security User Guide

Chapter 13 - Secure Wireless Devices .63Security for Wireless LAN Networks .63WLAN and AP Security .63Secure Wireless AP Configuration .63Secure Device Configuration .64Chapter 14 - Network Ports Summary .65Network Port Table .65Firewall Configuration .66Appendix A - Glossary.67General Terms and Abbreviations .67Enterprise Provisioner and Staging Hub Server Network and Security User Guidevii

viiiEnterprise Provisioner and Staging Hub Server Network and Security User Guide

Customer SupportTechnical AssistanceTo search our knowledge base for a solution or to log in to the Technical Supportportal and report a problem, go to www.hsmcontactsupport.com.Product Service and RepairHoneywell International Inc. provides service for all of its products through servicecenters throughout the world. To find your service center, go towww.honeywellaidc.com and select Support. Contact your service enter to obtain aReturn Material Authorization number (RMA #) before you return the product.To obtain warranty or non-warranty service, return your product to Honeywell(postage paid) with a copy of the dated purchase record.Limited WarrantyFor warranty information, go to www.honeywellaidc.com and click Get Resources Product Warranty.Enterprise Provisioner and Staging Hub Server Network and Security User Guideix

xEnterprise Provisioner and Staging Hub Server Network and Security User Guide

CHAPTER1INTRODUCTIONThis document defines the security process implemented by Honeywell for usingthe Enterprise Provisioner and Staging Hub Server.Intended AudienceThe target audience for this guide is the customer organization that identifies andmanages the risks associated with the use of information processing equipment.This includes, but is not limited to, Information Technology (IT) personnel responsible for planning the configuration and maintenance of the network infrastructurewhere the Enterprise Provisioner and Staging Hub Server sy

2 Enterprise Provisioner and Staging Hub Server Network and Security User Guide Enterprise Provisioner can be used alone or as a component of Staging Hub Server. It creates configuration bar codes that are printed, stored in a file, or displayed on the main screen. A Mob

Related Books

CompTIA Security Guide to Network Security Fundamentals .

CompTIA Security Guide to Network Security Fundamentals .

Network Routing and Network Protocols

Network Routing and Network Protocols

System and Network Security Acronyms and Abbreviations

System and Network Security Acronyms and Abbreviations

Simplify Your Network Infrastructure with Network .

Simplify Your Network Infrastructure with Network .

CSE543 - Introduction to Computer and Network Security .

CSE543 - Introduction to Computer and Network Security .

Cryptography and Network Security: Overview

Cryptography and Network Security: Overview

Sample Computer Network Security Policy - TXWES

Sample Computer Network Security Policy - TXWES

Audit of NRC’s Network Security Operations Center

Audit of NRC’s Network Security Operations Center

Wireshark Network Security - Cyberthai

Wireshark Network Security - Cyberthai

Definition of security levels in . - Forensic Network

Definition of security levels in . - Forensic Network

Thanks for reading! - CompTIA A , Network , Security

Thanks for reading! - CompTIA A , Network , Security

Wireless Network & Security

Wireless Network & Security

PopularTags

Recent Views