3.1.12. Put all publicly accessible services on secured demilitarized zone

3.1. Preparation

3.1.1. Make users aware of malicious code issues.

3.1.10. Configure the network perimeter to deny all incoming traffic

3.1.11. Secure all remote access methods, including modems and virtual

3.1.13. Disable all unneeded services on hosts and separate critical

3.1.14. Use host-based/personal firewall software to limit individual hosts’ exposure

3.1.15. Create and implement a password policy.

3.1.2. Read antivirus bulletins.

3.1.3. Deploy host-based intrusion detection and prevention systems, including file

3.1.4. Use antivirus software, and keep it updated with the

3.1.5. Configure software to block suspicious files.

3.1.6. Eliminate open Windows shares.

3.1.7. Configure intrusion detection software to alert on attempts to

3.1.8. Configure all hosts to use centralized logging.

3.1.9. Establish procedures for having all users change their passwords.

By Efrain Ortiz

3.1.12. Put all publicly accessible services on secured demilitarized zone (DMZ) network segments.

This action permits the organization to allow external hosts to initiate connections to hosts on the DMZ segments only, not to hosts on internal network segments. This should reduce the number of unauthorized access incidents.