TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 38
effective, a security policy needs to include multiple other areas of security such as
proper door locks on IT equipment rooms (physical) or using a Kensington lock on
all laptops (procedural).
• Although not infrastructure related, proper authentication policies should be in place
to ensure access to network resources can be properly controlled and logged. This
should include a requirement for each user to have a unique login account. For
access to high-risk or confidential information, a two-factor authentication policy
should be in effect, or at a minimum, enforcing strong passwords should be
required. The password policy should also include changing default passwords on
all devices to the appropriate level of complexity.
8.2 Identify any existing policies
Assuming the current IT management understands the intended purpose of the
installation of the TMS zl Module into the network, the next step is to identify and review
any existing IT and security policies. Reviewing these policies will allow you to
determine the current security posture of the organization and whether the proper areas
have been addressed to allow a set of technical security rules to be developed based on
the business rules expressed in those policies. Existing policies should allow you to gain
an understanding of any security related expectations the company has communicated to
IT staff and end-users on the appropriate and inappropriate use of the information assets
and IT resources.
Some examples of IT policies would be: data classification, computer use policy, Internet
use policy, data encryption policy, guest network access policy, remote access policy
(Terminal Server, VPN, PDA, Webmail, etc.), physical security policy, etc.
Discussions with IT staff may be required to fully understand these policies. Additional
discussions may be necessary with individuals outside of the IT department as security
and IT policies have an impact company-wide and may require involving managers from
other functional departments. The goal of these discussions should be to identify specific
risks to the organization if different types of specific data are accessed or viewed by
various groups of individuals – both within and outside the network boundaries.
8.3 Identifying Information Assets To Be Protected
Company data needs to be grouped into categories requiring different levels of
protection. The first step to accomplish this will involve discussions with both company
management and IT staff to identify the business information assets that are supported by
the IT infrastructure. Then discussions with knowledgable IT staff will be required to
determine which servers host these specific organizational information assets and where
they are physically and logically located. The Information Assets tab of the sample
“Company Information Assets” spreadsheet in Appendix B can be used as a template of
the type of information that will be required for this step.
Although there are many terms to identify levels of data sensitivity, the following
example “data classifications” will be used for this discussion: