9

9/13/23, 9:13 PM TestOut LabSim https://labsimapp.testout.com/v6_0_571/index.html/productviewer/1187/4.1.3/1d7cf7cd-8090-4aa3-878d-466252820141 1/3 4.1.3 Manageable Network Plan Facts This lesson covers Manageable Network Plan. Manageable Network Plan The Manageable Network Plan is a process created by the National Security Agency (NSA) to assist in making a network manageable, defensible, and secure. The process identi±es a series of milestones for creating a manageable network plan, o²ers suggestions, gives crucial security tips, and provides references. The milestones to develop a Manageable Network Plan are: No. Milestone Description 1 Prepare to Document Prepare to Document means establishing the process you will use to document your network. A useful document: Is easy to use Includes enough detail Documents the important things Uses timestamps Is protected with restricted access and possibly encryption Has a printed hard copy kept in a secure location 2 Map Your Network Map Your Network ensures that you are aware of all the components of the network and that you know where the physical devices are. The steps are: Create a map of the network topology. Create a list of all devices. Don't forget to include wireless devices. Use a network scanner and then con±rm manually with a room-by-room walkthrough. Identify who is responsible for each device and detail other information, such as IP address, service tag, and physical location. Consider using a database ±le to store the information. Create a list of all protocols being used on the network by using a network analyzer. Consider removing unauthorized devices and protocols from your network. 3 Protect Your Network (Network Architecture) Protect Your Network (Network Architecture) identi±es the following steps to protect your network: Identify and document each user on the network and the information the user has access to Identify the high-value network assets

9/13/23, 9:13 PM TestOut LabSim https://labsimapp.testout.com/v6_0_571/index.html/productviewer/1187/4.1.3/1d7cf7cd-8090-4aa3-878d-466252820141 2/3 Document the trust boundaries Identify the choke points on the network Segregate and isolate networks Isolate server functions Physically secure high-value systems 4 Reach Your Network (Device Accessibility) Reach Your Network (Device Accessibility) helps to ensure that all of the devices on your network can be easily accessed while still maintaining the device's security. Accessibility includes physical access as well as remote access. Important considerations include: Do not use insecure protocols Use Windows Group Policies to administer Windows systems Make sure that remote access connections are secure Automate administration as much as possible 5 Control Your Network (User Access) Control Your Network (User Access) ensures network security but restricts user access. It accomplishes the following: Limits a user to the least privilege required for the user's job Limits local admins to an absolute minimum Uses regular user accounts for day-to-day work Uses role-based access controls Doesn't let users install software Sets account expiration dates Disables or removes accounts when a user leaves the organization 6 Manage Your Network Part I (Patch Management) Manage Your Network Part I (Patch Management) establishes an update- management process for all software on your network. Patch all systems on a regular schedule Apply critical patches whenever they are released Include mobile devices that connect to the network infrequently Automate the patching process Consider using Windows Server Update Services (WSUS) 7 Manage Your Network Part II (Baseline Management) Manage Your Network Part II (Baseline Management) provides rules for establishing a baseline for all systems. Create an approved application list for each class of device on the network Establish the criteria and process for getting an application on the approved list Verify apps before adding them to the allowed list Create device baselines Secure web browsers