ITPROSEC Network Security Operation Tasks List

ITPROSEC Network Security Operation Tasks List

This post is an example to list all related Network Security Operation Tasks. It will give the team a basic idea what need to be done by yearly, monthly, bi-weekly, weekly and daily.

Contents

ISO32 DC1. 1

Network Security Operation Tasks. 1

Updated Jan 2nd, 2018. 1

1.      Yearly Tasks. 5

a.      ITPROSEC Switches Health Check. 5

b.      ITPROSEC Routers Health Check. 5

d.      Review Sites Documentation. 5

e.      Update NetMRIs, STRM, IDP, PRTG to vendor or IPSM suggested version. 5

f.       Update WLCs , NetEQ, F5s to vendor or IPSM suggested version. 5

g.      Update Juniper SRX Firewalls, Juniper Space, Checkpoint Firewalls and Checkpoint Mgmt Server to vendor or IPSM suggested version. 5

h.      Review Security Management Documentation including IT Standard and Infrastructure Design. 6

2.      Quarterly Tasks. 7

a.      Review Sites Network Diagram.. 7

b.      Review the access to Each Site’s ACS and Core Switches. 7

3.      Monthly Tasks. 8

a.      Firewall Health Check. 8

b.      Production Firewall Policies Export to local 9

c.      Checkpoint Firewall Policies Export or Screenshots. 9

d.      Firewall Log Check. 9

e.      Firewall Policy Check. 10

f.       Provide Juniper and Checkpoint Firewall Policy or Screenshots to Local Security and Local IT. 11

g.      Firewall Integrity Check. 11

h.      Qualys Scanning Report Check. 12

i.       Monthly Time Card Report send to Managers. 13

j.       Review Firewall Local Accounts. 13

k.      Archive STRM Logs to Remote Sftp server if needed. 15

l.       Check Global IBM Qradar SIEM Sytem Status. 15

m.         Firewall Vendor Support Contract and License Check. 15

n.      ITPROSEC Local Security Firewall (Fortigate) Maintenance for Markham, Vogell and Montreal 16

o.      ITPROSEC Local WLC status Check. 16

p.      ITPROSEC Guest WiFi Status Check (Fortigate). 16

q.      ITPROSEC Local HelpDesk / Video Conference Line Status Check (Check Point 1100). 16

4.      Weekly Tasks. 17

a.      Checkpoint Mgmt Server Backup to Remote Backup Server. 17

b.      Review access to NPS Servers, Red Zone TS , Green Zone TS. 17

5.      Daily Tasks. 18

a.      Review Alert Emails from IPSM… 18

b.      Review NetMRI Logs. 18

c.      Review STRM Reports. 19

d.      Check and Work on Maximo Tickets and Firewall Changes. 19

e.      Fill in SAP Time Cards Info. 20

f.       Check Toronto UAC Status and Log into RDP server 10.94.200.168 with two factor authentication. 20

g.      Check IPSM UAC Status and Log into RDP Server 10.4.19.10 (Green Server), 10.4.7.160 (Red Server)  21

h.      Check Del1 UAC status and log into RDP server 10.109.20.40 to review Production firewall policies. 21

i.       Administering and Monitoring for WAN Connectivity. 21

j.       Customer Changes (Projects based for American Area). 21

6.      Maintenance Tasks. 22

a.      Space IDP Database Download. 22

b.      Check Following Mgmt Devices and Services Status. 22

c.      Juniper Firewall Security Database Update for all sites. 22

d.      Checkpoint IDP Update. 22

e.      Show system storage on all Juniper firewalls. 23

f.       Verify Configuration Backup status on Checkpoint Management Server. 23

g.      Check STRM Report and NetMRI Report. 23

7.      Special Tasks. 23

a.      After Hours on Call Support for American Area. 23

b.      Urgent Production Changes. 23

c.      Auditing. 23

1.   Yearly Tasks

a.     ITPROSEC Switches Health Check

Based on 3.6.5 ITPROSEC IT Policies and Standards V3.8.doc at Z:\Documnets\ITPROSEC-Secure Segment Manual\3 Network Security

b.     ITPROSEC Routers Health Check

  1. Based on 3.6.5 ITPROSEC IT Policies and Standards V3.8.doc at Z:\Documnets\ITPROSEC-Secure Segment Manual\3 Network Security

d.     Review Sites Documentation

Located at Z:\Documnets for ITPROSEC, IPSAI, IPSADS, IPSMEX and ITPROSEC – Secure Segment Manual

e.     Update NetMRIs, STRM, IDP, PRTG to vendor or IPSM suggested version

If there is no urgent update notice from other sources, those security related devices will be updated based on issues.

f.       Update WLCs , NetEQ, F5s to vendor or IPSM suggested version

If there is no urgent update notice from other sources, those security related devices will be updated based on issues.

g.     Update Juniper SRX Firewalls, Juniper Space, Checkpoint Firewalls and Checkpoint Mgmt Server to vendor or IPSM suggested version

If there is no urgent update notice from other sources, those security related devices will be updated yearly.

h.     Review Security Management Documentation including IT Standard and Infrastructure Design

Located at Z:\Documnets\ITPROSEC-Secure Segment Manual\

2.   Quarterly Tasks

a.     Review Sites Network Diagram

Located in each site share folder at Z:\Documnets for ITPROSEC, IPSAI, IPSADS, IPSMEX

b.     Review the access to Each Site’s ACS and Core Switches

Confirm access is provided based on request base and needed base.

3.   Monthly Tasks

a.     Firewall Health Check

For all those firewall status, if there is any unusual, further action will be taken , such as

  • Notify local IT
  • Contact Vendor Support
  • Report Local Security if there is any breach or accident

b.     Production Firewall Policies Export to local

Located in folder Z:\Documnets\Secure Segment Manual\3 Network Security\Policy Documentation

c.      Checkpoint Firewall Policies Export or Screenshots

Located in folder Z:\Documnets\Secure Segment Manual\3 Network Security\Policy Documentation

d.     Firewall Log Check

e.     Firewall Policy Check

f.       Provide Juniper and Checkpoint Firewall Policy or Screenshots to Local Security and Local IT

g.     Firewall Integrity Check

h.     Qualys Scanning Report Check

i.       Monthly Time Card Report send to Managers

j.       Review Firewall Local Accounts

k.     Archive STRM Logs to Remote Sftp server if needed

Detail documentation for archving steps is in the folder:

Z:\Documnets\ITPROSEC-Secure Segment Manual\3 Network Security\STRM

l.        Check Global IBM Qradar SIEM Sytem Status

m.   Firewall Vendor Support Contract and License Check

n.     ITPROSEC Local Security Firewall (Fortigate) Maintenance for Markham, Vogell and Montreal

o.     ITPROSEC Local WLC status Check

p.     ITPROSEC Guest WiFi Status Check (Fortigate)

q.     ITPROSEC Local HelpDesk / Video Conference Line Status Check (Check Point 1100)


4.   Weekly Tasks

a.     Checkpoint Mgmt Server Backup to Remote Backup Server.

It automatically backed up to our backup server 10.94.19.242.

b.     Review access to NPS Servers, Red Zone TS , Green Zone TS

5.   Daily Tasks

a.     Review Alert Emails from IPSM

Actions:

If there is Critical Alarms, notification of those alarms will be sent to management.

b.     Review NetMRI Logs

c.      Review STRM Reports

d.     Check and Work on Maximo Tickets and Firewall Changes

e.     Fill in SAP Time Cards Info

f.       Check Toronto UAC Status and Log into RDP server 10.94.200.168 with two factor authentication

g.     Check IPSM UAC Status and Log into RDP Server 10.4.19.10 (Green Server), 10.4.7.160 (Red Server)

h.     Check Del1 UAC status and log into RDP server 10.109.20.40 to review Production firewall policies

i.       Administering and Monitoring for WAN Connectivity

  1. DC1 Commercial to Montreal
  2. DC1 Commercial to IPSM
  3. DC1 Production WAN to Montreal
  4. ISP BGP Connections
  5. ITPROSEC ISP Service Availability
  6. ITPROSEC ISP Connections Performance
  7. ITPROSEC WiFi – Guest WiFi and Commercial WiFi

j.       Customer Changes (Projects based for American Area)

  1. DRP
  2. Dedicated Site to Site Connection
  3. B2B Connections
  4. VPN Connection

6.   Maintenance Tasks

a.     Space IDP Database Download

b.     Check Following Mgmt Devices and Services Status

  1. Space – 10.94.200.19 amd 10.94.200.18 (Log)
    1. Checkpoint Mgmt Server – 10.94.200.37
    1. STRM – 10.94.200.23
    1. NetMRI – 10.94.200.40
    1. UAC – 10.94.200.146
    1. RDP Server 10.94.200.168, 10.94.200.188, 10.94.200.189
    1. SSH Server 10.94.200.14 , 10.94.200.28
    1. PRTG – 10.94.200.13 and 172.17.3.83, 10.99.136.66
    1. IDP and Port Aggregator Devices
    1. Production WAN Routers / ASAs
    1. Markham, Vogell and Montreal ACS5000 and Triplite Devices
    1. Mgmt Switches and Core Switches Status
    1. Radius Servers
    1. Solarwinds Syslog Servers
    1. NPS Server

c.      Juniper Firewall Security Database Update for all sites

  1. ITPROSEC Markham Prod FW and Pin FW
    1. ITPROSEC Montreal Prod FW and Pin FW
    1. ITPROSEC UAC FW
    1. IPSAI- Twinsburg
    1. IPSMEX
    1. IPSADS – GRU1

d.     Checkpoint IDP Update

  1. ITPROSEC DC1 RAS  Firewalls
    1. ITPROSEC MON1RAS Firewalls
    1. IPSAI TWN1 RAS Firewalls
    1. IPSMEX MEX1 RAS Firewalls
    1. IPSADS GRU1 RAS Firewalls

e.     Show system storage on all Juniper firewalls

f.       Verify Configuration Backup status on Checkpoint Management Server

g.     Check STRM Report and NetMRI Report

7.   Special Tasks

a.      After Hours on Call Support for American Area

b.     Urgent Production Changes

c.      Auditing

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.