Friday , May 9 2025

Security Best Practices by BGD e-GOV CIRT

Password Policy best practices

  • Create a strong, complex and long password.
  • Use multi-factor authentication for login where possible.
  • Avoid save password in browser.

Generic best practices

  • Do not install additional software or server roles on DCs
  • Implement patch management.
  • Use secure DNS services to block malicious domains
  • Ensure business continuity plan (BCP).
  • Use security baselines and benchmarks.
  • Inform and educate users about cyber threats and attacks.
  • Avoid illegal/crack software and use genuine/free/open-source software.
  • Perform vulnerability assessment and penetration testing regularly.
  • Perform IT audit and risk assessment regularly.
  • Ensure physical security in IT infrastructure.
  • Deploy web application firewalls to protect web applications from a variety of application layer attacks.
  • Use Anti-virus and anti-malware software.
  • Actively monitor IT infrastructure for any kind of malicious activities.

Backup best practices

  • Keep regular verified and labeled backup following 3-2-1 backup rule.
  • Encrypt Backup Data.
  • Perform regular tests by restoring backup periodically.

Active Directory best practices

  • Limit the use of Domain Admins and other Privileged Groups.
  • Secure the domain administrator account.
  • Disable the local administrator account (on all computers)
  • Limit local administrative access for all domain users in end devices.
  • Enable audit policy settings with group policy to monitor malicious activities.
  • Monitor Active Directory events to detect compromise and abnormal behavior.
  • Find and remove unused user and computer accounts.

Email Server best practices

  • Keep email servers up to date.
  • Limit administrative access to internal users.
  • Deploy multi-factor authentication for users.
  • Harden the OS hosting email server.
  • Harden the email application.
  • Monitor email servers to detect abnormal activities.
  • Deploy host-based firewalls.
  • Use SSL certificates when dealing with external services.
  • Configure email server to protect your domain against spoofing, spam, email forgery and other attacks.

Network & Security Devices Best Practices

  • Place your network and security devices in proper order based on your environment.
  • Keep network and security devices OS and relevant security patch up to date.
  • Use certificate based SSH authentication.
  • Restrict administrative port from untrusted network.
  • Ensure Network and security devices hardening for secure access control complying AAA.
  • Make sure security devices policy is complying with organization strategy.
  • Network and security devices session and system log need to be preserved in separate repository.
  • Ensure Periodic backup of configuration and security policy.

Check Also

NVDP

BCSI officially announce National Vulnerability Disclosure Program (NVDP)

Bangladesh Cyber Security Intelligence (BCSI) officially launch the National Vulnerability Disclosure Program (NVDP) to enhance …

Leave a Reply

Your email address will not be published. Required fields are marked *