https://community.cisco.com/t5/network-security/security-question/m-p/4411967#M1081233 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1177673">@gurwinkle</a>&nbsp;</P> <P>You should add NGFW, Network Segmentation (TrustSec), Two-Factor Authentication, Remote Access VPN</P> <P>&nbsp;</P> <P>Realistically you are unlikely to be deploying - Zoned based firewall or CBAC</P> Wed, 02 Jun 2021 13:09:07 GMT Rob Ingram 2021-06-02T13:09:07Z https://community.cisco.com/t5/network-security/security-question/m-p/4411954#M1081232 <P>We are in the process of installing security in our organization.</P><P>&nbsp;</P><P>I have made some of the priorities. Could you please confirm if I am missing something on security side.</P><P>&nbsp;</P><P>Physical Security</P><P>CCTV</P><P>Web Security</P><P>https</P><P>Patches for all</P><P>Layer 3 Protection</P><P>VPN IPSEC<BR />Zoned based firewall or CBAC<BR />Routing Protocol Authentication<BR />ACL<BR />Certificates<BR />Spam Filter<BR />AAA with radius or tacacs<BR />PC Firewall<BR />DNS Security<BR />ESA<BR />WSA<BR />AMP<BR />ip source guard<BR />key chain encryption between protocols</P><P>Firewall divided into zones protecting the servers</P><P>Antivirus<BR />Account policies on AD,<BR />Certificates,<BR />NAT<BR />Access Rules<BR />Access lists<BR />Group Policies</P><P>VWWare inbuild IPS</P><P>Layer 2 Protection</P><P>Switches protecting workstations</P><P>DHCP Snooping<BR />Root Guard<BR />ARP Inspection<BR />VLANs<BR />Disable CDP<BR />dot1x802</P><P>Wireless Security</P><P>WLAN<BR />Encryption</P><P><BR />Monthly inspection of vulnerability assessment and penetration testing<BR />or cybersecurity services company to monitor vulnerabilities</P> Wed, 02 Jun 2021 12:58:48 GMT https://community.cisco.com/t5/network-security/security-question/m-p/4411954#M1081232 gurwinkle 2021-06-02T12:58:48Z https://community.cisco.com/t5/network-security/security-question/m-p/4411967#M1081233 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1177673">@gurwinkle</a>&nbsp;</P> <P>You should add NGFW, Network Segmentation (TrustSec), Two-Factor Authentication, Remote Access VPN</P> <P>&nbsp;</P> <P>Realistically you are unlikely to be deploying - Zoned based firewall or CBAC</P> Wed, 02 Jun 2021 13:09:07 GMT https://community.cisco.com/t5/network-security/security-question/m-p/4411967#M1081233 Rob Ingram 2021-06-02T13:09:07Z