Policies & SOPs: The NetYeti Way

The Instructor's Perspective

In the Army, we had a “Standard Operating Procedure” (SOP) for everything. In our labs, we’re all about being efficient. A policy is a high-level goal, but an SOP is how you actually achieve it. If you don’t have a reliable SOP, you’re just a “manageable mess” waiting to happen.

Core Policies

1. Least Privilege: Only grant the minimum level of access required.
2. Password Discipline: Use a password manager (Vaultwarden) over “memorable” passwords.
3. Data Security: Data at rest should be encrypted.
4. Consistency: Never reuse passwords.
5. Simplicity: Keep it simple. A simple system is easier to monitor and maintain.

Policy Reliability (The PACE Plan)

Continuity of Operations (COOP)

P (Primary): Digital documentation in this Obsidian Vault. A (Alternate): Printed SOPs in a “Battle Book” for when the network is down. C (Contingency): Offsite/Cloud backup of critical policies. E (Emergency): Knowledge in the head of a “trusted agent” (aka you).

Standard Operating Procedure (SOP) Best Practices

1. Regular Review: Policies and SOPs should be reviewed and updated regularly.
2. Accessible: Ensure that all stakeholders have access to the policies and SOPs they need.
3. Actionable: SOPs should be clear, concise, and easy to follow.

Check for Understanding

• Why is it important to have an SOP (Standard Operating Procedure) for critical tasks?
• How does the “Least Privilege” policy help in maintaining a secure network?

Related: The Stack, Firewall, AAR