A solution for comprehensive network security



Similar documents
The Truth about False Positives

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Intrusion Detection Systems (IDS)

Intro to Firewalls. Summary

PROFESSIONAL SECURITY SYSTEMS

NetDefend Firewall UTM Services

NetDefend Firewall UTM Services

A Prevention & Notification System By Using Firewall. Log Data. Pilan Lin

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Module II. Internet Security. Chapter 7. Intrusion Detection. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

8. Firewall Design & Implementation

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

CTS2134 Introduction to Networking. Module Network Security

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Check Point FireWall-1 HTTP Security Server performance tuning

Name. Description. Rationale

Taxonomy of Intrusion Detection System

Radware s Behavioral Server Cracking Protection

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool

Honeypot as the Intruder Detection System

Firewalls, Tunnels, and Network Intrusion Detection

funkwerk packetalarm NG IDS/IPS Systems

Norton Personal Firewall for Macintosh

A NOVEL APPROACH FOR PROTECTING EXPOSED INTRANET FROM INTRUSIONS

Networking for Caribbean Development

Software Engineering 4C03 Class Project. Computer Networks and Computer Security COMBATING HACKERS

Security Advisory. Some IPS systems can be easily fingerprinted using simple techniques.

Banking Security using Honeypot

Intrusion Detection. Tianen Liu. May 22, paper will look at different kinds of intrusion detection systems, different ways of

Best Practices For Department Server and Enterprise System Checklist

Computer Networks & Computer Security

Cloud Security - Characteristics, Advantages and Disadvantages

Internet Security Firewalls

Observation and Findings

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Hackers: Detection and Prevention

Don t skip these expert tips for making your firewall airtight, bulletproof and fail-safe. 10 Tips to Make Sure Your Firewall is Really Secure

Course Title: Penetration Testing: Security Analysis

Traffic Monitoring : Experience

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

Security threats and network. Software firewall. Hardware firewall. Firewalls

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

PART D NETWORK SERVICES

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

OfficeScan 10 Enterprise Client Firewall Updated: March 9, 2010

Content-ID. Content-ID URLS THREATS DATA

A Proposed Architecture of Intrusion Detection Systems for Internet Banking

Network Service, Systems and Data Communications Monitoring Policy

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

CMPT 471 Networking II

How To Prevent Hacker Attacks With Network Behavior Analysis

Network Based Intrusion Detection Using Honey pot Deception

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Database Security in Virtualization and Cloud Computing Environments

Industrial Firewalls Endpoint Security

SURVEY OF INTRUSION DETECTION SYSTEM

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Are Second Generation Firewalls Good for Industrial Control Systems?

Chapter 11 Cloud Application Development

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Second-generation (GenII) honeypots

Network- vs. Host-based Intrusion Detection

Edge Configuration Series Reporting Overview

Top tips for improved network security

REVIEW ON RISING RISKS AND THREATS IN NETWORK SECURITY

Deploying Firewalls Throughout Your Organization

Evolutionism of Intrusion Detection

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Huawei Eudemon200E-N Next-Generation Firewall

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Network Incident Report

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

A Decision Maker s Guide to Securing an IT Infrastructure

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Firewalls & Intrusion Detection

Introducing IBM s Advanced Threat Protection Platform

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Transcription:

Applied mathematics in Engineering, Management and Technology 2 (6) 2014:22-26 www.amiemt-journal.com A solution for comprehensive network security Seyed Mehdi Mousavi Payam Noor University (PNU), IRAN email:m.mousavi55@gmail.com Abstract: There is some security solution that we can use in the network and there are many reports and logs.without a comprehensive solution, network admins cannot analyze network security problem. We need solution with integrated views on security subject. SOC (Security operation center) is a center that can do it. Keywords: Security, Network, SOC, Comprehensive 1-Introduction: with developing everyday using of communications and information transfer in networks and internet, enormous volume of administrative and commercial interactions are being transferred through it. Nowadays internet services and networks are being used as the most trustable, rapid, accessible communicative tools. Security seems so important because big companies use these networks. When we are talking about security, every company needs to it, so security approach should consider solving this problem without changing the companies systems and networks. We intend to introduce a network security operations center (SOC) for management of information security and communications using BS7799 standard as a solution for comprehensive network security. 2-Where is security operation center? Network security operations center (SOC), is a place to monitor and control of 24hours information input and output. Generally every SOC center is divided to three parts which every part has its duty. These parts are: First: contact point of clients and responsibility to reply client s warnings. At this part all warnings that are less complicated are replied. Second: this part is complement of first part and responsible to reply to more complicated problems in network security systems. For more important warning, this part is completely involved. Third: there are master experts and security consultants at this part. This part in fact is supporter of previous parts. If there is not any reply at previous parts, this part is involved to reply to problem shooting. All security approach and network security management are considered at this part. To designing network security management, there are different methodologies. However the bases of all methodologies are technology combination, human forces, processes at the core of network security center activities and surrounding it by administrative processes. These processes are composed of planning, designing, implementing, operating and developing network security center. Next layers of designing SOC, are composed of tools and criteria which all services are examined through. These tools and criteria include landscape, sources, time, cost, communications and risks which are at running of SOC. the most important point in running SOC is flexibility of methodology which by that we can present special solution for clients to network security management. In every part, there is a tool for security systems management. These tools monitor the network security through inner organization and outer organization views. In order to it, every SOC has tools in networks and in center. 22

All SOC centers services which are served, are monitored and managed. Other services which are served are as follows: - Developing security approaches - Teaching secure approaches - Firewalls designing - Immediate reply - Avoiding dangers and implementation Services which are served through this center include managed services which protect tools and SOC communications. These services apply methodology and strong hardware and software to manage security. Hardware parts which are used in networks by managed systems to apply secure approaches are: intrusion detection systems, firewall systems, and secure management systems in virtual private networks. 3- Need to managed services: Intrusion to domestic resources and foreign resources, threat networks and its programs every moment. Hackers from all over the world are monitoring secure tools to detect disorders and intrude networks and make entrance. In order to prevent them, it seems to need SOC secure systems. To create a secure system decent for managing a network with various applications, it needs expert personals which are able to manage systems from different virus and hackers. Systems which are run in SOC to network security management have automatically network tools analysis. Tools which are analyzed by this system are not limited to secure systems, and all infrastructure appliances of network are analyzed by this network management. This system in fact analyses all traffic models and servers, firewalls, physical secure systems and use them to prevent entering to the systems. Every odd traffic models observed, by microsystems analyzers are analyzed, and important warnings in network are being sent for every tools. In ordinary state concerning to polling program, all systems are monitored and concerning to secure profiles for every system possible intrusions have detected and thwarted. 4- Types of managed services in SOC 4-1-Firewall: 23

firewalls all first obstacle between secret information in a network and outer world of it. In a SOC center, it needs to analyze continually security. To have enough security, usually different brands are used.as an example; in a network with different firewalls usually select these tools from different manufacturer. By a centralized management, control them. To security management of equipment following stages are necessary:-analysis of firewall functions -answer to requests after announcing -analyzing registered logs in firewalls - analyzing software and hardware relevant to firewall. 4-2-Intrusion detection systems (IDS): Systems like IDS in a network are dependent to equipment and processes and staff which in need they respond to warning. Concerning to this fact that IDS sensors at any time create many warnings and that is impossible to respond to all of them it needs that sensibility of IDS regulates in a way that only essential threat would be announced. But this way causes that some intrusion would not be announced. To prevent problems we can appoint every IDS for every application. Using these systems features, we can control intrusion by SOC. In SOC we use features like decrease of false positive and state full signature that an advanced form of detection of intrusion is signature, protocol anomaly detection which has ability to detect traffic and make sure that illegal packet using comparison of protocol portion, would not be in network. Traffic anomaly detection to compare normal traffics and abnormal traffics to avoid naturally and not naturally intrusion, are used. In SOC, with mining of these features, power of intrusion detection has been increased. 4-3- Facility of filtering of content: One of main services in SOC is facility of entrance content to servers. Filtering content in SOC in order to prevent access to non-essential sites, preventing of access to specific types of files and limiting virus intrusion, worms and Trojan (many of dangerous virus like nimda and codered that administrative programs using HTTP or common protocol that firewalls let them enter to network so users unknowingly these contents download secure sites) are used. Software of URL filtering categorizes all pages in modified groups and according to that, makes the access of a page possible or impossible. Also it can provide a list of sites which users can access to them. It needs mainly this software has ability to filter access to categorized content. And also it should be able to present special approach based on different parameters including users groups, users positions, time of use and etc. Software that are used in this center to filter, should have information base categorize in order to prevent access. Also updates should be done in short intervals and it s better to be done completely. Updates should not stop the operation systems. 4-4-Virus detection facilities: Viruses often are being transferred by email and internet traffic. So deference at frontline means internet gateway which is the best way to fight, to it. Adding ability of virus scanning on caches, we can do decent activities to fight virus in internet gate. SOC center, controls operations and viruses scan by using decent software. 4-5- AAA services: In SOC center to define and control access to equipment and network services, AAA is used. Servers are used in different centers and different services and network managers and users also have access to network resources through that. One of ways which in SOC are used to detect user identification and exert secure approaches is using CA or certificate authority. CA is general key of a person or organizations which put them 24

in digital certificate and then sign it. This action confirms the accuracy of information. Digital certificate are files that in fact acts like passport and are issued by CA. Role of CA in this process is confirmation of a person who certificate has been appointed to him. In fact he is the person that confesses. With putting CA in a SOC center, we can support a great deal of applications with high rate security in comparison with username and passport created by users. 5- Security implementation in SOC: By using security equipment in SOC, network intrusion are analyzed from different views which are: visibility, verification and vulnerability which by merging in every part, we can control and manage security of network. In every part there are special activities, which by them we can avoid access to the network. If they enter the network, we prevent improvement of them. In every part there is equipment which can protect network. 5-1-Vulnerability: Equipment that are used, as soon as installation and running, should be updated. Factors which are updated by this way, include figuration of servers, applied programs, secure software packages relevant to operating systems, which concerning to growth of penetration ways, rapidly would be invalid. Concerning this point, this part has the least effect through intrusion conflict. 5-2-Visibility: using this equipment, that is often including firewalls, we can monitor all secure network equipment. At this part, all equipment of firewall is being updated and figurations of them relevant to their approach would be changed. These changes without any timing exert to the network in replace of mechanism change and intrusion trends. Problems which are created by firewalls figuration change are not related to technology only. Every time that figuration of equipment by staff is updated, it s possible that by a mistake in figuration, penetration for hackers created. Concerning to networks dimension and volume and ports which are serviced through IP address, number of points which should be scanned, are defined. To connect secure parts relevant to need of every user, these ports are divided to different groups. So ports which are of importance, by relevant systems in short interval (usually every five minutes) are scanned. Concerning to high volume information which is produced every time interval, should be some mechanism in SOC so by them these high volume of information could be processed and reports should be excavated. 5-3-Verification: the most essential and complicated part in a SOC, is making sure of security of parts which there are not direct control on them. In order to it, should apply equipment which can directly control relevant equipment. Actually should block penetration path. 6- Advanced services in SOC: Advanced services which are presented through this way, actually there are services that by them we can proceed security action according to needs. In SOC in addition to network equipment security management, infrastructures of information are supported in secure way. These infrastructures generally include staff, processes and job trends in networks. In gathered standards of security like BS9977 standards the way of implementation of security management trends in network are defined. At processes security management at SOC, different stages are passed to secure trends in networks. First stage is policy making. After legislation of policies, and corresponding of them with current standard in security 25

network, excavated trends in order to implement are given to expert. The other point to reviews is knowledge of staff of security threats. Concerning to great deals of network security software which every of them relevant to their producer, need to specific skills to use, and also technology rapid changes and intrusion way to network equipment, it needs SOC staff have specific skills and always get new knowledge. To update staff information, some training courses are used to detect intrusions. Concerning to importance of duty in SOC, staff of these centers are of high importance. So maintaining and protecting staff and making them satisfied are of most important responsibilities of SOC owners. 7- Conclusion: There are many solution for network security. But analyzing the information of this solution is very important. The information are separated. For a best security, we should see the whole network together. Because there are many complex attack that use various ways. Therefor we need a comprehensive security solution such as SOC that have a whole view to the network security. Reference: 1- Nadel, Barbara A. Building Security: Handbook for Architectural Planning and Design. McGraw-Hill. p. 2.20,2008 2- ISO/IEC 27003:Information technology,security techniques,information security management implementation guidance,2010 3- Network Intrusion Detection An Analyst s Handbook Second Edition,Stephen Northcutt, Judy Novak New Riders ISBN: 0-7357-1008-2 4- Yulin Wang, Jinheng Wang, Research on security technology of campus network, Advanced Materials Research Vols. 971-973 pp 1730-1734, 2014 5-26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information