Best Practices for Network Security. Name. University/College. Unit Name. Unit Code. Lecturer



Similar documents
Chapter 23. Database Security. Security Issues. Database Security

Healthcare Compliance Solutions

Chapter 23. Database Security. Security Issues. Database Security

Healthcare Compliance Solutions

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

Aadhaar. Security Policy & Framework for UIDAI Authentication. Version 1.0. Unique Identification Authority of India (UIDAI)

Content Teaching Academy at James Madison University

Basics of Internet Security

Chap. 1: Introduction

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Cryptography and Network Security

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Evaluate the Usability of Security Audits in Electronic Commerce

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

ESR Secure System End to End 256-bit TSL Encryption

Lecture II : Communication Security Services

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Security & Privacy in Biometric Systems Two Hindering Requirements?

TOP SECRETS OF CLOUD SECURITY

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

CloudCheck Compliance Certification Program

Cryptography and Network Security Chapter 1

Skoot Secure File Transfer

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Supplier Information Security Addendum for GE Restricted Data

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

HIPAA Security Alert

IBM Connections Cloud Security

A Study on Secure Electronic Medical DB System in Hospital Environment

Security aspects of e-tailing. Chapter 7

Notes on Network Security - Introduction

Cisco Advanced Services for Network Security

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

CHAPTER 1 INTRODUCTION

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

Data Security Incident Response Plan. [Insert Organization Name]

Information Security Basic Concepts

Wireless Network Security

HIPAA Compliance and the Protection of Patient Health Information

PASSWORD MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

HIPAA Compliance and Wireless Networks Cranite Systems, Inc. All Rights Reserved.

How To Protect A Wireless Lan From A Rogue Access Point

Federal Trade Commission Privacy Impact Assessment

Preparing for the HIPAA Security Rule

White Paper. Document Security and Compliance. April Enterprise Challenges and Opportunities. Comments or Questions?

FileCloud Security FAQ

Securing SIP Trunks APPLICATION NOTE.

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Data Storage Security in Cloud Computing

CPSC 467: Cryptography and Computer Security

Electronic Document and Record Compliance for the Life Sciences

Defense in Cyber Space Beating Cyber Threats that Target Mesh Networks

HIPAA Compliance and Wireless Networks

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Opinion and recommendations on challenges raised by biometric developments

Overview. SSL Cryptography Overview CHAPTER 1

Network Security. Network Security Hierarchy. CISCO Security Curriculum

Complying with PCI Data Security

Table: Security Services (X.800)

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

How To Use A College Computer System Safely

Brainloop Cloud Security

Subject: Computers & Electronic Records. Responsible Party: Part C Coordinator

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

Hang Seng HSBCnet Security. May 2016

Information System Security

SecureAge SecureDs Data Breach Prevention Solution

Healthcare Security and HIPAA Compliance with A10

Introduction to Computer Security

Economic and Social Council

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

BANKING SECURITY and COMPLIANCE

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

The Regulatory framework and VoIP. Merijn Schik, DG INFOSOC

Electronic Communication In Your Practice. How To Use & Mobile Devices While Maintaining Compliance & Security

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

How TraitWare TM Can Secure and Simplify the Healthcare Industry

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

ISO Information Security Management Systems Professional

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

HIPAA Security Rule Compliance

Transcription:

1 Best Practices for Network Security Name University/College Unit Name Unit Code Lecturer 27 March 2014

2 Outline Introduction...3 Developing Network Security Best Practices...5 I. The Pillars of network Security...5 (i) (ii) (iii) II. (i) (ii) (iii) Confidentiality...5 Integrity...5 Authentication...6 Network Security Support Systems...7 Network security Policing...7 Security Planning...7 Architecture...8 Network Security Best Practices...8 Conclusion...10

3 Introduction The present day IT infrastructure and the general IT security systems face numerous security threats and challenges. These present a big concern to IT experts as the rate at which these security threats mutate at is quite alarming. This has over time changed the traditional view of Network Security as an institutional expense to the present day situation where network security is viewed as an investment. Ashley (2003) literates that, Network Security has over time become a crucial mission that every enterprise, organization or governmental agency must take maximum care of. As she points out, this has been necessitated by the increased threats of cyber-terrorism, increased hacking activity and the pronounced existence of disgruntled employees. Network security concerns have also been proven to evolve methodically leading to a mandatory requirement for institutions to invest heavily in network security management systems. As she further explains, the rapid evolution of information security compromising technologies further exposed corporate and other institutional information systems to numerous security threats thus, the need for the development, adoption and commissioning of Network Security practices. According to Moss & Allan (2010), institutions need to develop mechanisms of enhancing their data security as well as securing their systems. As they observe, developing and implementing such a system needs to be based on enterprise security best practices. As such, an enterprise security best practice framework has three layers of divergence; the security backgrounders, security primers and security best practices. With each layer in the network security enforcement, implementation of each layer and all the processes and activities is required. The security backgrounders include the issues regarding to the security threats,

4 strategies as well as the security planning process. On the other hand, security primers include the security architectural building blocks on which security concerns of a given network are anchored, the end system security considerations as well as the security system administration procedures. A further consideration into the best practice should include definition of the administrative authority on data availability and security, communication channel authentication and security management as well as security monitoring and auditing, Moss & Allan (2010) In maintaining adequate security in any network, the architectural design of the network plays a crucial part, Megg (2009). Megg further discusses that network security is not an individual affair but an institutional concern to which every person in the institution has a stake in. He further state, Network security systems play a crucial part in determining the informational integrity of an institution. Consequently, informational and network security should be a major investment that every institution takes part in. This paper gives a guideline on Network Security Best Practice. The procedures required as well as the conditions to be observed in creating, enforcing and commissioning Network Security Best Practices are also detailed.

5 Developing Network Security Best Practices I. The Pillars of network Security In coming up with network security best practices, one should take into account all the pillars on which a network system relies on (Megg, 2009). These pillars include; confidentiality, authentication, and integrity and form the essentials that every secure network system must poss (Cisco, 2012). (i) Confidentiality The confidentiality pillar requires that the information transmitted through the network should be kept in the most secure and confidential manner; and without access by unauthorized parties. There are various factors that must be considered as to enhance confidentiality of the information being transmitted via the network in question. By ensuring that the information is highly secure, you also give the network a high degree of privacy as the information cannot be compromised while under transmission. Today, there are various ways used in enforcing informational security including data encryption, data hashing or data shielding among others. A secure network should have an independent architectural design whose structure bars unauthorized access to the information under transmission. In addition to this, there should be adequate policy provision in the framework as to prevent threats that the data under transmission may face such as wiretapping and electronic skimming among others, (Moss & allan, 2003). (ii) Integrity Next is data integrity. Data integrity means the quality of the data from the time of sending to the time of reception. Secure data should pose a high degree of similarity with the initially transmitted data. Any deviation from the norms of the initially send data arriving to the receiver or getting to the recipient in an unintended form maybe termed as a compromise to the data integrity. (Cisco, 2012) According to this white paper, policy considerations should be put

6 in place to ensure that the integrity of the data under transmission within a given network is not compromised. Today, the commonly used data integrity enforcement procedures involve the use of cryptographic algorithms in hashing the information under transfer. Such algorithms used today include SHA and MD5 both of which rely on having the data securely hashed into a format which is not human readable and not easy to decrypt using simple means. In hashing the data, the process begins with creation of an arithmetic algorithm which uses the key and the data. As the arithmetic function splits into unique values (hashes), reading and decrypting the data becomes impossible hence reserving the integrity of the data at a high level. In accessing the data, only an authorized person with the right decrypting key can access the data. This ensures that the data is kept secure from external access by unauthorized parties (Dodd, 2011). (iii) Authentication This refers to the process of ensuring the data under transmission is only readable to the intended persons. As a result of having the data sent via a given network system, one needs to ascertain that the receiver of the data is the intended person. The process of attaining this is called authentication. Today, there are various data authentication processes used today including; the use of passwords and digital certificates among others (Cisco, 2012). As the author points out, well authenticated data is secure and safe; free from unauthorized access. As a result, the use of various state-of-the art data authentication procedures should be used to prevent the data under transmission from fraudulent access. Other modes of authenticating users today include the use of biometric readers where only the specific users biometric can be able to access the particular information.

7 II. Network Security Support Systems Network security is anchored on various support systems such as support policy, administrative support, security planning and strategy, security auditing and threat detection among others, (Megg, 2009). (i) Network security Policing According to Megg (2009), these form the network security support pillar. As observed in the report, the three main stream pillars heavily rely on these support systems to enhance the security measures within a given framework. As the report further indicates, network security is compromised without policy provisions. This illustrates the weight carried by the need for adequate policing when planning and implementing a network security plan. A network policy defines the administrative and the supportive roles as well as spells the punishments for breach of the network security policies and practices. (ii) Security Planning This involves the procedural laying down of the processes and activities to be used in enforcing security within a given network or institution. Corporate players use security planning for their network operations as to ensure efficiency of the transmission system as well as be able to enhance and promote a healthy and high level of security. Consequently, one needs to adequately plan the network security before choosing a particular network security enforcement strategy. The planned security measure should prevent, detect and possibly respond to any form of attack to the network system.

8 (iii) Architecture The architecture of the system being used plays a significant role in determining the security level of the network. Consequently, the architectural structure of the information or data transmission system used should adequately allow for the transmission of the data while observing a high level of data security. A good system should not allow for the data being stored or transmitted to be compromised, (Ashley, 2003). Network Security Best Practices The goal of having an ideal security in a network is impossible. With no environment invulnerable, a more complex environment is more challenging and difficult to enhance security than a simplistic environment. This is so because every security plan operates within a budget, a set of policies, staff and technology among other determinants of security level, (Pfeil, 2010). As the author observes, different network users within an institutions have different roles. This is mainly used as the basis for grouping the network users as well as defining their corresponding duties. For instance, a network should contain among others; administrators and analysts. This allows the roles and responsibilities towards the network to be set. Therefore, the roles taken by the various personnel accessing and working with the system should be defined and their right and privileges defines also. Through this, it becomes possible to track down the access to the network by the various users. The administrator should for instance have the right to allocate and deprive other users with non-administrative roles the access rights to the network, (Pfeil, 2010).

9 In the trial to maintain a secure environment within the system, one should ensure that the use of top security enforcement facilities such as firewalls, strong passwords, encryption of data under transmission as well as physical security enforcement within the operational area. This is important as in facilitates accountability. For the best results, institutions should ensure that proper policing regarding the various activities done by the network users whose misuse can lead to the network being compromised are avoided. In the case of use of the internet portal, the network administrator should be able to track the actions done over the network by the different users. This helps in managing the activity of different system users leading to high levels of accountability, (Dodd, 2011). When considering having a network system, you should consider having more enhanced user access. Through the use of enhanced access capabilities for the users, you are able to detect, prevent or even track down fraudulent activities such as spoofing, hacking or even unauthorized access into the system using impersonated details. A good network system should also have a capability of detecting and barring repudiation acts which may compromise the integrity of the system. As Dodd (2011) observed, highly secure networks have higher levels of user authentication as to promote user identity and authentication before accessing the system. He further notes that for the system to remain highly secure, all the users accessing the system should have user access rights with different access privileges as to promote high integrity of the system. At an advanced level, the security should have well-structured access denial privileges for those not clearly authenticated into the system, (Dodd, 2011). The network system should also have a good monitoring system from where all the access statistics are kept. This includes the use of such mechanism as access logs being embedded onto the network. Consequently, the network should periodically be checked by the

10 systems administrator or analyst to detect any issues that might compromise or might have compromised with the network s integrity. As a result, periodic network audit should be done with in a depth analysis being done on the access logs and other logs showing network user activity. As Dodd (2011) observes, regularly audited networks are rarely compromised. This implies that as a practice rule, the system should be periodically analyzed. Through this analysis of the activity level of the various operations within the network also helps you detect issues that might have occurred such as information log deletion whose occurrence might compromise the network s integrity. Conclusion From the above discussion, it is worth noting that in the security enforcement in a network system or any other system, there is no ideal situation at which the network security is guaranteed. However, measures aimed at facilitating and promoting security improvement on the network are deployed, used and enforced. These are called the best practices for a network security and include; periodic checking, analysis and auditing of the network with the aim of identifying any form of fraudulent activity. Next, is the use of controlled access rights and privileges for the users at different levels. This ensures that the network does not get compromised on the grounds of having the users violate the system policies. In such a case, the system should have a system of handling such a user whose actions exposes the network to potential data loss of compromised network security among others.

11 References Ashley, W. (2003). Layered Network Security: A best-practices approach. Latis Networks, Inc. Dodd, T. (2011). Monitoring and auditing for End Systems. Retrieved March 26, 2014, from http://technet.microsoft.com/en-us/library/cc750908.aspx Pfeil, K. (2010). Data Security and Data Availability for End Systems. Retrieved March 26, 2014 from http://technet.microsoft.com/en-us/library/cc722919.aspx Cisco. (2012). Network Security Policy: Best Practices White paper. Doc.ID 13601 Megg, T.S. (2009). Network Security Essentials. New Jersey, Tx Pub. Moss, R & Allan, S. (2010). Network Security: A simplified approach to network security. New York: Perennial.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information