Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security



Similar documents
Security Technology: Firewalls and VPNs

12. Firewalls Content

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Cornerstones of Security

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

How To Protect Your Network From Attack

Internet Security Firewalls

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Computer Networks. Secure Systems

Lesson 5: Network perimeter security

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Network Security. Raj Jain. The Ohio State University. Columbus, OH Raj Jain 31-1

Achieving PCI-Compliance through Cyberoam

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

What would you like to protect?

CISCO IOS NETWORK SECURITY (IINS)

8. Firewall Design & Implementation

Network Security. by David G. Messerschmitt. Secure and Insecure Authentication. Security Flaws in Public Servers. Firewalls and Packet Filtering

Remote Access Security

Networking for Caribbean Development

ICANWK406A Install, configure and test network security

VPN Lesson 2: VPN Implementation. Summary

ADM:49 DPS POLICY MANUAL Page 1 of 5

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

SE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane

Domain 6.0: Network Security

Internet Security Firewalls

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

74% 96 Action Items. Compliance

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Firewalls, Tunnels, and Network Intrusion Detection

Overview. Firewall Security. Perimeter Security Devices. Routers

H.I.P.A.A. Compliance Made Easy Products and Services

Security Design.

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

This section provides a summary of using network location profiles to identify network connection types. Details include:

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Basics of Internet Security

Firewalls CSCI 454/554

Network Security Administrator

PCI DSS Compliance. with the Barracuda NG Firewall. White Paper

Firewalls. Chapter 3

BlackRidge Technology Transport Access Control: Overview

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

FIREWALL POLICY DOCUMENT

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Network Access Security. Lesson 10

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

Firewall Environments. Name

Chapter 11 Cloud Application Development

ΕΠΛ 674: Εργαστήριο 5 Firewalls

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Developing Network Security Strategies

Figure 41-1 IP Filter Rules

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

The Bomgar Appliance in the Network

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

FIREWALLS & CBAC. philip.heimer@hh.se

Intro to Firewalls. Summary

Best Practices For Department Server and Enterprise System Checklist

Achieving PCI Compliance Using F5 Products

Jort Kollerie SonicWALL

Network Security: A Practical Approach. Jan L. Harrington

Building A Secure Microsoft Exchange Continuity Appliance

CMPT 471 Networking II

Firewall Design Principles Firewall Characteristics Types of Firewalls

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

Network Security Policy

Firewalls and Virtual Private Networks

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Introduction to Cyber Security / Information Security

Raptor Firewall Products

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

ΕΠΛ 475: Εργαστήριο 9 Firewalls Τοίχοι πυρασφάλειας. University of Cyprus Department of Computer Science

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Description: Objective: Attending students will learn:

Final exam review, Fall 2005 FSU (CIS-5357) Network Security

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

Internet Security. Internet Security Voice over IP. Introduction. ETSF10 Internet Protocols ETSF10 Internet Protocols 2011

Tutorial 3. June 8, 2015

Network Security Guidelines. e-governance

VOICE OVER IP SECURITY

Transcription:

Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security A successful network security implementation requires a marriage of technology and process. Roles and responsibilities and corporate standards for business processes and acceptable network-related behavior must be clearly defined, effectively shared, universally understood, and vigorously enforced for implemented network security technology to be effective. Process definition and setting of corporate security standards must precede technology evaluation and implementation. 1

Security vs. Productivity Balance The optimal balance point that is sought is the proper amount of implemented security process and technology that will adequately protect corporate information resources while optimizing user productivity. Network Security Policy Assets, Risks, Protection multiple protective measures may need to be established between given threat/asset combinations 2

Protective Measures The major categories of potential protective measures are: Virus protection Firewalls Authentication Encryption Intrusion detection Threats and Protective Measures Once policies have been developed, it is up to everyone to support those policies in their own way. Having been included in the policy development process, users should also be expected to actively support the implemented acceptable use policies. 3

Executive s Responsibilities Management's Responsibilities Acceptable Use Policy Development 4

User s Responsibilities Security Architecture A representative example of a security architecture that clearly maps business and technical drivers through security policy and processes to implemented security technology. CSF for Network Security Policy 5

Virus Protection Virus protection is often the first area of network security addressed by individuals or corporations. A comprehensive virus protection plan must combine policy, people, processes, and technology to be effective. Too often, virus protection is thought to be a technology-based quick fix. Virus Infection Virus Re-infection 6

Virus Points of Attack The typical points of attack for virus infection and potential protective measures to the combat those attacks. Anti-virus Strategies Firewalls When a company links to the Internet, a twoway access point out of as well as into that company s confidential information systems is created. Firewall software usually runs on a dedicated server that is connected to, but outside of, the corporate network. All network packets entering the firewall are filtered or examined 7

Firewalls Firewalls provide a layer of isolation between the inside network and the outside network. The underlying assumption in such a design scenario is that all of the threats come from the outside network. Incorrectly implemented firewalls can actually exacerbate the situation by creating new, and sometimes undetected, security holes. There are a number of Firewall types Packet Filter Firewall Application Gateway 8

Trusted Gateway Dual-homed Gateway Firewalls 9

Firewall Behind DMZ Firewall in front of DMZ Firewall Multi-tiered 10

Authentication and Access Control The purpose of authentication is to ensure that users attempting to gain access to networks are really who they claim to be. Password protection was the traditional means to ensure authentication. Password protection by itself is no longer sufficient to ensure authentication. A wide variety of technology has been developed to ensure that users really are who they say they are. Challenge-Response Authentication Time-Synchronous Token Authentication 11

Kerberos Architecture Kerberos architecture consists of three key components: client software authentication server software application server software Encryption Encryption involves the changing of data into an indecipherable form before transmission. If the transmitted data are somehow intercepted, they cannot be interpreted. The changed, unmeaningful data is known as ciphertext. Encryption must be accompanied by decryption, or changing the unreadable text back into its original form. Encryption Standards 12

Private Key Encryption Public Key Encryption Digital Signature Encryption 13

Security Design Strategies Make sure that router operating system software has been patched Identify those information assets that are most critical to the corporation, and protect those servers first. Implement physical security constraints to hinder physical access to critical resources such as servers. Monitor system activity logs carefully Security Design Strategies Develop a simple, effective, and enforceable security policy and monitor its implementatio. Consider installing a proxy server or applications layer firewall. Block incoming DNS queries and requests for zone transfers. Don t publish the corporation s complete DNS map on DNS servers that are outside the firewall. Disable all non essential TCP ports and services Security Design Strategies Install only software and hardware that you really need on the network. Allow only essential traffic into and out of the corporate network and elimi-nate all other types by blocking with routers or firewalls. Investigate the business case for outsourcing Web-hosting services so that the corporate Web server is not physically on the same network as the rest of the corporate information assets. Use routers to filter traffic by IP address. 14

RADIUS Architecture RADIUS allows network managers to centrally manage remote access users, access methods, and logon restrictions. Tunneling Protocols and VPN To provide VPN capabilities using the Internet as an enterprise network backbone, specialized tunneling protocols were developed that could establish private, secure channels between connected systems. IP Packet and Security Headers 15

Government Impact Government agencies play a major role in the area of network security. The two primary functions of these various government agencies are: Standards-making organizations that set standards for the design, implementation, and certification of security technology and systems. Regulatory agencies that control the export of security technology to a company s international locations Orange Book Certification The primary focus of the Orange Book is to provide confidential protection of sensitive information based on these requirements: Security policy Marking Identification Accountability Assurance Continuous protection: Orange Book Certification Criteria 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information