Managing Network Security - PowerPoint PPT Presentation

1 / 77
About This Presentation
Title:

Managing Network Security

Description:

Observe a series of transaction and keep track of states. ... Verisign, Cybertrust, Nortel, USPS. Level of knowledge necessary. Resources ... – PowerPoint PPT presentation

Number of Views:129
Avg rating:3.0/5.0
Slides: 78
Provided by: ou25
Category:

less

Transcript and Presenter's Notes

Title: Managing Network Security


1
Managing Network Security
  • Assessment and policy
  • Access control
  • Encryption

2
Myths about Business Risks in the Information Age
  • Security is only about protecting things
  • We dont have any information anyone would want
  • Security problems have never happened here.
  • Firewalls provide enough security
  • Technology will solve the security problem
  • The enemy is outside
  • Our people wont tolerate tight security
  • My PC is secure, so Im secure
  • The Internet cant be used for secure
    communications

3
Security Policy
  • Defines what's important in your enterprise, how
    you are going to protect it, who's responsible
    for it and what happens when the inevitable
    attacker comes knocking.
  • Give system and network administrators something
    to fall back on in a crisis, as well as guidance
    for the mundane but essential day-to-day
    decisions and actions
  • Provide approaches to problems that have been
    well-thought-out and tested over time. And though
    there is no magic in them, these policies bring
    an organization closer to understanding its
    computer and network business requirements and
    risks.
  • Provide a framework for re-evaluation as
    requirements and risks change.


4
Ground rules of Security
  • 1. Security and complexity are often inversely
    proportional.
  • 2. Security and usability are often inversely
    proportional.
  • 3. Good security now is better than perfect
    security never.
  • 4. A false sense of security is worse than a true
    sense of insecurity.
  • 5. Your security is only as strong as your
    weakest link.
  • 6. It is best to concentrate on known, probable
    threats.
  • 7. Security is an investment, not an expense.

5
Developing the security management plan
6
Risk assessment
  • This phase encompasses asset identification and
    evaluation postulation and analysis of threats
    vulnerability assessment appraisal of existing
    countermeasures, and cost/benefit analysis.
  • Numerous factors are considered, including how
    information is used and managed, and how good and
    relevant existing security measures are. Assets
    (including information) as well as threats are
    classified. The goal is to consider the things
    indicated as business requirements.

7
Risk assessment
  • Questions
  • What are we trying to protect?
  • Which attacks are possible? Which are probable?
  • Where are we vulnerable?
  • What are we concerned about keeping? What are
    these items worth? How much would it cost to
    replace them?
  • How valuable would the following be to an
    attacker (possibly a competitor)
  • How much would it cost an attacker to attack us?
  • How much would it cost to counter?
  • What security measures are in place? Are they
    working?

8
Risk areas
  • Personnel Risk
  • Background checks
  • Segregation of duties
  • Terminated employees
  • Physical Access Risk
  • Disaster Risk
  • Disaster recovery
  • Backup/ hot sites

9
  • Integrity Risk Risks associated with the
    authorization, completeness and accuracy of
    transactions
  • User interface
  • Processing, error processing
  • Interfaces with other systems/ databases
  • Access Risk Risks associated with inappropriate
    access to systems or data
  • Identification, authentication and nonrepudiation
  • Firewalls and Guards
  • Availability Risk
  • Infrastructure capability
  • Denial of service

10
Threats
  • Disaster and breakdowns
  • Access and disclosure
  • Alteration or destruction
  • Improper use

11
Business needs assessment
  • The security planning team should include people
    involved in different aspects of IT from
    different areas of the enterprise.
  • Once the team is created, the first step is an
    analysis of business requirements. What services
    are required for business, and how might those
    requirements be met securely? The hardest part is
    distinguishing wants from needs.
  • The team, with all its members' viewpoints,
    determines the business needs for computer and
    network services.
  • For every service, team should ask repeatedly,
  • "Is there a business requirement?"

12
Root Security Policy
  • This high-level document provides the framework
    upon which all required information and
    subpolicies hang. The root policy's top-down
    approach makes it possible to adhere to the
    guidelines and produce meaningful and useful
    work.
  • The root security policy addresses how an
    organization handles information, who may access
    it and how. It also specifies allowed and denied
    behavior. And it lists controls that are in
    place.

13
Security Architecture Guidelines
  • Specify countermeasures to the threats discovered
    in the risk assessment. This document dictates,
    for example, where to place firewalls, when to
    use encryption, where to place Web servers and
    how to allow communication with Business partners
    and customers. It may identify particular
    products and give instruction on how to deploy
    and manage them. The security architecture
    guidelines specify the assurances that are in
    place, the auditing and the controls.
  • This part requires expertise, which you may
    acquire through the services of an outside
    consultant or in-house through education,
    including Web-based resources, books, technical
    papers and conferences.

14
Incident Response Procedure
  • Defines What is considered an "incident" in the
    first place? What happens when a security
    incident is discovered? What is done when the
    attacker calls? Who gets called and when?
  • It's useful to test the procedure with a sort of
    incident-response procedure drill. When you call
    them, and in what order, must be part of the
    procedure. Calling too many people too soon risks
    letting the cat out of the bag, so to speak, or a
    crying wolf scenario. Calling too few people, too
    late, risks lawsuits.
  • Although this process does not require any
    particular technical expertise, it does require a
    lot of thought. Senior managers should carefully
    review this document, after receiving a briefing
    based on the vulnerability assessment. The goal
    is to scare them, but not too much

15
Acceptable Use Policies
  • The root computer and network security policy
    will point to various acceptable use policies.
    The number and type of policies depend on the
    analysis of business requirements, risk
    assessment and corporate culture. The acceptable
    use policies are meant for end users. They
    explain which actions are permitted and which are
    prohibited. So there may be acceptable use
    policies for computers, transfer of data, e-mail
    communications, notebook PCs and Web access.

16
System Administration Procedures
  • With a proper understanding of the business
    requirements and the risks, and with the security
    architecture guide in place, your organization
    can develop platform-specific policies and
    related procedures. These often lead to lock-down
    guides that address organization-specific steps
    for hardening vendor-supplied systems. Lock-down
    guides are usually products of the system
    administration staff, with information gleaned
    from experience, books and reference guides.
    Also, specified here is what software must and
    must not be in place, and how the systems are to
    be backed up and administered.

17
Do what's possible today?
  • Address the known requirements and threats. This
    is one of the benefits of a root policy as a
    framework. It tells us what has to be done. Do
    what's possible today, tag residual risks and
    note tasks to be accomplished.
  • Will you get perfect security?
  • No. Rather, you'll achieve timely, usable and
    sufficient security in the midst of an
    increasingly dangerous, but exciting networked
    world.


18
Lucent Technologies
19
Corporate Computer and Network Security (CCANS)
Organization
  • The preparation and dissemination of computer and
    network security policy and requirement
  • Providing security consultation

20
  • The investigation of computer and network
    information security violations
  • Monitoring for compliance with Lucent Business
    Assurance Instruction (LBAI)
  • Conducting risk assessments
  • Reviewing non-administrator and remote access
    configurations
  • Approving all Data Connection Agreements

21
Network Security Focus On
  • Developers
  • Resource (Data, System and Application) Owners
  • Corporate Sponsors
  • Supervisors
  • System Administrators
  • End Users

22
System Administrators
  • Ensuring the modification of executable programs,
    network configuration data, application file
    systems, network data bases, etc. is authorized
  • reviewing audit logs daily for evidence of
    unauthorized activity and taking appropriate
    action
  • ensuring only authorized or licensed software is
    installed on their computers and servers

23
End Users
  • Provide profile information, as required by the
    resource owner, for unique user identification
  • Using company approved, licensed software on
    their computers

24
  • Reporting all actual attempted and/or suspected
    misuse of computer
  • Complying with the security policies and
    requirements identified in LBAI
  • Reporting the loss of Proprietary information or
    similarly sensitive information to CCANS

25
Access Corporate Networking - Direct Access
  • Unique user Ids/Passwords
  • Unique ID/Password
  • No shared ID
  • Disable after a period of 90 days of inactivity
  • Deleted after a period of 120 days of inactivity
  • Password (minimum of 7 characters)

26

STOP
This system is restricted solely to Lucent
Technologies authorized users for
legitimate business purpose only. The actual or
attempted unauthorized access, use, or
modification of this system is strictly
prohibited by Lucent Technologies. Unauthorized
users are subject to company disciplinary
proceeding and/or criminal and civil penalties
under state, federal, r other applicable
domestic and foreign laws. The use of this system
may be monitored and recorded for administrative
and security reasons. Anyone accessing this
system expressly consents to such monitoring and
is advised that if monitoring reveals possible
evidence of criminal activity. Lucent
Technologies may provide the evidence of such
activity to law enforcement officials. All users
must comply with Lucent Technologies Corporate
Instructions regarding the protection of Lucent
Technologies information assets.
I Agree
27
Access Corporate Networking - Modem Pools
  • No direct dial-up network connectivity to a
    server
  • Dial up access to Lucent network must via the
    Lucent Remote Access (LRA)
  • A ID/Passwords/Token PIN is required

28
Firewall Rules
  • Based on the assumption that no external users
    can be trusted without strong authentication
  • The firewall must deny all services that are not
    explicitly permitted
  • The only services permitted through the firewall
    are those approved by CCANS
  • The firewall must have the ability to generate
    audit logs
  • Bell Lab Firewall

29
Abbreviated Proprietary Markings for Screens
  • Screen displays containing proprietary
    information must include the appropriate
    proprietary marking

Lucent Technologies Proprietary Use Pursuant to
Company Instruction or Lucent Proprietary
Solely for auth persons having a need to know
30
Corporate E-mail
  • Lucent personnel must not send or forward
    proprietary information to non-Lucent e-mail
    account unless the message is encrypted
  • E-mail group distribution lists must not include
    non-Lucent e-mail accounts
  • NJ E-mail security room

31
Corporate Security Audits - log file
  • Login attempts (successful and unsuccessful)
  • Logoff
  • Attempts to access files/ resources outside their
    privilege level

32
  • Attempts to access any files/ resources that have
    been identified by the owner as warranting
    logging
  • Operating system configuration changes
  • Operating system program changes
  • All changes to system security, including adding
    users
  • Failures for computer, program, communications
    and operations

33
Firewall
  • Protect the confidential information.
  • Maintain Internal network system integrity.

Firewall
34
(No Transcript)
35
Major Threats
  • Network Packet Sniffers
  • IP Spoofing
  • Password Attacks
  • Distribution of Sensitive Information
  • Man-in-the-Middle Attacks

36
Network Packet Sniffers
  • A software application that uses a network
    adapter card in promiscuous mode to capture all
    network packets that are sent across a LAN.
  • Can provide meaningful and sensitive information

37
IP Spoofing
  • Occurs when an attacker outside your network
    pretends to be a trusted computer .
  • Use an IP address that is within the range of IP
    addresses for your network or by using an
    authorized IP address that you trust

38
Password Attacks
  • Usually refer to repeated attempts to identify a
    user account and/or password.
  • Often the attack is performed using a program
    that runs across the network and attempts to log
    into a shared resource, like a server.

39
Distribution of Sensitive Information
  • An internal user can easily place sensitive
    information on an external computer or share a
    drive on the network with other users.
  • A disgruntled present or former employee can
    distribute sensitive information to competitors .

40
Man-in-the-Middle Attacks
  • This attack requires that the attackers have
    access to network packets that come across
    networks.
  • Possible uses theft of information, denail of
    service, corruption of transmitted data, and etc.

41
Types of Firewalls
  • IP Firewalls
  • Application Firewalls
  • Stateful Inspection Firewalls

42
IP Firewalls
  • Works at the internet layer by examining the
    source and destination address of each incoming
    IP packet
  • Can not prevent IP spoofing.

43
(No Transcript)
44
Application Firewalls
  • Take into account of the behavior of application.
  • Also called proxy firewalls.
  • All input is not sent directly to the receiver
    but a different port, closing a straight path
    between two networks.

45
(No Transcript)
46
Stateful Inspection Firewalls
  • Problem with proxy server formal proxy rules can
    be established for only some applications.
  • Observe a series of transaction and keep track of
    states.
  • Do not need distinct proxies to be created for
    each application.

47
Case Study
  • FIREWALLS
  • TicketExpress

48
Background Information
  • Company TicketExpress
  • Location Malaysia
  • Product/Service Intranet and e-commerce
    solutions
  • TicketExpress is the is the official Commonwealth
    Games Ticketing Office.
  • Goal to change the way that the world
    buys tickets

49
Challenges
  • Primary Challenge developing a secure and
    convenient method for people across the world to
    purchase tickets to the Commonwealth Games
  • TicketExpress developed a partnership with
    Hypermedia Communications and, together, they
    used a WatchGuard Security System to address
    their problem.

50
Network Architecture
  • Software was written in C and run on a UNIX
    Operating System
  • Software was a multi-operator system that tracks
    multiple events , producers, and venues
  • The UNIX Operating System, along with a database
    made by TicketExpress, helped to speed
    information retrieval

51
Network Architecture (2)
  • Security is of extreme importance in this case
    because of the link that is established between
    all pertinent information about the patron and
    the activity.

52
The WatchGuard Firewall System
  • Slogan You cant afford to work without it.
    Network security at an affordable price.
  • Developed by Seattle Software Labs in response to
    the growing need for secure networking
  • WatchGuard system components
  • WatchGuard Firebox
  • network security appliance featuring a Pentium
    Processor and WatchGuard Security Management
    System (SMS)
  • Software that runs on Windows NT, Windows 95, and
    Linux

53
Advantages of the WatchGuard System
  • Meets current network protection requirements
  • Fits well with normal network management
    procedures
  • Easy installation and configuration
  • Automatic warning of security-related events
    occurring at the Firewall

54
Philosophy of WatchGuard
  • WatchGuard is built on two premises
  • The external user is denied an inbound
    connection, unless it has authorization for a
    specific activity
  • An ability to enforce security, even if your
    network fails (ie, it shuts off access to its
    network if it thinks that its software has been
    tampered with)

55
The Firebox
  • A hardware firewall platform
  • Runs transparent proxies and dynamic stateful
    packet filter
  • Does not allow user log-ins and only supports
    encrypted connections to the Firebox
  • Resides between router and local trusted network
  • Provides interface for an optional bastion
    network for FTP, WWW, etc.

56
Firebox Features
  • Real-time firewall operating system
  • Stream-lined firewall engine
  • Camouflages internal addresses
  • Tamper-proof operations
  • Inspects and blocks unwanted traffic
  • Rackmount option available
  • Utilizes Secure Socket Layer (SSL) encryption,
    the highest level of security available on the
    Internet

57
Solution for TicketExpress
  • Of primary importance is the feeling of security
    by the customer
  • Watch Guard assisted Hypermedia Communications in
    installing and running the system

58
Results
  • Creation of a secure website to allow patrons to
    see details of different tickets that were
    available.
  • Ability to purchase tickets easily and safely
    from anywhere in the world, thanks to the Firebox.

59
Encryption
  • Used when
  • Data can be intercepted, read or modified
    illegally
  • Function
  • Encodes data to prevent tampering

60
Process of Encryption
  • Cipher - set of rules to transform original
    information to the coded form.
  • Both the sender and the receiver must know the
    cipher.
  • Example
  • Add an arbitrary number of characters to
  • all characters in a message.

61
Encryption Components
  • Algorithm
  • Key
  • Cryptographic Algorithm
  • Is a mathematical function that combines plain
    text or other intelligible information with a
    string of digits, called a key, to produce cipher
    text.

62
Key
  • Number of possible keys for an algorithm depends
    on the number of bits in the key. (256 possible
    combinations for an 8 bit key)
  • The greater the number of possible keys, the more
    difficult it is to rack an encrypted message.

63
Types of Encryption
  • Symmetric Encryption
  • Both sender and receiver possess the same key to
    encrypt and decrypt a message.
  • Asymmetric Encryption
  • Public key

64
Public Key
  • Based on the concept of key pair.
  • One public key (associated with the owner)
  • One private key (known only by designated
    owner)
  • Messages encoded by either key can be decoded by
    the other.

65
Public Key
66
Digital Certificates
  • Public keys are distributed by Certification
    Authority who issue a Digital Certificate which
    serves as a proof of Owners identity.
  • Verisign, Cybertrust, Nortel, USPS

67
  • Level of knowledge necessary
  • Resources

68
(No Transcript)
69
Curriculum for Systems Administrators
Curriculum for Managers
70
(No Transcript)
71
Resources
  • Government
  • Advisors
  • WWW, Documents, FAQ, etc

72
Government Impact
  • Role of government agencies
  • Set standards for the design, implementation, and
    certification of security technologies
  • Control the export of technologies to companies
    international location

73
Government Agencies
  • The Computer Security Resource Clearinghouse
    (CSRC)
  • Raise awareness of all computer systems users
    about computer security
  • The Computer Technology Center (CSTC)
  • Operational Incident Response
  • Advance Security Projects
  • Secure Systems Services

74
  • Awareness of National Security Issues and
    Response (ANSIR)
  • Provide unclassified warning information and
    national security issues
  • National Institute of Standards and Technology
    (NIST)
  • Issues publications that deals with computer
    security standards and guidelines

75
  • National Computer Security Center (NCSC)
  • Provide guidelines to the industry designed to
    help them develop trusted systems
  • Provide security certification programs called
    The Trusted Computer System Evaluation Criteria
    (TCSEC) commonly referred as
  • The orange Book
  • Computer Emergency Response Team (CERT)
  • Started by the U.S. Department of Defense
  • Originally work as incident response center
  • Coordinate large-scales incidents, provide
    training and research causes
  • Private Key http//www.cert.org/pgp/cert_pgp_ke
    y.asc

76
Advisors
  • Independent groups
  • Forum of Incident Response and Security Teams
  • CIAC Security Bulletins
  • From vendors
  • Linux Security Alert
  • Microsoft Security Advisor
  • OpenBSD

77
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com