• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • 1
    CommentGo Back
Download
 
9. Managing a Secure Network 9.0.1 Chapter Introduction
Mitigating network attacks requires a comprehensive, end-to-end approach that includes creating andmaintaining security policies based on the security needs of an organization. The first step inestablishing an organization's security needs is to identify likely threats and perform a risk analysis, theresults of which are used to establish the security hardware and software implementations, mitigation policies, and network design.To help simplify network design, it is recommended that all security mechanisms come from a singlevendor. The Cisco Self-Defending Network is a comprehensive, end-to-end solution for network security. Cisco Security Manager and Cisco MARS provide network management options for CiscoSDN solutions.After the network is designed, operations security entails the day-to-day practices necessary to firstdeploy and later maintain the secure system. Part of maintaining a secure system is network securitytesting. Security testing is performed by the operations team, to ensure that all security implementationsare operating as expected. Testing is also used to provide insight into business continuity planning,which addresses the continuing operations of an organization in the event of a disaster, disruption, or  prolonged service interruption.After a secure network is implemented and continuity plans are established, those plans and documentsmust be continuously updated based on the changing needs of the organization. For this reason, it isnecessary to understand the system development life cycle (SDLC) for the purposes of evaluatingsystem changes and adjusting security implementations. The SDLC includes five phases: initiation,acquisition and development, implementation, operations and maintenance, and disposition. It isimportant to include security considerations in all phases of the SDLC.A network security system cannot completely prevent assets from being vulnerable to threats. Newattacks are developed and vulnerabilities identified that can be used to circumvent security solutions.Additionally, technical, administrative, and physical security systems can be defeated if the end user community does not adhere to security practices and procedures. A comprehensive security policy must be maintained which identifies an organization's assets, specifies the security hardware and softwarerequirements for protecting those assets, clarifies the roles and responsibilities of personnel, andestablishes the proper protocol for responding to security breaches. If security policies are establishedand followed, organizations can minimize the loss and damages resulting from attacks.
9.1.1 Ensuring a Network is Secure
Mitigating network attacks requires a comprehensive, end-to-end approach:
Secure network devices with AAA, SSH, role-based CLI, syslog, SNMP, and NTP.
Secure services using AutoSecure and one-step lockdown.
Protect network endpoints, such as workstations and servers, against viruses, Trojan Horses, andworms with Cisco NAC, Cisco IronPort, and Cisco Security Agent.1
 
Use Cisco IOS Firewall and accompanying ACLs to secure resources internally while protectingthose resources from outside attacks.
Supplement Cisco IOS Firewall with Cisco IPS technology to evaluate traffic using an attack signature database.
Protect the LAN by following Layer 2 and VLAN recommended practices and by using a varietyof technologies, including BPDU guard, root guard, PortFast, and SPAN.Despite these security techniques, hackers are continuously developing new ways to attack networks. Animportant part of implementing a secure network is creating and maintaining security policies tomitigate existing as well as new kinds of attacks. These polices enforce a structured, informed,consistent approach to securing the network. When developing security policies, several questions must be answered:
Business needs - What does the organization want to do with the network? What are theorganizational needs? Regardless of the security implications, business needs must come first.
Threat Identification - What are the most likely types of threats given the organization's purpose?For example, a financial institution will face different threats than a university.
Risk analysis - What is the cost versus benefit analysis of implementing various securitytechnologies? How do the latest security techniques affect the network environment and what isthe risk if they are not implemented?
Security needs - What are the policies, standards, and guidelines needed to address businessneeds and risks?
Industry-recommended practices - What are the reliable, well-understood, and recommendedsecurity practices that similar organizations currently employ?
Security operations - What are the current procedures for incident response, monitoring,maintenance, and auditing of the system for compliance?Many security assumptions are made when designing and implementing a secure network.Unfortunately, unfounded assumptions about how and where the system will be used can lead to broken,misconfigured, or bypassed security mechanisms. An example of a bad assumption is that more usersneed to use a protocol, such as FTP, than is actually the case.A wrong assumption has negative ramifications for all design work. It might influence one designdecision, and then propagate to other decisions that depend on it. Wrong decisions are especiallydangerous in early stages of secure system design when threats are modeled and risks are assessed. It isoften easy to correct or enhance a single implementation aspect of a system, such as a firewallconfiguration. However, design errors, such as where that firewall is placed, are either extremely hard or impossible to correct without substantial investments in time and technology.There are guidelines to help you avoid making wrong assumptions:
Expect that any aspect of a security system might fail. When designing a system, perform what-if analysis for failures of every element, assess the probability of failure, and analyze all possibleconsequences of a failure, taking into account cascading failures of other elements.
Identify any elements that fail-open. Fail-open occurs when a failure results in a complete bypassof the security function. Ideally, any security element should be fail-safe. If the element fails, itshould default to a secure state, such as blocking all traffic.
Try to identify all attack possibilities. One way to accomplish this is with a top-down analysis of  possible system failures, which involves evaluating the simplicity and probability of every attack on a system. This type of analysis is commonly referred to as an attack tree analysis.
Evaluate the probability of exploitation. Focus on the resources that are needed to create anattack, not the obscurity of a particular vulnerability. Be sure to account for technologicaladvances.2
 
Assume that people make mistakes. For example, end users might use a system improperly,compromising its security unintentionally.
Attackers might not use common and well-established techniques to compromise a system.Instead, they might hammer the system with seemingly random attacks, looking for possibleinformation on how the system behaves under unexpected conditions.
Check all assumptions with other people. They might have a fresh perspective on potentialthreats and their probability. The more people that question the assumptions, the more likely a bad assumption will be identified.
9.1.2 Threat Identification and Risk Analysis
One of the first steps to establishing an organization's security needs is to identify likely threats. Threatidentification provides an organization with a list of threats that a system is subject to in a particular environment. When identifying threats, it is important to ask two questions:
What are the possible vulnerabilities of a system?
What are the consequences if system vulnerabilities are exploited?For example, threat identification for connecting an e-banking system would include:
Internal system compromise - The attacker uses the exposed e-banking servers to break into aninternal bank system.
Stolen customer data - An attacker steals the personal and financial data of bank customers fromthe customer database.
Phony transactions from an external server - An attacker alters the code of the e-bankingapplication and runs arbitrary transactions impersonating a legitimate user.
Phony transactions if the customer PIN or smart card is stolen - An attacker steals the identity of a customer and runs malicious transactions from the compromised account.
Insider attack on the system - A bank employee finds a flaw in the system to mount an attack.
Data input errors - A user inputs incorrect data or makes incorrect transaction requests.
Data center destruction - A cataclysmic event severely damages or destroys the data center.Identifying vulnerabilities on a network entails understanding the important applications that are used aswell as the different vulnerabilities of that application and hardware. This can require a significantamount of research on the part of the network administrator.Risk analysis is the systematic study of uncertainties and risks. It estimates the probability and severityof threats to a system and provides an organization with a prioritized list. Risk analysts identify the risks,3
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
06 / 12 / 2010This doucment made it onto the Rising List!
You must be to leave a comment.
Submit
Characters: ...