1. You have been approached by your manager give a talk on the Network security standard ISO 17799.

Write a short precise detailing the purpose of this document and the main components within parts 1 and 2 of the document.

ISO 17799 is an internationally recognized Information Security Management Standard, first published by the International Organization for Standardization, or ISO (www.iso.ch), in December 2000. ISO 17799 is high level, broad in scope, and conceptual in nature. This approach allows it to be applied across multiple types of enterprises and applications. It has also made the standard controversial among those who believe standards should be more precise. In spite of this controversy, ISO 17799 is the only standard devoted to Information Security Management in a field generally governed by Guidelines and Best Practices. ISO 17799 defines information as an asset that may exist in many forms and has value to an organization. The goal of information security is to suitably protect this asset in order to ensure business continuity, minimize business damage, and maximize return on investments. As defined by ISO 17799, information security is characterized as the preservation of: Confidentiality ensuring that information is accessible only to those authorized to have access. Integrity safeguarding the accuracy and completeness of information and processing methods. Availability ensuring that authorized users have access to information and associated assets when required. As a standard that is primarily conceptual, ISO 17799 is not: A technical standard Product or technology driven An equipment evaluation methodology such as the Common Criteria/ISO 15408, which deals with functional and assurance requirements of specific equipment Related to the Generally Accepted System Security Principles, or GASSP, which is a collection of security best practices Related to the five-part Guidelines for the Management of IT Security, or GMITS/ ISO 13335, which provides a conceptual framework for managing IT security While ISO 17799 only covers the selection and management of information security controls, these controls may: Require utilization of a Common Criteria Equipment Assurance Level (EAL) Incorporate GASSP guidelines Implement GMITS concepts ISO 17799 is a direct descendant of the British Standard Institute (BSI) Information Security Management standard BS 7799. The BS7799 standard now consists of the following: 1. Part t Code of Practice 2. Part 2 Specification of Information Security Management Systems

BS 7799 Part 1 (ISO 17799) versus BS 7799 Part 2 It is important to understand the distinctions between Part 1 and Part 2 of the BS 7799 standard in order to later understand the dilemma facing conformance assessment. Part 1 is an implementation guide, based on suggestions. It is used as a means to evaluate and build sound and comprehensive information security infrastructure. It details information security concepts an organization should do. BS 7799 Part 2 is an auditing guide based on requirements. To be certified as BS 7799compliant, organizations are audited against Part 2. It details information security concepts an organization shall do. This rigidity precluded widespread acceptance and support. Benefits of ISO 17799 Arguably, perfect security may be achievable only for networkless servers located in rooms without doors. Information security is always a matter of trade-offs, balancing business requirements against the triad of confidentiality, integrity, and availability. The information security process has traditionally been based on sound best practices and guidelines, with the goal being to prevent, detect, and contain security breaches, and to restore affected data to its previous state. While this cumulative wisdom of the ages is valid, it is also subject to various interpretations and implementations. ISO 17799 offers a benchmark against which to build organizational information security. It also offers a mechanism to manage the information security process. ISO 17799 is a comprehensive information security process that affords enterprises the following benefits: An internationally recognized, structured methodology A defined process to evaluate, implement, maintain, and manage information security A set of tailored policies, standards, procedures, and guidelines Certification allows organizations to demonstrate their own and evaluate their trading partners information security status Certification shows due diligence

3. Write a summary of how an Edge router can be configured into a firewall; include details of how it can be used to filter traffic through the use of CBAC and zone based firewalls
To define the concept of the following we need to have a topology to be able to understand better:

CBAC: CBAC intelligently filters TCP and UDP packets based on application-layer protocol session information. You can configure CBAC to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network you want to protect. CBAC can inspect traffic for sessions that originate from either side of the firewall, and CBAC can be used for intranet, extranet, and Internet perimeters of your network.
To configure CBAC, you must complete the tasks described in these sections: Pick an Interface Configure IP Access Lists at the Interface Configure Global Timeouts and Thresholds Define an Inspection Rule Apply the Inspection Rule to an Interface

The following are the syntaxes: EdgeRouter# configure terminal EdgeRouter(config)# ip access-list extended 111 EdgeRouter(config-ext-nacl)# permit ospf any any EdgeRouter(config-ext-nacl)# deny ip any any EdgeRouter(config-ext-nacl)# exit EdgeRouter(config)# interface S0/0 EdgeRouter(config-if)# ip access-group 111 in EdgeRouter(config-if)# exit EdgeRouter(config)# ip inspect name CBAC tcp EdgeRouter(config)# ip inspect name CBAC udp EdgeRouter(config)# ip inspect name CBAC icmp EdgeRouter(config)# interface S0/0 EdgeRouter(config)# ip inspect CBAC out EdgeRouter(config)# end

ZBFW: Zone Based Firewall introduces a new firewall configuration model. Its policies are applied to traffic moving between zones, not interfaces. Firewall policies can be more clearly understood. To configure Zone Based Firewall we need to configure the following: Class maps Policy maps Security zones Zone-pairs

EdgeRouter# configure terminal EdgeRouter(config)# class-map type inspect match-any CMAP EdgeRouter(config-cmap)# match protcol tcp EdgeRouter(config-cmap)# match protcol icmp EdgeRouter(config-cmap)# match protcol udp EdgeRouter(config-cmap)# exit EdgeRouter(config)# policy-map type inspect PMAP EdgeRouter(config-pmap)# class type inspect CMAP EdgeRouter(config-pmap-c)# inspect EdgeRouter(config-pmap-c)# exit EdgeRouter(config-pmap)# exit EdgeRouter(config)# zone security inside EdgeRouter(config)# zone security outside EdgeRouter(config)# interface S0/0 EdgeRouter(config-if)# zone-member security OUTSIDE EdgeRouter(config)# interface F0/0 EdgeRouter(config-if)# zone-member security INSIDE EdgeRouter(config)# zone-pair security inside-to-outside source INSIDE destination OUTSIDE EdgeRouter(config-sec-zone-pair)# service-policy type inspect PMAP EdgeRouter(config-sec-zone-pair)# end

4. The IT manager approaches you and says he has heard the term device hardening, and asks you to explain this term. Write a technical paper describing the features and steps that can be taken to secure network devices. (router and switch security)

Hardening a device requires known security vulnerabilities to be eliminated or mitigated. A vulnerability is any weakness or flaw in either the software design, implementation or administration of a system that ultimately provides a mechanism by which IT systems can be infiltrated and compromised. There are two main areas to address in order to eliminate security vulnerabilities: 1. 2. Configuration Settings Software Flaws in programs and operating system files

Eliminating vulnerabilities will require either remediation - typically a software upgrade or patch for program or OS files - or mitigation - a configuration settings change. Hardening is required equally for servers, workstations and network devices such as firewalls, switches and routers.

There are ten steps to secure the network: 1. Firewall Implementation:

The first step for any attacker is to find network vulnerabilities by scanning for open ports. Ports are the mechanisms by which your small business network opens up and connects to the wider world of the Internet. A hacker sees an open port to as an irresistible invitation for access and exploitation. A network firewall locks down ports that don't need to be open.

2.

Password Protect the Firewall:

It's a trivial matter in many cases for an attacker to identify the brand and model number of a device on a network. It's equally trivial to simply use Google to obtain the user manual to find the default username and password.

3.

Update Firmware on the Router/Firewall/Switches:

Outdated router or firewall firmware is another common issue. Small business network equipment, just like applications and operating systems, needs to be updated for security and bug fixes. The firmware that your small business router and/or firewall shipped with is likely out-of-date within a year, so it's critical to make sure you update it.

4.

Block Ping:

One of the simplest methods that a hacker uses to find a network is by sending a ping request, which is just a network request to see if something will respond. The idea being if a network device responds, there is something there that the hacker can then explore further and potentially exploit. 5. Scan Yourself:

One of the best ways to see if you have open ports or visible network vulnerabilities is to do the same thing that an attacker would do -- scan your network.

6.

Lock Down IP Addresses:

On your router/firewall admin page, there is likely a menu item under network administration that will let you specify IP addresses for DHCP users. You'll need to identify the MAC address to which you can then assign an IP.

7.

VLANs:

Mitigating risk is all about providing access to network resources to the people who are authorized and restricting access to those who aren't.

8.

Intrusion Prevention Service (IPS)

In addition to the firewall, Intrusion Prevention System (IPS) technology can play a key network securityrole. An IPS does more than simply monitor ports; it monitors the traffic flow for anomalies that could indicate malicious activity.

9.

Web Access Firewall (WAF)

If you are hosting applications, WAF in front of (or as part of) your Web server is a key technology that you need to look at

10. Use VPN If you've gone through all the trouble of protecting your small business network, it makes sense to extend that protection to your mobile and remotely connected employees as well.