Professional Documents
Culture Documents
DFN40143 Network Security Chapter 5 Comprehensive Security Policy
DFN40143 Network Security Chapter 5 Comprehensive Security Policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Section 5.3:
Network Security Testing
Upon completion of this section, you should be able to:
• Describe the techniques used in network security testing.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Topic 5.3.1:
Network Security Testing Techniques
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Operations Security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Testing and Evaluating Network Security
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Types of Network Tests
Operational Status of the Network:
• Penetration testing
• Network scanning
• Vulnerability scanning
• Password cracking
• Log review
• Integrity checks
• Virus detection
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Topic 5.3.1:
Network Security Testing Tools
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Network Testing Tools
• Nmap/Zenmap
• SuperScan
• SIEM
• GFI LANguard
• Tripwire
• Nessus
• L0phtCrack
• Metasploit
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Nmap and Zenmap
• Nmap is short for Network Mapper.
• It is an open-source Linux command-line tool that is used to scan IP
addresses and ports in a network and to detect installed
applications.
• Nmap allows network admins to find which devices are running on
their network, discover open ports and services, and detect
vulnerabilities.
• It helps to quickly map out a network without sophisticated
commands or configurations, support simple commands and
complex scripting through the Nmap scripting engine.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Nmap and Zenmap
Other features of Nmap include:
• Ability to quickly recognize all the devices including servers, routers,
switches, mobile devices, etc on single or multiple networks.
• Helps identify services running on a system including web servers,
DNS servers, and other common applications.
• Nmap can find information about the operating system running on
devices, detailed information like OS versions, making it easier to
plan additional approaches during penetration testing.
• Use Nmap to attack systems using existing scripts from the Nmap
Scripting Engine during security auditing and vulnerability scanning.
• Nmap has a GUI called Zenmap. It helps you develop visual
mappings of a network for better usability and reporting.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Nmap and Zenmap
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
SuperScan
• SuperScan is a free Windows-only closed-source TCP/UDP port
scanner.
• It is a powerful TCP port scanner, that includes a variety of
additional networking tools like ping, traceroute, HTTP HEAD,
WHOIS and more.
• SuperScan has the capability to perform ping and port scans using
a valid IP address.
• Features:
It provides superior scanning speed for detecting both UDP and
TCP open ports.
We can read the IP addresses which need to be scanned from a
file.
The results of the scan can be read in a HTML file.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
SuperScan
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
SIEM
Essential functions:
• Forensic Analysis
• Correlation
• Aggregation
• Retention
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Section 5.4:
Developing a Comprehensive
Security Policy
Upon completion of this section, you should be able to:
• Explain the purpose of a comprehensive security policy.
• Explain security awareness and how to achieve through education and training.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Topic 5.4.1:
Security Policy Overview
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Security Policy
• A policy would be some form of documentation that is created to
enforce specific rules or regulations and keep a structure on
procedures.
• It allows an organization and its management team to draw very
clear and understandable objectives, goals, rules and formal
procedures that help to define the overall security posture and
architecture for said organization.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Secure Network Life Cycle
Determine what the assets of an organization are by asking:
• What does the organization have that others want?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Security Policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Security Policy Audience
Audience Determines Security Policy Content
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Topic 5.4.2:
Structure of a Security Policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Security Policy Hierarchy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Governing Policy
A governing policy includes:
• Statement of the issue that the policy addresses
• Actions, activities, and processes that are allowed (and not allowed)
• Consequences of noncompliance
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Technical Policies
Technical components:
• General policies
• Telephony policy
• Network policy
• Application policy
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
End User Polices
Customize End-User Policies for Groups
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Topic 5.4.3:
Standards, Guidelines, and Procedures
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Security Policy Documents
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Standards Documents
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Guideline Documents
NIST (National Institute of Standards and Technology)
Information Technology Portal
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Guideline Documents (Cont.)
NSA Website
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Guideline Documents (Cont.)
Common Criteria Website
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Procedure Documents
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Topic 5.4.4:
Roles and Responsibilities
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Organizational Reporting Structure
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Common Executive Titles
• Chief Executive Officer (CEO) • Chief Security Officer (CSO)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Topic 5.4.5:
Security Awareness and Training
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Security Awareness Program
Primary components:
• Awareness campaigns
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Topic 5.4.6:
Responding to a Security Breach
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Motive, Opportunity, and Means
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Collecting Data
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Summary
Chapter Objectives:
• Explain the various techniques and tools used for network security testing.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Thank you.
Instructor Resources
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44