CH-4

Network Security

Network Security and Management CSSY3106

Outlines

▰ Introduction
▰ Goal of network security
▰ Security Plan and Security Policy
▰ Security Checklist
▰ Importance of network security policy
▰ Designing a Security Policy
▰ Essentials of network security management
▰ Network Security Management Tools

2
1. Introduction

Many organizations take a multifaceted approach to the Network security:

 First, they work to control risk using different management techniques.
 Second, they develop a security policy that reflects the organization’s philosophy
regarding the protection of technology resources. Security policies define what the
organization needs to protect and how it should be protected.
 Third approach is awareness and training. Just as users need to be instructed how to
use specific software, hardware, instruction in order to maintain security. Because end
users form one of the most important defenses against attackers, they need to be
equipped with the knowledge and skills to ward off attacks.

3
 2. Goals of Network Security

Network security goals vary from organization to organization. Often, however, there are a few
common mandates:
▰ Ensure the confidentiality of resources
▰ Protect the integrity of data
▰ Maintain availability of the IT infrastructure
▰ Ensure the privacy of personally identifiable data
▰ Enforce access control
▰ Monitor the IT environment for violations of policy
▰ Support business tasks and the overall mission of the organization
In order to accomplish your organization’s security goals, you need to write down those goals
and develop a thorough plan to execute them.
4
 3. Security Plan and Security Policy

The foundation of any security endeavor is a written plan. To have a plan, you must
thoroughly understand your organization’s infrastructure, its mission and goals, and the
processes necessary to produce its products and services. This means understanding the
technology that your co-workers need and use, which assets are involved, which resources are
consumed, where everything resides, and how users access the infrastructure.
A written security policy establishes a documentation trail that everyone in the organization
can follow and subscribe to. To write a comprehensive security policy, you must first
thoroughly inventory and examine every component of the IT infrastructure. Once you have
designed and deployed a written security policy, regularly review the policy. Investigate
whether the overall quality and reliability of the existing security is sufficient or in need of
improvement. Verify that assets are still properly protected. Evaluate whether prevention,
deterrence, and response have been adequate and effective.

5
4. Security Checklist

One method to maintain the efficiency of security is through regular verification and
validation checks of every countermeasure, safeguard, security control, deterrent,
prevention, and defense. This requires an inventory of all security measures. This
inventory can then become a checklist.
Physical security and logical security each need a separate list focusing on each
respective area of concern. A security guard or a security tech investigates every
physical security measure to ensure that it is still in effect, active, and unmodified. Such
tasks at the level of logical security are best left to security techs with proper
administrative access. The checklist provides the means to document the date and time of
each element that was checked.
Next slide will show a sample lists of some common elements found in most secure
organizations.
6
 Physical Security Checklist

A physical security checklist should include every security control deployed for facility control.
▰ Checking every window lock
▰ Checking every door lock
▰ Checking every external wall
▰ Inspecting access points to raised floor areas
▰ Inspecting access points to drop ceilings
▰ Ensuring that cabinets or containers are locked
▰ Verifying that security cameras are pointed in the correct direction
▰ Verifying that all light bulbs are the correct type and are functioning
▰ Checking motion detectors
▰ Testing alarm systems
▰ Interviewing security guards and confirming compliance with procedures 7
 Logical Security Checklist

A logical security checklist should include every security control deployed for
computer and network control.
▰ Checking authentication
▰ Checking authorization and access control
▰ Auditing systems
▰ Verifying firewalls and other filters
▰ Checking proxies and other communication management solutions
▰ Verifying encryption, including key management
▰ Updating antivirus software and scanners
▰ Backing up and storing archival information securely
▰ Verifying logging is functioning and that the results are secured
8
 5. Importance of Network Security Policies

With a written security policy, all security professionals strive to accomplish the same end: a successful,
secure work environment.
Benefits:
▰ It provides a common reference against which security tasks are compared.
▰ It serves as a measuring tool to judge whether security efforts are helping rather than hurting your
organization’s security objectives.
▰ By following the written plan, you can track progress so that you install and configure all the necessary
components.
▰ A written plan validates what you do, defines what you still need to do, and guides you on how to repair
the infrastructure when necessary.
▰ Without a written policy, you have no security because without a written security policy, workers won’t
have a reliable guide on what to do, and judging security success will be impossible.

9
 6. Designing a Security Policy

Designing a security policy involves:

▰ defining what a policy is meaning
▰ understanding the security policy cycle
▰ knowing the steps in policy development

10
Definition of a Policy
Several terms are used to describe the “rules” that a user follows in an organization.
A standard is a collection of requirements specific to the system or a procedure that must be met by
everyone.
For example, a standard might describe how to secure a computer at home that remotely connects to the
organization’s network. Users must follow this standard if they want to be able to connect.
A guideline is a collection of suggestions that should be implemented. These are not requirements to be
met but are strongly recommended.
A policy is a document that outlines specific requirements or rules that must be met.
In general, a policy has these characteristics:
▰ Communicates a consensus of judgment
▰ Defines appropriate behavior for users
▰ Identifies what tools and procedures are needed
▰ Provides directives for Human Resources action in response to inappropriate behavior
11
▰ May be helpful if it is necessary to prosecute violators
The Security Policy Cycle

Many organizations follow a three-phase cycle in the development and maintenance of a

security policy.
The security policy cycle is a never-ending process of identifying what needs to be
protected, determining how to protect it, and evaluating the protection.

12
The Security Policy
Cycle: Vulnerability Assessment
The first phase of the security policy is the vulnerability assessment, which is an evaluation of
the exposure of assets to attackers, forces of nature, or any other entity that is a potential harm.
Vulnerability assessment attempts to identify:
▰ Asset identification: it determines the items that have a positive economic value and may include
data, hardware, personnel, physical assets, and software.
▰ Threat identification: determine the threats from threat agents. A threat agent is any person or
thing with the power to carry out a threat against an asset.
▰ Vulnerability appraisal: determine what current security weaknesses might expose the assets to
these threats.
▰ Risk assessment: it determines the damage that would result from an attack and the likelihood that
the vulnerability is a risk to the organization.
▰ Risk mitigation: it determines what to do about the risks. It is important to recognize that security
weaknesses can never be entirely eliminated. Some degree of risk must always be assumed.
13
The Security Policy Cycle: Security Policy
Creation
The second phase of the security policy cycle is to use the information from the risk management study to
create the policy. A security policy is a document or series of documents that clearly define the defense
mechanisms an organization will employ to keep information secure. It also outlines how the organization
will respond to attacks and the duties and responsibilities of its employees for information security.

The Security Policy Cycle: Compliance Monitoring

and Evaluation

The final phase is to review the policy for compliance. Because new assets are continually being added to
the organization, and new threats appear against the assets, compliance monitoring and evaluation must be
conducted regularly. The results of the monitoring and evaluation (such as revealing that a new asset is
unprotected) become identified as risks, and the cycle begins again.
14
Steps in the Development of Security Policy

When designing a security policy, many organizations follow a standard set of

principles. These can be divided into what a policy must do and what a policy should
do, and are summarized in Table below:

15
 Steps in the Development of Security Policy
Cont.
The design of a security policy should be the work of a team and the size of the security policy
development team depends on the size and scope of the policy. The security policy development team
should be responsible for:
▰ developing the initial draft of the policy
▰ determining which groups are required to review each policy
▰ completing the required approval process
▰ determining how the policy will be implemented.
Ideally, the team should have these representatives:
▰ Senior level administrator
▰ Member of management who can enforce the policy
▰ Member of the legal staff
▰ Representative from the user community
16
 Types of security Policies

Acceptable Use Policy (AUP) An acceptable use policy (AUP) is a policy that defines the actions users may perform while
accessing systems and networking equipment. The users are not limited to employees; users can also include vendors,
contractors, or visitors, each with different privileges. AUPs typically cover all computer use, including Internet, e-mail,
Web, and password security.
Privacy Policy many organizations have a privacy policy, this policy outlines how the organization uses personal
information it collects.
Security-Related Human Resource Policy Security-related human resource policies typically are presented at an
orientation session when the employee is hired and provide the necessary information about the technology resources of the
organization, how they are used, and the acceptable use and security policies that are in force.
Password Management and Complexity Policy Although passwords often form the weakest link in information security,
they are still the most widely used form of authentication. A password management and complexity policy can clearly
address how passwords are created and managed.
Disposal and Destruction Policy addresses the disposal of resources that are considered confidential. This policy often
covers how long records and data will be retained. It also involves how to dispose of equipment. 17
Types of security Policies Cont.

18
Types of security Policies Cont.

19
7. Essentials of Network Security
Management

Network security management strives to maintain established security, adjust the

infrastructure to future threats, and respond to breaches in a timely manner.
A variety of techniques and tools are used including:

incident host backup security

and Checklists​ assessment
response​ security​
recovery​

Network security management is a complex but essential component of long-term, reliable

security.

20
Essentials of Network Security Management
cond….

Hackers need to discover only a single flaw in your defenses to mount an attack.
Changes to the infrastructure, whether physical or logical, could open new holes in the
network. Additionally, users and personnel may intentionally or accidentally breach
security.
Focus on the core security services when designing security: confidentiality,
integrity, and availability. Failure to properly and adequately address these essential
security services will result in damage, data loss, and downtime. Confidentiality is the
prevention of unauthorized access while supporting authorized access. Integrity is the
protection against unauthorized modifications. Availability is the assurance that
resources are accessible in a timely manner.

21
 Essentials of Network Security Management Cont.

Common parameters for security design and implementation

▰ Deterrence is the use of security to convince the potential attacker that the efforts to
compromise a system are not worth it. The attack may be perceived as too hard or too
complex, the attempt too easy to detect, and the consequences too severe.
▰ Detection is to watch for the attempts at breaching security so as to respond promptly.
▰ Delay is to slow down the attack so that even successful breaches give the defenders time to
respond in order to apprehend the attacker or prevent further intrusion.
▰ Prevention is the use of safeguards to thwart exploitation or compromise. It is usually more
efficient, easier, and cost effective to prevent intrusions and breaches than to react to them.
▰ Response means being prepared to contain damage, restrict further compromise, and effect
repairs to return the system to normal.

22
8. Network Security Management Tools

The best network security management tools are quite simple and obvious. The best tools
are:
▰ A written security policy
▰ A security checklist
▰ A complete inventory of all hardware and software
▰ A physical cabling layout and device location map
▰ A logical organization, addressing, and subnetting map
▰ Complete configuration documentation for every device
▰ Change documentation and log Backup and restoration procedures
▰ An incident response, business continuity, and disaster recovery strategy
23
Network Security Management Tools Cont.

▰ Troubleshooting guidelines
▰ Hardware and software documentation
▰ Personal knowledge and skill
▰ Access to online resources

Security management is not about having the most expensive products or the most
automated configuration. Instead, good security management is rooted in a solid
understanding of the infrastructure and having the tools to improve, respond, and repair as
necessary. Security management should focus on protecting assets, supporting authorized
activities, and responding to threats as each is discovered.

24
 REFERENCES

Network Security, Firewalls, and VPNs., J. Micheal Stewart, Denise Kinsey., Information
Systems Security & Assurance Series from Jones & Bartlett Learning, Third edition.
(Chapter 1-1.3 & 1.5, Chapter 14- 14.1 & 14.2)
Security + Guide to Network Security Fundamentals, Mark Ciampa, CompTIA, Forth
edition. (Chapter 14- page no. 540-548)

25
THANKS!
Any questions?

26