Your SlideShare is downloading. ×
15 Network Security ..
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

15 Network Security ..

284
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
284
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Network Security Overview By Bob Larson
  • 2. Security Concerns Viruses Denial of Service Information Theft Unauthorized Access Industrial Espionage Hacktivism Public Confidence Privacy Pornography Internet
  • 3. The Need for Security – Then Network designed and implemented in a corporate environment Providing connectivity only to known parties and sites No connections to public networks
  • 4. The Need for Security – Now
  • 5. Securing Network Resources
    • Hardware threats
    • Environmental threats
    • Electrical threats
    • Maintenance threats
  • 6. Trends Affecting Network Security What motivates companies?
  • 7. Security Expectations
    • Users can perform only authorized tasks
    • Users can obtain only authorized information
    • Users can’t cause damage to
      • Data
      • Applications
      • Operating environment of a system
  • 8. The Goals of Network Security
    • C onfidentiality
      • Securing data from prying eyes
    • I ntegrity
      • Authenticating the source
        • Is the sender who they claim to be
      • Authenticating the data
        • Has the data been modified
    • A vailability
      • Users need reasonable access to data they are authorized to use
  • 9. Security Awareness
    • Security techniques and technologies
    • Methodologies for evaluating (not the same)
      • Threats
      • Vulnerabilities
      • Risk
    • Selection criteria and planning required to implement controls
    • What if security is not maintained
      • What is at risk
      • What is the cost if a breach occurs (all costs)
        • Financial
        • Reputation
        • Loss of the resource
        • Loss of competitive advantage
  • 10. Threats, Vulnerabilities and Risk
    • Threats
      • Something bad
      • Something that can cause harm
    • Vulnerabilities
      • Susceptible to attack or harm
      • Without adequate protection
    • Risks
      • Chance of something happening
        • Statistical odds
  • 11. Threats and Consequences
  • 12. Network Security Weaknesses
    • Technology weaknesses
    • Configuration weaknesses
    • Security policy weaknesses
  • 13. Technology Weaknesses
    • All computer and network technologies have inherent security weaknesses or vulnerabilities.
    • Don’t overlook:
      • Hardware issues
      • Operating System issues
      • Network protocol issues (even TCP/IP)
      • Application vulnerabilities
  • 14. Configuration Weaknesses
    • Insecure default settings
      • If you left the defaults, you are dead.
    • Misconfigured network equipment
      • A little knowledge is a dangerous thing
    • Insecure user accounts/passwords
      • End-users can’t be trusted to use strong pws.
    • Misconfigured Internet services
      • HTTP, Java, CGI, unneeded services.
  • 15. What Is a Security Policy?
    • “ A security policy is a formal statement of the rules by which people who are given access to an organization’s technology and information assets must abide.”
    • RFC 2196, Site Security Handbook
    Could be applied to a family with kids!
  • 16. Security Policy Weaknesses
    • Lack of a written security policy
    • Internal politics
    • Lack of business continuity
      • Turnover in staff/management can be devastating
    • Logical access controls to network equipment not applied
    • Security administration is lax, including monitoring and auditing
    • Lack of awareness of having been attacked
    • Software or hardware installation and changes that don’t follow the policy
    • Security incident and disaster recovery procedures not in place
  • 17. Security Resources
    • SecurityFocus.com— http://www.securityfocus.com
    • SANS— http://www.sans.org
      • Security Policy Project – free templates
      • Masters Degrees in Security
    • CERT— http://www.cert.org
      • Center of Internet security expertise at Carnegie Mellon U
    • CIAC— http://www.ciac.org/ciac
      • US Dept of Energy
    • CVE— http://cve.mitre.org
      • Common Vulnerabilities and Exposures – Homeland Security
    • Computer Security Institute— http://www.gocsi.com
    • Center for Internet Security— ttp://www.cisecurity.org
  • 18. National Security Agency (NSA) Guides http://www.nsa.gov/snac/
  • 19. Fin…