2. Fundament
al Questions
for Network
Security ?
1. What areyou trying to protect or maintain?
2. What areyour businessobjectives?
3. What doyou needto accomplish these objectives?
4. What technologies or solutions arerequiredto support theseobjectives?
5. Areyour objectives compatiblewith your security infrastructure, operations,
and tools?
3. Fundament
al Questions
for Network
Security ?
6. What risks areassociated with inadequatesecurity?
7. What arethe implications ofnot implementing security?
8. Will you introducenew risks not coveredby your current security solutionsor
policy?
9. How do you reduce that risk?
10. What is your tolerancefor risk?
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
4. Transformation
of the Security
Paradigm
• Security is no longer about “products”
• Scalability demands are increasing
• Legacy endpoint security Total Cost of Ownership (TCO) is a
challenge
• Day zero damage
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
5. Principles
of Security—
The CIA
Model
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
6. Policies,
Standards,
Procedures,
Baselines,
Guidelines
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
A security policy is a set ofrules, practices, and procedures dictating how
sensitiveinformation is managed, protected, and distributed. In the network
securityrealm, policies areusuallypoint specific, which means they cover a
singlearea. A security policy is a document that expressesexactly what the
securitylevel shouldbeby setting thegoals of what the security mechanisms
are toaccomplish. Security policy is written by higher management and is
intended to describethe “whats” ofinformation security.
7. YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
Thesamplelist that follows covers somecommon policies that an organization
shouldconsider.
•Acceptable use.
•Ethics
•Information sensitivity
•E-mail
•Password
•Risk assessment
Examples of
Security
Policies
8. Relationships Among
Security Policies, Standards,
Procedures, Baselines, and
Guidelines
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
9. Security
Models
An important element in thedesign andanalysis of securesystemsisthe
securitymodel, becauseit integratesthesecurity policy that should be
enforcedin the system. A securitymodel is a symbolic portrayal ofa security
policy. It maps therequirements ofthepolicy makers into a set ofrules and
regulations that aretobefollowed by a computer system or a network
system. A security policy is a set of abstract goals and high-level
requirements, and thesecurity model is thedo’s and don’tsto makethis
happen.
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
10. Security
Models
• The Bell-LaPadula Model (BLM), also calledthe multilevelmodel, wasintroducedmainly to
enforce access controlingovernment andmilitary applications.BLM protectsthe
confidentiality of the informationwithina system.
• The Biba model is a modificationof the Bell-LaPadula model that mainly emphasizes the
integrity of the information withina system.
• The Clark-Wilson model prevents authorizedusers frommaking unauthorized modification to
the data.This model introducesa systemof triples: a subject, a program, and anobject.
• The AccessControl Matrix is a general model of access control that is basedonthe concept
of subjects and objects.
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
11. Security
Models
• The InformationFlow model restricts information inits flow so that it moves only to and
fromapprovedsecurity levels.
• The Chinese Wallmodel combines commercialdiscretionwithlegally enforceable mandatory
controls.It is required inthe operationof many financial services organizations.
• The Lattice model deals withmilitary information.Lattice-basedaccesscontrol models were
developedin the early 1970s to deal with the confidentiality of militaryinformation.Inthe
late 1970s and early 1980s, researchers applied these models to certain integrity concerns.
Later, applicationof the modelsto the Chinese Wall policy, a confidentiality policy unique to
the commercialsector, was developed.A balancedperspective onlattice-basedaccess
controlmodels is provided.
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
12. Perimeter
Security
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
Opinions on perimeter security have changed a great deal over the
past few years. Part of that change is that the very nature of
perimeter security is becoming increasingly uncertain, and everyone
has a different view of just what it is. The limits of the perimeter
itself are becoming broad and extensive, with no geographic
boundaries, and remote access is becoming part of the integral
network.
13. A Solid
Perimeter
Security
Solution
• A comprehensiveperimeter security solution enables communications
acrossit as defined by thesecurity policy, yet protects thenetwork
resources from breaches, attacks, or unauthorized use. It controls
multiplenetwork entry and exit points. It alsoincreases user assurance
by implementing multiplelayersofsecurity.
• TheCisco widerangeof Ciscoperimeter security solutionsprovides
several levels ofperimeter security that can be deployed throughout
your network as defined by your security policy. These solutions are
highly flexible andcan betailoredto your securitypolicy.
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
14. Security in
Layers
As discussedearlier, security in layers is thepreferred andmost scalable
approach tosafeguarda network. Onesinglemechanismcannot be relied on
for thesecurity of asystem. Toprotect your infrastructure, you must apply
security in layers. This layered approach is also called defensein depth. The
idea is that you createmultiple systems sothat afailurein onedoes not
leaveyou vulnerable, but iscaught in thenext layer. Additionally, in alayered
approach, thevulnerability can belimited and contained to theaffected layer
becauseoftheappliedsecurity at varyinglevels
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
15. Multilayer
Perimeter
Solution
Asstatedpreviously, today’s solutions areshifting toward theapproach of
placing safeguard mechanisms at various layers ofthenetwork, not just at
theboundary or edgedevices. Today, it isrecommendedto deploy Intrusion
Prevention System (IPS) devices on both the insideand outside boundaries of
private networks. Firewalls, on theother hand, are placed between various
business segments or departmentswithin the sameorganization, dividing the
network into logical groupings andapplyingperimeter defenseat each
segment or department. In thismultiperimeter model, each segment can have
different layersof defensewithin it.
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
16. Multilayer
Perimeter
Solution
Effective perimeter security has become increasingly important over
recent years. Perimeter security cannot be trusted to only the traditional
defense mechanisms of firewalls and IDS. Web applications, wireless
access, network interconnectivities, and VPNs have made the perimeter a
much more complicated concept than it was a couple of years ago.
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
17. Multilayer
Perimeter
Solution
A layered approach requires implementing security solutions at different
spectrums of the network. Another similar concept is islandsof security.
To implement islands of security, do not restrict your thinking to
perimeter security. Do not depend on just one method for your security.
You should, instead, have layers of protection—perimeter, distribution,
core, and access layer.
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
18. Security
Applied Across
All Layers of
the System
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
19. The
Domino
Effect
The OSI reference model was built to enable different layers to work
independently of each other. The layered approach was developed to
accommodate changes in the evolving technology. Each OSI layer is
responsible for a specific function within the networking stack, with
information flowing up and down to the next subsequent layer as data is
processed. Unfortunately, this means that if one layer is hacked,
communications are compromised without the other layers being aware of
the problem.
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
20. The
Domino
Effect
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
21. Security
Wheel
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
22. Summary
• This chaptergave anoverview ofnetworksecurity and discussed the challenges
ofmanagingasecured networkinfrastructure. The chapter discussed how the
security paradigmischangingand that securitysolutionstoday arenolonger
productbased.Instead,theyare moresolution oriented and designed with
businessobjectives inmind.
• Thechapteralso discussed the coreprinciplesofsecurity—the CIA triad of
confidentiality,integrity,and availability—followed bybriefdiscussion ofaspects
ofsecuritypolicies: standards,procedures, baselines,guidelines,and various
security models.Thechapter takesadetailed lookattheperimeter securityissue
and themultilayered securityapproach.Thechapterconcludeswith theCisco
security wheelparadigminvolvingfivecyclical steps.
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
23. References
• Harris, Shon. CISSP All-in-OneExamGuide, SecondEdition. McGraw-Hill
OsborneMedia, 2003.
https://www2.sans.org/resources/policies/#template
http://www.cisco.com/go/securityconsulting
http://www.doc.ic.ac.uk/~ajs300m/security/CIA.htm
http://portal.acm.org/citation.cfm?id=619980
http://www.gammassl.co.uk/topics/chinesewall.html
http://www.devx.com/security/Article/20472
• Guel, Michele. “A Short Primer for Developing Security Policy,” Cisco
Systems, http://www.sans.org/resources/policies/#primer
YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012YOUR COMPANYNAME | LONGAND INTERESTING PRESENTATION TITLE | VERSION NO. XX | 06/06/2012
Editor's Notes
Security is no longer about “products”: Security solutions must be chosen with business objectives in mind and integrated with operational procedures and tools. Scalability demands are increasing: With the increasing number of vulnerabilities and security threats, solutions must scale to thousands of hosts in large enterprises. Legacy endpoint security Total Cost of Ownership (TCO) is a challenge: Reactive products force deployment and renewal of multiple agents and management paradigms. Day zero damage: Rapidly propagating attacks (Slammer, Nimda, MyDoom) happen too fast for reactive products to control. Therefore, an automated, proactive security system is needed to combat the dynamic array of modern-day viruses and worms.With modern-day distributed networks, security cannot be enforced only at the network edge or perimeter. We will discuss perimeter security in more detail later in this chapter.Zero-day attacks or new and unknown viruses continue to plague enterprises and service provider networks.To attempt to establish protection against attacks, enterprises try to patch systems as vulnerabilities become known. This clearly cannot scale in large networks, and this situation can be addressed only with real-time proactive-based systems.
The sample list that follows covers some common policies that an organization should consider. Acceptable use: This policy outlines the acceptable use of computer equipment. The rules are established to protect the employee and the organization. Inappropriate use exposes the company to risks including virus attacks, compromise of network systems and services, and legal issues. Ethics: This policy emphasizes the employee’s and consumer’s expectations to be subject to fair business practices. It establishes a culture of openness, trust, and integrity in business practices. This policy can guide business behavior to ensure ethical conduct. Information sensitivity: This policy is intended to help employees determine what information can be disclosed to nonemployees, as well as the relative sensitivity of information that should not be disclosed outside an organization without proper authorization. The information covered in these guidelines includes but is not limited to information that is either stored or shared via any means. This includes electronic information, information on paper, and information shared orally or visually (such as by telephone, video conferencing, and teleconferencing). E-mail: This policy covers appropriate use of any e-mail sent from an organization’s e-mail address and applies to all employees, vendors, and agents operating on behalf of the company. Password: The purpose of this policy is to establish a standard for creation of strong passwords, the protection of those passwords, and the frequency of change. Risk assessment: This policy is used to empower the Information Security (InfoSec) group to perform periodic information security risk assessments (RA) for the purpose of determining areas of vulnerability and to initiate appropriate remediation.
As stated previously, today’s solutions are shifting toward the approach of placing safeguard mechanisms at various layers of the network, not just at the boundary or edge devices. Today, it is recommended to deploy Intrusion Prevention System (IPS) devices on both the inside and outside boundaries of private networks. Firewalls, on the other hand, are placed between various business segments or departments within the same organization, dividing the network into logical groupings and applying perimeter defense at each segment or department. In this multiperimeter model, each segment can have different layers of defense within it. Effective perimeter security has become increasingly important over recent years. Perimeter security cannot be trusted to only the traditional defense mechanisms of firewalls and IDS. Web applications, wireless access, network interconnectivities, and VPNs have made the perimeter a much more complicated concept than it was a couple of years ago. A layered approach requires implementing security solutions at different spectrums of the network. Another similar concept is islands of security . To implement islands of security, do not restrict your thinking to perimeter security. Do not depend on just one method for your security. You should, instead, have layers of protection—perimeter, distribution, core, and access layer. Figure 1-4 illustrates a basic multilayered security mechanism, which is designed to protect the data flow in the system.
As stated previously, today’s solutions are shifting toward the approach of placing safeguard mechanisms at various layers of the network, not just at the boundary or edge devices. Today, it is recommended to deploy Intrusion Prevention System (IPS) devices on both the inside and outside boundaries of private networks. Firewalls, on the other hand, are placed between various business segments or departments within the same organization, dividing the network into logical groupings and applying perimeter defense at each segment or department. In this multiperimeter model, each segment can have different layers of defense within it. Effective perimeter security has become increasingly important over recent years. Perimeter security cannot be trusted to only the traditional defense mechanisms of firewalls and IDS. Web applications, wireless access, network interconnectivities, and VPNs have made the perimeter a much more complicated concept than it was a couple of years ago. A layered approach requires implementing security solutions at different spectrums of the network. Another similar concept is islands of security . To implement islands of security, do not restrict your thinking to perimeter security. Do not depend on just one method for your security. You should, instead, have layers of protection—perimeter, distribution, core, and access layer. Figure 1-4 illustrates a basic multilayered security mechanism, which is designed to protect the data flow in the system.
As stated previously, today’s solutions are shifting toward the approach of placing safeguard mechanisms at various layers of the network, not just at the boundary or edge devices. Today, it is recommended to deploy Intrusion Prevention System (IPS) devices on both the inside and outside boundaries of private networks. Firewalls, on the other hand, are placed between various business segments or departments within the same organization, dividing the network into logical groupings and applying perimeter defense at each segment or department. In this multiperimeter model, each segment can have different layers of defense within it. Effective perimeter security has become increasingly important over recent years. Perimeter security cannot be trusted to only the traditional defense mechanisms of firewalls and IDS. Web applications, wireless access, network interconnectivities, and VPNs have made the perimeter a much more complicated concept than it was a couple of years ago. A layered approach requires implementing security solutions at different spectrums of the network. Another similar concept is islands of security . To implement islands of security, do not restrict your thinking to perimeter security. Do not depend on just one method for your security. You should, instead, have layers of protection—perimeter, distribution, core, and access layer. Figure 1-4 illustrates a basic multilayered security mechanism, which is designed to protect the data flow in the system.
Network security is a continuous process built around the corporate security policy. The security wheel depicted in Figure 1-6 shows a recursive, ongoing process of striving toward perfection—to achieve a secured network infrastructure. The paradigm incorporates the following five steps: Step 1 Develop a security policy A strong security policy should be clearly defined, implemented, and documented, yet simple enough that users can easily conduct business within its parameters. Step 2 Make the network secure Secure the network by implementing security solutions (implement authentication, encryption, firewalls, intrusion prevention, and other techniques) to stop or prevent unauthorized access or activities and to protect information and information systems Step 3 Monitor and respond. This phase detects violations to the security policy. It involves system auditing and real-time intrusion detection and prevention solutions. This also validates the security implementation in Step 2. Step 4 Test. This step validates the effectiveness of the security policy through system auditing and vulnerability scanning and tests existing security safeguards. Step 5 Manage and improve. Use information from the monitor and test phases to make improvements to the security implementation. Adjust the corporate security policy as security vulnerabilities and risks are identified. Manage and improve corporate security policy.