developing network security strategies network security d esign network security m echanisms

Developing Network Security Strategies

______________________Robert DeWolf

Developing NetworkSecurity Strategies

Network Security DESIGN

Network Security

MECHANISMS

SECURITY: DESIGN

•Factors- Affordances (E-Commerce)- Remote-Access Services- Business partners

•Top-Down Approach- Customer development

SECURITY: DESIGN

Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.

Identify network assets

•Network HostsOSApplicationsData

•Internetworking DevicesRoutersSwitches

•Network Data

•OtherTrade SecretsCompany Reputation

SECURITY: DESIGN

Identify network assets.

Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.

Analyze security risks

EXPERT INTRUDERS AND END USERS

SECURITY: DESIGN

Identify network assets.Analyze security risks.

Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.

Analyze security requirements and tradeoffs

•Affordability•Usability•Performance•Availability•Manageability

•TradeoffsPacket Filters/Data Encryption

SECURITY: DESIGN

Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.

Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.

Develop a security plan

•Resources(time/people)

How will users/managers be involved?

Is there a need for specialized Administrators?

Will you be training on Security Policies and Procedures?

SECURITY: DESIGN

Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.

Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.

Define a security policy

According to RFC 2196, "Site Security Handbook:"

“A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide.”

•Personnel

•ComponentsAccessAccountabilityAuthenticationComputer-technology guidelines

SECURITY: DESIGN

Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.

Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.

Develop procedures for applying security policies

There’s been an attack… OMG!!!!!

•Separate ProceduresUsersNetwork AdminSecurity Admin

•Training?

SECURITY: DESIGN

Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.

Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.

SECURITY: DESIGN

Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.

Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.

SECURITY: DESIGN

Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.

Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.

SECURITY: DESIGN

Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.

Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.

SECURITY: DESIGN

Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.

Test the security and update it if any problems are found.Maintain security.

SECURITY: DESIGN

Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.

Maintain security.

Maintain security

•Reading Logs

•Responding to incidents

•Staying current with security standards (hardware/software)

•Updating the plan and policy

SECURITY: MECHANISMS

Physical SecurityAuthenticationAuthorization

Accounting/AuditingData Encryption

Packet FiltersFirewalls

Intrusion DetectionIntrusion Prevention






Equipment

Natural Disasters






Something the user knows

Something the user has

Something the user is






Privileges






Logging tasks






Yeah yeah yeah…






Uses Authentication and Authorization

methods






Enforce

Enterprise to Internet






(IDS)Notification

(IPS)Traffic Blocker

SWEET ACTING

http://www.youtube.com/watch?v=YyvpS44B_YQ

developing network security strategies network security d esign network security m echanisms

Documents

security procedures

security requirements

security policies

security policy

security plan reso

technical staff

technical strategy

security risks e xpert