lesson 1 - introduction to network security
TRANSCRIPT
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 1/57
Lesson 1:Lesson 1:
Introduction to Network SecurityIntroduction to Network Security
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 2/57
IntroductionIntroduction
Lesson 1Lesson 1 presents an overview of the security presents an overview of the security
policies and major laws that may affect how youpolicies and major laws that may affect how you
need to secure the data stored on organizationalneed to secure the data stored on organizationalservers. You will be introduced to many of theservers. You will be introduced to many of thebasic concepts behind a security strategy,basic concepts behind a security strategy,
including the sources of security threats and theincluding the sources of security threats and the
role of organizational security policies.role of organizational security policies.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 3/57
Defining SecurityDefining Security
Network SecurityNetwork Security
In its fullest sense, it meansIn its fullest sense, it means protecting data or protecting data or
informationinformation that are stored on or travel over athat are stored on or travel over anetwork against both accidental and intentionalnetwork against both accidental and intentionalunauthorized disclosure or modification.unauthorized disclosure or modification.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 4/57
Defining SecurityDefining Security
Note:Note:
The most often overlooked or ignored part of The most often overlooked or ignored part of
this definition is that it includes accidentalthis definition is that it includes accidentaloccurrences, such asoccurrences, such as inadequately debuggedinadequately debugged
a pplication programa pplication program that damages data.that damages data.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 5/57
Security and PrivacySecurity and Privacy
Another way to look at security is to consider Another way to look at security is to consider
the difference between security and privacy.the difference between security and privacy.
PrivacyPrivacy
Is the need to restrict access to data.Is the need to restrict access to data.
SecuritySecurityIs what you do to ensure privacy.Is what you do to ensure privacy.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 6/57
Three Goals of Network Security Three Goals of Network Security
ConfidentialityConfidentiality
Ensuring that data that must be kept private,Ensuring that data that must be kept private,
stay private (should be accessible only to thosestay private (should be accessible only to thoseauthorized to have access).authorized to have access).
IntegrityIntegrity
Ensuring that data are accurate, this means thatEnsuring that data are accurate, this means thatdata must be protected from unauthorizeddata must be protected from unauthorized
modification and/or destruction.modification and/or destruction.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 7/57
Three Goals of Network Security Three Goals of Network Security
Availability Availability
Ensuring that data are accessible and availableEnsuring that data are accessible and available
whenever needed by the organization. This whenever needed by the organization. Thisimplies protecting the network from anything implies protecting the network from anything that would make it unavailable, including suchthat would make it unavailable, including such
events as power outages.events as power outages.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 8/57
T wo Views of Network Security T wo Views of Network Security
External ThreatsExternal Threats
A threat originating outside a company, A threat originating outside a company,
government agency, or institution.Ex
ternalgovernment agency, or institution.Ex
ternalthreats are initiated by people known in thethreats are initiated by people known in thehacking community as crackers.hacking community as crackers.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 9/57
T wo Views of Network Security T wo Views of Network Security
Internal ThreatsInternal Threats
Internal threat is one originating inside theInternal threat is one originating inside the
organization and typically an exploit by aorganization and typically an exploit by adisgruntled employee denied promotion ordisgruntled employee denied promotion or
informed of employment termination.informed of employment termination.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 10/57
Sources of External ThreatsSources of External Threats
The global network has made it possible for The global network has made it possible forpotential customers, customers, and employeespotential customers, customers, and employeesto reach an organization through its Web site.to reach an organization through its Web site.
But with this new access have come enormousBut with this new access have come enormousproblems caused by individuals and groupsproblems caused by individuals and groupsattempting illegal entry into computer networksattempting illegal entry into computer networksand the computer systems they support.and the computer systems they support.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 11/57
Sources of External ThreatsSources of External Threats
HackersHackers
Initially, the term hacker referred to someoneInitially, the term hacker referred to someone who could write an ingenious bit of software who could write an ingenious bit of software(one who is good at programming quickly).(one who is good at programming quickly).
CrackersCrackers
Anyone who perform illegal activities or Anyone who perform illegal activities orattempts illegal access to a computer network attempts illegal access to a computer network (one who breaks security on a system).(one who breaks security on a system).
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 12/57
Sources of External ThreatsSources of External Threats
White Hat Hackers White Hat Hackers
A white hat hacker breaks security for non A white hat hacker breaks security for non--malicious reasons, for instance testing theirmalicious reasons, for instance testing theirown security system. This type of hacker enjoysown security system. This type of hacker enjoyslearning and working with computer systems,learning and working with computer systems,and consequently gains a deeper understanding and consequently gains a deeper understanding
of the subject. Such people normally go on toof the subject. Such people normally go on touse their hacking skills in legitimate ways, suchuse their hacking skills in legitimate ways, suchas becoming security consultants.as becoming security consultants.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 13/57
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 14/57
Sources of External ThreatsSources of External Threats
Scri pt KiddiesScri pt Kiddies
A script kiddy is a non A script kiddy is a non--expert (starting hacker)expert (starting hacker) who breaks into computer systems by using who breaks into computer systems by using prepre--packaged automated tools written by others,packaged automated tools written by others,usually with little understanding. These are theusually with little understanding. These are theoutcasts of the hacker community.outcasts of the hacker community.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 15/57
Sources of External ThreatsSources of External Threats
CyberterroristsCyberterrorists
K nown terrorist organizations, of disruptionK nown terrorist organizations, of disruption
attacks against information systems for theattacks against information systems for theprimary purpose of creating alarm and panic.primary purpose of creating alarm and panic. These are persons who leverages on a target's These are persons who leverages on a target's
computers and information , particularly via thecomputers and information , particularly via the
Internet, to cause physical, realInternet, to cause physical, real--world harm or world harm orsevere disruption of infrastructure.severe disruption of infrastructure.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 16/57
Sources of External ThreatsSources of External Threats
HacktivistsHacktivists
A hacktivist is a hacker who utilizes technology A hacktivist is a hacker who utilizes technology
to announce a social, ideological, religious, orto announce a social, ideological, religious, orpolitical message. In general, most hacktivismpolitical message. In general, most hacktivisminvolves website defacement or denialinvolves website defacement or denial--of of--serviceservice
attacks. In more extreme cases, hacktivism isattacks. In more extreme cases, hacktivism is
used as tool for Cyberterrorism. Hacktivists areused as tool for Cyberterrorism. Hacktivists arealso known as Neo Hackers.also known as Neo Hackers.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 17/57
T y pes of Attacks T y pes of Attacks
Denial of Service (DoS)Denial of Service (DoS)
A denial of service attack (DoS) attempts to A denial of service attack (DoS) attempts to
prevent legitimate users from gaining access toprevent legitimate users from gaining access tonetwork resources. It can take the form of network resources. It can take the form of flooding a network or server with traffic so thatflooding a network or server with traffic so that
legitimate messages can·t get through or it canlegitimate messages can·t get through or it can
bring down a server.bring down a server.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 18/57
T y pes of Attacks T y pes of Attacks
Buffer Overflow Buffer Overflow
A buffer overflow attack takes advantage of a A buffer overflow attack takes advantage of a
programming error or bug in an application orprogramming error or bug in an application orsystem program. The hacker can insert his or hersystem program. The hacker can insert his or hercode into a program and, from there, takecode into a program and, from there, take
control of a target system.control of a target system.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 19/57
T y pes of Attacks T y pes of Attacks
MalwareMalware
The term malware includes all types of malicious The term malware includes all types of malicious
software, such as viruses, worms, and Trojansoftware, such as viruses, worms, and Trojanhorses. The goal of a hacker in placing suchhorses. The goal of a hacker in placing suchsoftware on a computer may be simplesoftware on a computer may be simple
maliciousness or to provide access to themaliciousness or to provide access to the
computer at a later date.computer at a later date.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 20/57
T y pes of Attacks T y pes of Attacks
Social EngineeringSocial Engineering
A social engineering attack is an attempt to get A social engineering attack is an attempt to get
system access information from employees using system access information from employees using rolerole--playing and misdirection. It is usually theplaying and misdirection. It is usually theprelude to an attempt to gain unauthorizedprelude to an attempt to gain unauthorized
access to the network.access to the network.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 21/57
T y pes of Attacks T y pes of Attacks
Brute ForceBrute Force
One way to gain access to a system is to runOne way to gain access to a system is to run
brute force login attempts. A
ssuming that abrute force login attempts. A
ssuming that ahacker knows one or more system login names,hacker knows one or more system login names,he can attempt to guess the passwords.he can attempt to guess the passwords.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 22/57
Ste ps in Cracking a Network Ste ps in Cracking a Network
1.1. Information GatheringInformation Gathering
During the information gathering phase,During the information gathering phase,a hacker gets as much as he can from publica hacker gets as much as he can from public
sources. The result often forms the basis of asources. The result often forms the basis of asocial engineering attack.social engineering attack.
2.2. Port ScanningPort Scanning
An attempt to identify open TCP ports on a
An attempt to identify open TCP ports on atarget system. This can not only tell the hackertarget system. This can not only tell the hacker
where he can target an attack, but also can where he can target an attack, but also canindicate which applications are running.indicate which applications are running.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 23/57
Ste ps in Cracking a Network Ste ps in Cracking a Network
3.3. Network EnumerationNetwork Enumeration
Once a hacker gains access through an openOnce a hacker gains access through an openport, he will attempt to map the network, inport, he will attempt to map the network, in
particular looking to distinguish workstationsparticular looking to distinguish workstationsfrom servers and network layout itself.from servers and network layout itself.
4.4. Gaining root or administrator accessGaining root or administrator access
The hacker do whatever is necessary to gain The hacker do whatever is necessary to gainaccess to a user account. His ultimate goal is toaccess to a user account. His ultimate goal is toescalate whatever access he gains to root statusescalate whatever access he gains to root statusso that he has access to the entire system.so that he has access to the entire system.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 24/57
Ste ps in Cracking a Network Ste ps in Cracking a Network
5.5. Using access and/or information gainedUsing access and/or information gained
If he is looking for specific information to aIf he is looking for specific information to acompromised system, the hacker will eithercompromised system, the hacker will either
copy the desired information or make thecopy the desired information or make themodifications at this point.modifications at this point.
6.6. Leaving a BackdoorLeaving a Backdoor
A
hacker may not take advantage of a system A
hacker may not take advantage of a systemimmediately, or he may need to return at a laterimmediately, or he may need to return at a laterdate. He may therefore leave software behinddate. He may therefore leave software behindthat will give him access at will.that will give him access at will.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 25/57
Ste ps in Cracking a Network Ste ps in Cracking a Network
7.7. Covering his TracksCovering his Tracks
Finally, the knowledgeable hacker will eraseFinally, the knowledgeable hacker will erasetraces of his presence, including modifying traces of his presence, including modifying
system logs to remove records of whatever hesystem logs to remove records of whatever hehas done to the network system.has done to the network system.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 26/57
Sources of Internal ThreatsSources of Internal Threats
Most internal threats come from two sources:Most internal threats come from two sources:
employees and accidents. Employee threats may employees and accidents. Employee threats may be intentional or accidental as well.be intentional or accidental as well.
Em ployee ThreatsEm ployee Threats
In most cases, employees know more about aIn most cases, employees know more about a
network and computers on it than any outsider.network and computers on it than any outsider. They have legitimate access to user accounts. They have legitimate access to user accounts.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 27/57
Sources of Internal ThreatsSources of Internal Threats
Intentional em ployee security threatsIntentional em ployee security threats
include the following:include the following:
Personnel who employ hacking techniques toPersonnel who employ hacking techniques toupgrade their legitimate access to root orupgrade their legitimate access to root oradministrator access, allowing them to divulgeadministrator access, allowing them to divulge
trade secrets, steal money, and so on fortrade secrets, steal money, and so on forpersonal or political gain.personal or political gain.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 28/57
Sources of Internal ThreatsSources of Internal Threats
Personnel who take advantage of legitimatePersonnel who take advantage of legitimate
access to divulge trade secrets, steal money, andaccess to divulge trade secrets, steal money, andso on for personal or political gain.so on for personal or political gain.
Family members of employees who are visiting Family members of employees who are visiting the office and have been given access tothe office and have been given access to
company computers to accommodate orcompany computers to accommodate oroccupy them while waiting.occupy them while waiting.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 29/57
Sources of Internal ThreatsSources of Internal Threats
Personnel who break into secure machine roomsPersonnel who break into secure machine rooms
to gain physical access to mainframe and otherto gain physical access to mainframe and otherlarge systems consoles.large systems consoles.
Former employees, especially those who did notFormer employees, especially those who did notleave the organization willingly. Attacks may beleave the organization willingly. Attacks may be
physical, actually damaging equipment, orphysical, actually damaging equipment, ortraditional hacking attacks.traditional hacking attacks.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 30/57
Sources of Internal ThreatsSources of Internal Threats
Unintentional em ployee security threatsUnintentional em ployee security threats
include the following:include the following:
Becoming the victim of a social engineering Becoming the victim of a social engineering attack, unknowingly helping a hacker gainattack, unknowingly helping a hacker gainunauthorized network access.unauthorized network access.
Unintentionally revealing or disclosing Unintentionally revealing or disclosing confidential information.confidential information.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 31/57
Sources of Internal ThreatsSources of Internal Threats
Physically damaging equipment or network Physically damaging equipment or network
infrastructure, resulting in data loss.infrastructure, resulting in data loss.
Misusing a system or software, introducing Misusing a system or software, introducing inaccurate and/or damaged data, or accidentally inaccurate and/or damaged data, or accidentally deleting or modifying data.deleting or modifying data.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 32/57
Sources of Internal ThreatsSources of Internal Threats
Accidents Accidents
Employees certainly can unintentionally damageEmployees certainly can unintentionally damage
a network. A
security plan will need to guarda network. A
security plan will need to guardagainst data damage and loss caused by against data damage and loss caused by
Electrical power fluctuationsElectrical power fluctuations
Hardware failuresHardware failuresNatural disasters such as fire and floodNatural disasters such as fire and flood
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 33/57
Sources of Internal ThreatsSources of Internal Threats
Note:Note:
Guarding against accidental network damageGuarding against accidental network damage
includes power protection (for ex
ample, surgeincludes power protection (for ex
ample, surgeprotectors and UPSs) and comprehensiveprotectors and UPSs) and comprehensivebackup schemes. When done well, backup takesbackup schemes. When done well, backup takes
significant planning and disaster recovery.significant planning and disaster recovery.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 34/57
Organizational Security ProcessOrganizational Security Process
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 35/57
Organizational Security ProcessOrganizational Security Process
How are you going to respond to the continualHow are you going to respond to the continual
security threats aimed at your network? Wheresecurity threats aimed at your network? Wheredo you start? You must have top managementdo you start? You must have top management
supportsupport ² ² both inside and out of I Tboth inside and out of I T ² ² for thefor thesecurity effort. With management support insecurity effort. With management support in
place, you can be proactive, developing security place, you can be proactive, developing security
policies and procedures before they are needed.policies and procedures before they are needed.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 36/57
Organizational Security ProcessOrganizational Security Process
To p Management Su pport To p Management Su pport
Implementing a security scheme for anImplementing a security scheme for an
organization costs money, whether it involvesorganization costs money, whether it involvespurchasing hardware and software, hiring purchasing hardware and software, hiring personnel, training users, retaining I T staff,personnel, training users, retaining I T staff,
realigning I T staff responsibilities, or any realigning I T staff responsibilities, or any
combination of the preceding.combination of the preceding.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 37/57
Organizational Security ProcessOrganizational Security Process
Finally, having top management support ensuresFinally, having top management support ensures
that the corporate legal department is involvedthat the corporate legal department is involvedin security planning and implementation. Thisin security planning and implementation. This
will make it much more likely that the will make it much more likely that theorganization·s data security adheres to any organization·s data security adheres to any
relevant legal statues.relevant legal statues.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 38/57
Organizational Security ProcessOrganizational Security Process
How secure can you be?How secure can you be?
Probably the most important thing to realizeProbably the most important thing to realize
before you start developing a security schemebefore you start developing a security schemefor an organization is that you can never be 100 for an organization is that you can never be 100 percent secure. There will always be someonepercent secure. There will always be someone
who can find a way into your system, either who can find a way into your system, either
form the inside or outside.form the inside or outside.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 39/57
Organizational Security ProcessOrganizational Security Process
Therefore, instead of setting a goal of making Therefore, instead of setting a goal of making
the system totally uncrackable, you want tothe system totally uncrackable, you want toensure that you make it as secure as you can forensure that you make it as secure as you can for
a reasonable amount of money. The trick is toa reasonable amount of money. The trick is tobalance security risk with the amount of money balance security risk with the amount of money
you are going to spend.you are going to spend.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 40/57
Im portance of a Security PolicyIm portance of a Security Policy
Security PolicySecurity Policy
A security policy is a document that lays out the A security policy is a document that lays out the
philosophy and structure of an organization·sphilosophy and structure of an organization·ssecurity efforts. It serves several purposes:security efforts. It serves several purposes:
A security policy is documentation of the A security policy is documentation of the
commitment top management has made tocommitment top management has made tosecurity. A written security policy makes it easiersecurity. A written security policy makes it easier
for I T staff to justify security expenditures.for I T staff to justify security expenditures.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 41/57
Im portance of a Security PolicyIm portance of a Security Policy
A security policy provides a roadmap for I T A security policy provides a roadmap for I T
staff who are planning network security staff who are planning network security implementation. It indicates what is to beimplementation. It indicates what is to be
secured or protected and who is responsiblesecured or protected and who is responsiblefor providing the security.for providing the security.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 42/57
Im portance of a Security PolicyIm portance of a Security Policy
A security policy identifies acceptable use of A security policy identifies acceptable use of
organizational computing resources. Fororganizational computing resources. Forexample, it might indicate whether employeesexample, it might indicate whether employees
can use a corporate ecan use a corporate e--mail system for privatemail system for privateee--mail and if so, to what extent.mail and if so, to what extent.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 43/57
Im portance of a Security PolicyIm portance of a Security Policy
A security policy identifies who is to have access A security policy identifies who is to have access
to what. This can be one of the most difficultto what. This can be one of the most difficultparts of the policy to develop because access toparts of the policy to develop because access to
information often connotes privilege in ainformation often connotes privilege in acompany or organization.company or organization.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 44/57
Im portance of a Security PolicyIm portance of a Security Policy
A security policy acts as a security contract with A security policy acts as a security contract with
employees. They must adhere to the philosophy employees. They must adhere to the philosophy and behaviors included in the policy forand behaviors included in the policy for
continued employment.continued employment.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 45/57
Im portance of a Security PolicyIm portance of a Security Policy
A security policy can be given to new employees A security policy can be given to new employees
before they begin work. In fact, somebefore they begin work. In fact, someorganizations require that new employees readorganizations require that new employees read
the security policy and sign an affidavitthe security policy and sign an affidavitindicating that they understand it and agree toindicating that they understand it and agree to
abide by its provisions.abide by its provisions.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 46/57
Security PersonnelSecurity Personnel
Head of the OrganizationHead of the Organization
In large organizations, the security function isIn large organizations, the security function is
headed by someone who might be called theheaded by someone who might be called theChief Security Officer, Chief InformationChief Security Officer, Chief InformationSecurity Officer, Vice President of InformationSecurity Officer, Vice President of Information
Security, or Director of Information Security.Security, or Director of Information Security.
Consider the job description found atConsider the job description found athttp://www.csoonline.comhttp://www.csoonline.com..
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 47/57
Security PersonnelSecurity Personnel
Middle ManagementMiddle Management
If your organization is too small for theIf your organization is too small for the
ex
ecutiveex
ecutive--level position, you may nonethelesslevel position, you may nonethelesshave a security administrator·s position.have a security administrator·s position.Consider the job description found atConsider the job description found at
http://www.monster.comhttp://www.monster.com..
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 48/57
Security PersonnelSecurity Personnel
The Peo ple in the Trenches The Peo ple in the Trenches
A quick check at A quick check at monster.commonster.com reveals a widereveals a wide
range of job description for people who will berange of job description for people who will beimplementing security plans. As examples,implementing security plans. As examples,consider the following:consider the following:
Network Security AnalystNetwork Security Analyst
Computer Security Systems SpecialistComputer Security Systems Specialist
Computer Systems Security SpecialistComputer Systems Security Specialist
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 49/57
Outsourcing SecurityOutsourcing Security
Outsourcing SecurityOutsourcing Security
When you outsource, you hire on outside When you outsource, you hire on outside
organization to implement and monitor security organization to implement and monitor security for your network. If you are going to outsource,for your network. If you are going to outsource,then you may want to keep the management of then you may want to keep the management of
your security policy inyour security policy in--house; you can outsourcehouse; you can outsource
the implementation, such as security auditing orthe implementation, such as security auditing or vulnerability testing and ongoing monitoring. vulnerability testing and ongoing monitoring.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 50/57
Outsourcing SecurityOutsourcing Security
There are tangible benefits to outsourcing: you There are tangible benefits to outsourcing: you
don·t have to hire a security staff, and it oftendon·t have to hire a security staff, and it oftencan cost less than managing security incan cost less than managing security in--house.house.
However, there are also significant risks. TheHowever, there are also significant risks. Thesecurity company could go out of business,security company could go out of business,
leaving your organization extremely vulnerable.leaving your organization extremely vulnerable.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 51/57
Pre paring a Security PolicyPre paring a Security Policy
A security policy needs to spell out guidelines A security policy needs to spell out guidelines
for security activities. It shouldfor security activities. It should
Justify both direct and indirect expenditures on Justify both direct and indirect expenditures onsecurity by stating the importance of network security by stating the importance of network security to the organization.security to the organization.
Indicate the scope of the security efforts, as wellIndicate the scope of the security efforts, as wellas any legal requirements.as any legal requirements.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 52/57
Pre paring a Security PolicyPre paring a Security Policy
Specify security personnel, their jobSpecify security personnel, their job
responsibilities, and organizational structure.responsibilities, and organizational structure.
Describe secure behaviors that all employeesDescribe secure behaviors that all employeesmust use and describe also the organization·smust use and describe also the organization·sdisaster recovery plan.disaster recovery plan.
Lay out policies and procedures for reporting Lay out policies and procedures for reporting and handling security violations.and handling security violations.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 53/57
Pre paring a Security PolicyPre paring a Security Policy
Note:Note:
Because developing a security policy is a difficultBecause developing a security policy is a difficultprocess, your organization may decide toprocess, your organization may decide to
purchase a set of templates (cost $600 ) or usepurchase a set of templates (cost $600 ) or usefree templates atfree templates at http://www.sans.org/http://www.sans.org/
resources/policies/#templatesresources/policies/#templates rather thanrather than
starting from scratch.starting from scratch.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 54/57
Security Audits
Security AuditSecurity Audit
A security audit is a process that determines how A security audit is a process that determines how well your network is protected against a variety well your network is protected against a variety
of threats. Security audits usually includeof threats. Security audits usually include
Risk AssessmentRisk Assessment
A risk assessment is a high A risk assessment is a high-- level analysis of thelevel analysis of thesecurity risks faced by the organization.security risks faced by the organization.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 55/57
Security Audits
Vulnerability Testing Vulnerability Testing
Vulnerability testing involves attempts to crack Vulnerability testing involves attempts to crack the network, looking for weak points in thethe network, looking for weak points in the
security implementation.security implementation.
Examination of K nown VulnerabilitiesExamination of K nown Vulnerabilities
It checks and examines the network for softwareIt checks and examines the network for softwareand hardware vulnerabilities that have beenand hardware vulnerabilities that have been
reported to vendors.reported to vendors.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 56/57
Security Audits
Policy VerificationPolicy Verification
Policy verification involves the comparison of Policy verification involves the comparison of procedures with that is specified in anprocedures with that is specified in an
organization·s security policy.organization·s security policy.
8/8/2019 Lesson 1 - Introduction to Network Security
http://slidepdf.com/reader/full/lesson-1-introduction-to-network-security 57/57
Summary
Network security is the ongoing process of Network security is the ongoing process of
maintaining the privacy of data (or information)maintaining the privacy of data (or information)that should remain private. Security threats arethat should remain private. Security threats are
intentional and unintentional, and can comeintentional and unintentional, and can comefrom outside or inside an organization.from outside or inside an organization.
Employees, who typically have more knowledgeEmployees, who typically have more knowledge
of a network than external crackers, areof a network than external crackers, areresponsible for more than half the security responsible for more than half the security
violations that trouble networks. violations that trouble networks.