1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Slides:



Advertisements
Similar presentations
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Advertisements

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition
Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security Controls – What Works
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Internet Protocol Security (IPSec)
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Virtual Private Network
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
1Cisco Security NOW © 2003, Cisco Systems, Inc. All rights reserved. THIS IS THE POWER OF CISCO SECURITY. now.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
SEC835 Database and Web application security Information Security Architecture.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 6 of the Executive Guide manual Technology.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 11: Remote Access Fundamentals
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Note1 (Admi1) Overview of administering security.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Module 11: Designing Security for Network Perimeters.
Introduction to Information Security
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
Chap1: Is there a Security Problem in Computing?.
Security fundamentals Topic 10 Securing the network perimeter.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Role Of Network IDS in Network Perimeter Defense.
IS3220 Information Technology Infrastructure Security
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Security fundamentals
VPN: Virtual Private Network
Virtual Private Network
Firewalls Routers, Switches, Hubs VPNs
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260

CE-257, 260 & 282 Agenda Network & Security Why Network must be secured? Designing the Security Infrastructure 1.Security Policy 2.Security Architecture 3.Security Technologies Concluding Annotations

CE-257, 260 & 282 Network & Security Presently, Business without networks are not survives And, if networks are not secure then Business can't survives So, when Organization designing a Network, Security Infrastructure is crucial

CE-257, 260 & 282 Network Security ( cont. ) Networks enable more and more applications are available to more and more users These more and more users more vulnerable to a wider range of security threats

CE-257, 260 & 282 Network Security ( cont. ) To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks

CE-257, 260 & 282 Why Network must be secured? According to the 2001 Computer Security Institute (CSI) and FBI "Computer Crime and Security Survey," 38 percent of respondents detected DoS attacks, compared with 11 percent in In December of 2000, a hacker stole user passwords from the University of Washington Medical Center in Seattle and gained access to files containing confidential information regarding approximately 5000 patients.

CE-257, 260 & 282 Why Network must be secured? ( cont. ) Result: Organization's infrastructure can lead to serious financial losses or legal liabilities

CE-257, 260 & 282 Network Must be Secured...

CE-257, 260 & 282 But How ?

10 99-CE-257, 260 & 282 Designing the Security Infrastructure Objective “The objective of network security is to protect networks and their applications against attacks, ensuring information availability, confidentiality and integrity”

11 99-CE-257, 260 & 282 Designing the Security Infrastructure (cont.) Different Organizations have different Threats Security Model build on Organization – Objective ( various factors ) – Different Risks of attacks or possible costs of repairing attack damages

12 99-CE-257, 260 & 282 Designing the Security Infrastructure (cont.) “Therefore, companies must perform cost- benefit analyses to evaluate - The potential returns on investment for various network security technologies - Components versus the opportunity costs of not implementing those items”

13 99-CE-257, 260 & 282 Designing the Security Infrastructure (cont.) Building Blocks are: Security Policy Security Architecture Security Technologies

14 99-CE-257, 260 & Security Policy A security policy is a formal statement, supported by a company's highest levels of management, regarding the rules by which employees who have access to any corporate resource abide

15 99-CE-257, 260 & Security Policy (cont.) Its the primary prerequisite for implementing network security Its the driver for the security design process

16 99-CE-257, 260 & Security Policy (cont.) Two main issues: - The security requirements as driven by the business needs of the organization - The implementation guidelines regarding the available technology

17 99-CE-257, 260 & Security Policy (cont.) For example, an authentication policy that defines the levels of passwords and rights required for each type of user (corporate, remote, dial-in, VPN, administrators, and so forth), length of password etc.

18 99-CE-257, 260 & Security Architecture The security architecture should be developed by both the network design and the IT security teams It is typically integrated into the existing enterprise network and is dependent on the IT services that are offered through the network infrastructure

19 99-CE-257, 260 & Security Architecture (cont.) Steps are: The access and security requirements of each IT service should be defined before the network is divided into modules with clearly identified trust levels Each module can be treated separately and assigned a different security model The goal is to have layers of security so that a "successful" intruder's access is constrained to a limited part of the network e.g. Ship Design contains a leak so that the entire ship does not sink

20 99-CE-257, 260 & Security Architecture (cont.) Layered Security Design limits the damage a security breach has on the health of the entire network. In addition, the architecture should define common security services to be implemented across the network.

21 99-CE-257, 260 & Security Architecture (cont.) Typical services include: Password authentication, authorization, and accounting (AAA) Confidentiality provided by virtual private networks (VPNs) Access (trust model) Security monitoring by intrusion detection systems (IDSs)

22 99-CE-257, 260 & Security Architecture (cont.) After the key decisions have been made, the security architecture should be deployed in a phased format, addressing the most critical areas first

23 99-CE-257, 260 & Security Technologies Selection of Security Technologies, which technology benefits organization Every network should include security components that address the following five aspects of network security are:

24 99-CE-257, 260 & Security Technologies (cont.) 1.Identity 2.Perimeter Security 3.Secure Connectivity 4.Security Monitoring 5.Security Policy Management

25 99-CE-257, 260 & Identity Identity is the accurate and positive identification of network users, hosts, applications, services and resources They ensure that authorized users gain access to the enterprise computing resources they need, while unauthorized users are denied access Radius, RAS, Cisco Secure Access Control Server

26 99-CE-257, 260 & Perimeter Security Perimeter security solutions control access to critical network applications, data, and services This access control is handled by routers and switches with access control lists (ACLs) and by dedicated firewall appliances A firewall provides a barrier to traffic crossing a network's "perimeter" and permits only authorized traffic to pass, according to a predefined security policy Cisco PIX® Firewall

27 99-CE-257, 260 & Secure Connectivity Companies must protect confidential information from eavesdropping during transmission By implementing Virtual Private Networks (VPNs) enterprises can establish private, secure communications across a public network usually the Internet and extend their corporate networks to remote offices, mobile users, telecommuters, and extranet partners Cisco VPN 3000 Concentrator Series and optimized routers

28 99-CE-257, 260 & Security Monitoring To ensure that their networks remain secure, companies should continuously monitor for attacks and regularly test the state of their security infrastructures Network vulnerability scanners can proactively identify areas of weakness, and intrusion detection systems can monitor and reactively respond to security events as they occur Its an another layer of security Firewalls typically do not address the internal threat presented by insiders Cisco Intrusion Detection System (IDS), Cisco Secure Scanner

29 99-CE-257, 260 & Security Policy Management As networks grow in size and complexity, the requirement for centralized security policy management tools that can administer security elements is paramount Tools needed that can specify, manage, and audit the state of security policy CSPM

30 99-CE-257, 260 & 282 Now Relax … “You did your job – to secure your network”

31 99-CE-257, 260 & 282 Concluding A nnotations Identify organization critical areas Do cost-benefit analysis Define Security Policy Divide network in layers (modules) Design Security Model Implements Security Model Now, Monitor your Network

32 99-CE-257, 260 & 282 Questions Comments appreciated!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.