Presentation is loading. Please wait.

Presentation is loading. Please wait.

Guide to Network Defense and Countermeasures Second Edition

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Guide to Network Defense and Countermeasures Second Edition"— Presentation transcript:

1 Guide to Network Defense and Countermeasures Second Edition
Chapter 12 Strengthening Defense Through Ongoing Management

2 Objectives Strengthen network control by managing security events
Improve analysis by auditing network security procedures Strengthen detection by managing an intrusion detection system Guide to Network Defense and Countermeasures, Second Edition

3 Objectives (continued)
Improve network defense by changing a defense in depth configuration Strengthen network performance by keeping pace with changing needs Increase your knowledge base by keeping on top of industry trends Guide to Network Defense and Countermeasures, Second Edition

4 Strengthening Control: Security Event Management
Network devices Packet-filtering routers VPN appliances IDS at each branch office One or more firewalls at each office Event logs or syslogs (system logs) Guide to Network Defense and Countermeasures, Second Edition

5 Guide to Network Defense and Countermeasures, Second Edition

6 Strengthening Control: Security Event Management (continued)
Security event management program Gathers and consolidates events from multiple sources Helps analyze the information to improve network security Guide to Network Defense and Countermeasures, Second Edition

7 Monitoring Events Event monitoring Monitor following events
Review alert and event logs Test network periodically to identify weak points Monitor following events Logins Creation of user accounts and groups Correct handling of attachments Backups Antivirus scanning and control Procedures for secure remote access Guide to Network Defense and Countermeasures, Second Edition

8 Monitoring Events (continued)
Your responses need to occur as quickly as possible Develop a team approach to network security Make use of automated responses Alarms systems built into an IDS Keep aware of new network security threats Guide to Network Defense and Countermeasures, Second Edition

9 Managing Data from Multiple Sensors
Centralized data collection Organization’s event and security data are “funneled” to a centralized management console In the main office Benefits Reduced cost because Less administrative time required Improved efficiency Disadvantage Needs secure communication channel between devices Guide to Network Defense and Countermeasures, Second Edition

10 Guide to Network Defense and Countermeasures, Second Edition

11 Managing Data from Multiple Sensors (continued)
Distributed data collection Data from a security device goes to a management console on its local network Local managers review the data and respond to events separately Advantage Save bandwidth Disadvantages Requires a security manager at each location Security managers need to talk to each other in the case of an event Guide to Network Defense and Countermeasures, Second Edition

12 Guide to Network Defense and Countermeasures, Second Edition

13 Evaluating IDS Signatures
Open Security Evaluation Criteria (OSEC) Standard for evaluating IDS signatures OSEC core set of tests includes: Device integrity checking Signature baseline State test Discard test Engine flex Evasion list In-line/tap test Guide to Network Defense and Countermeasures, Second Edition

14 Managing Change Changes should be carried out systematically
Change management Modify in a sequential, planned way Should include an assessment of the impact Consider using change management for Significant changes to firewalls and IDSs New VPN gateways Changes to access control lists New password systems or procedures Guide to Network Defense and Countermeasures, Second Edition

15 Guide to Network Defense and Countermeasures, Second Edition

16 Strengthening Analysis: Security Auditing
Testing effectiveness of a network defense system Tiger teams Groups assembled to actively test a network Members have expertise in security Commonly used in the past You need to put together data from several sources Consolidate these data in a central database Guide to Network Defense and Countermeasures, Second Edition

17 Operational Auditing Operational audit
IT staff examines system logs Determine whether they are auditing the right information They should look for the following Accounts that have weak passwords or no passwords Accounts assigned to employees who have left the company or user group New accounts that need to be checked against a list of authorized users Guide to Network Defense and Countermeasures, Second Edition

18 Operational Auditing (continued)
Financial institutions have regular security audits Because of government regulations Social engineering Attempts to trick employees into giving out passwords or other information Tinkerbell program Network connections are scanned Generates alerts when suspicious connection attempts are made Guide to Network Defense and Countermeasures, Second Edition

19 Independent Auditing Independent auditing
Hire outside firm to come and inspect your audit logs Outside firm attempts to detect any flaws or vulnerabilities in your system External auditor should sign a nondisclosure agreement (NDA) Guide to Network Defense and Countermeasures, Second Edition

20 Strengthening Detection: Managing an IDS
As your network grows, amount of traffic grows too You might need to adjust your IDS rules Guide to Network Defense and Countermeasures, Second Edition

21 Maintaining Your Current System
Backups Back up your firewall and IDS in case of disaster Help you restore the system Other devices to backup Routers Bastion hosts Servers Special-purpose devices Can use automated backup software Guide to Network Defense and Countermeasures, Second Edition

22 Maintaining Your Current System (continued)
Managing accounts Task often neglected Involves Adding new accounts Recovering old ones Changing passwords Make sure accounts are reviewed every few months Managing IDS rules Eliminate unnecessary rules Improves IDS performance Guide to Network Defense and Countermeasures, Second Edition

23 Maintaining Your Current System (continued)
User management Teach employees how to use the system more securely Raise employee awareness Give lectures Show how easy is to crack a password Prepare booklets Guide to Network Defense and Countermeasures, Second Edition

24 Changing or Adding Software
Software vendors usually release updated software Get details on what sort of upgrade path is needed Ask whether the new version requires Working with new data formats Installing new supporting software Guide to Network Defense and Countermeasures, Second Edition

25 Changing or Adding Hardware
Can be expensive Cost is usually outweighed by the cost of security incidents Consider adding consoles Reduces the target-to-console ratio Number of target computers on your network managed by a single command console Reevaluate the placement of sensors Guide to Network Defense and Countermeasures, Second Edition

26 Strengthening Defense: Improving Defense in Depth
Defense in Depth (DiD) Calls for security through a variety of defense techniques that work together DiD calls for maintenance of the following areas Availability Integrity Authentication Confidentiality Nonrepudiation Guide to Network Defense and Countermeasures, Second Edition

27 Active Defense in Depth
Strong implementation of the DiD concept Security personnel expect attacks will occur Try to anticipate to attacks Calls for multiple levels of protection Requires respondents to think creatively Security personnel should be trained To keep up with attacks and countermeasures Guide to Network Defense and Countermeasures, Second Edition

28 Active Defense in Depth (continued)
Steps for creating a training cycle Training Perimeter defense Intrusion detection Intrusion response New security approaches Guide to Network Defense and Countermeasures, Second Edition

29 Adding Security Layers
Protect a single network by protecting all interconnecting networks Goal is to establish trust Layers Firewall and intrusion detection Encryption and authentication Virus protection Access control Information integrity Auditing Guide to Network Defense and Countermeasures, Second Edition

30 Strengthening Performance: Keeping Pace with Network Needs
IDS performance Capability to capture packets and process them according to the rule base Factors that affect performance Memory Bandwidth Storage Guide to Network Defense and Countermeasures, Second Edition

31 Managing Memory Performance depends largely on the number of signatures it has to review IDS needs to maintain connection state in memory Memory also stores Information in cache Databases containing IDS configuration settings Guide to Network Defense and Countermeasures, Second Edition

32 Managing Bandwidth Devices need to process data as fast as it moves through the network IDS should be able to handle 50% of bandwidth Without losing the capacity to detect Intrusion detection begins to break down When bandwidth use exceeds 80% of network capacity Guide to Network Defense and Countermeasures, Second Edition

33 Managing Storage Some intrusions take place over long periods
Require storage of large amount of historical data Clear out media when it is full And the information on it is no longer needed Shred documents and files completely Simply deleting or erasing files does not completely remove all information from the disk Degaussing Magnetically erasing an electronic device Guide to Network Defense and Countermeasures, Second Edition

34 Guide to Network Defense and Countermeasures, Second Edition

35 Maintaining Your Own Knowledge Base
You cannot carry out ongoing security maintenance in isolation Visit security-related Web sites Chat with other professionals in the field Guide to Network Defense and Countermeasures, Second Edition

36 Web Sites Recommended Web sites
Center for Internet Security ( SANS Institute ( CERT Coordination Center ( Guide to Network Defense and Countermeasures, Second Edition

37 Mailing Lists and Newsgroups
Provide more up-to-date information about security issues and vulnerabilities Recommended mailing lists NTBugtraq ( Firewalls Mailing List ( SecurityFocus HOME Mailing Lists ( Guide to Network Defense and Countermeasures, Second Edition

38 Trade Publications Recommended publications
Compsec Online ( Cisco Systems ( SANS newsletters ( Guide to Network Defense and Countermeasures, Second Edition

39 Certifications Management should understand that certifications benefit the organization Recommended certifications Security Certified Program ( International Information Systems Security Certification Consortium ( CompTIA ( GoCertify ( Guide to Network Defense and Countermeasures, Second Edition

40 Summary Security event management
Accumulating data from wide range of security devices Changes should be done in a systematic way Security auditing tests the effectiveness of network defenses Keep an IDS running smoothly Make backups Manage user accounts Reduce number of rules Guide to Network Defense and Countermeasures, Second Edition

41 Summary (continued) Defense in Depth
Improve overall network security Anticipate and thwart attack attempts Keep pace with your network’s needs Memory Bandwidth Storage Delete files completely by “shredding” them Maintain your knowledge base Guide to Network Defense and Countermeasures, Second Edition

Download ppt "Guide to Network Defense and Countermeasures Second Edition"

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Guide to Network Defense and Countermeasures

Guide to Network Defense and Countermeasures
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Security Controls – What Works

Security Controls – What Works
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Firewall Configuration Strategies

Firewall Configuration Strategies
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Similar presentations

Ads by Google