Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 12 Network Security.

Similar presentations

Presentation on theme: "Chapter 12 Network Security."— Presentation transcript:

1 Chapter 12 Network Security

2 Security Policy Life Cycle
A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC).

3 Network Security A successful network security implementation requires a marriage of technology and process. Roles and responsibilities and corporate standards for business processes and acceptable network-related behavior must be clearly defined, effectively shared, universally understood, and vigorously enforced for implemented network security technology to be effective. Process definition and setting of corporate security standards must precede technology evaluation and implementation.

4 Security vs. Productivity Balance
The optimal balance point that is sought is the proper amount of implemented security process and technology that will adequately protect corporate information resources while optimizing user productivity.

5 Network Security Policy

6 Assets, Risks, Protection
multiple protective measures may need to be established between given threat/asset combinations

7 Protective Measures The major categories of potential protective measures are: Virus protection Firewalls Authentication Encryption Intrusion detection

8 Threats and Protective Measures

9 Establishing Security Policies
Once policies have been developed, it is up to everyone to support those policies in their own way. Having been included in the policy development process, users should also be expected to actively support the implemented acceptable use policies.

10 Executive’s Responsibilities

11 Management's Responsibilities

12 Acceptable Use Policy Development

13 User’s Responsibilities

14 Security Architecture
A representative example of a security architecture that clearly maps business and technical drivers through security policy and processes to implemented security technology.

15 CSF for Network Security Policy

16 Virus Protection Virus protection is often the first area of network security addressed by individuals or corporations. A comprehensive virus protection plan must combine policy, people, processes, and technology to be effective. Too often, virus protection is thought to be a technology-based quick fix.

17 Virus Infection

18 Virus Re-infection

19 Virus Points of Attack The typical points of attack for virus infection and potential protective measures to the combat those attacks.

20 Anti-virus Strategies

21 Firewalls When a company links to the Internet, a two-way access point out of as well as into that company’s confidential information systems is created. Firewall software usually runs on a dedicated server that is connected to, but outside of, the corporate network. All network packets entering the firewall are filtered or examined

22 Firewalls Firewalls provide a layer of isolation between the inside network and the outside network. The underlying assumption in such a design scenario is that all of the threats come from the outside network. Incorrectly implemented firewalls can actually exacerbate the situation by creating new, and sometimes undetected, security holes. There are a number of Firewall types…

23 Packet Filter Firewall

24 Application Gateway

25 Trusted Gateway

26 Dual-homed Gateway

27 Firewalls

28 Firewall – Behind DMZ

29 Firewall – in front of DMZ

30 Firewall – Multi-tiered

31 Authentication and Access Control
The purpose of authentication is to ensure that users attempting to gain access to networks are really who they claim to be. Password protection was the traditional means to ensure authentication. Password protection by itself is no longer sufficient to ensure authentication. A wide variety of technology has been developed to ensure that users really are who they say they are.

32 Challenge-Response Authentication

33 Time-Synchronous Token Authentication

34 Kerberos Architecture
Kerberos architecture consists of three key components: client software authentication server software application server software

35 Encryption Encryption involves the changing of data into an indecipherable form before transmission. If the transmitted data are somehow intercepted, they cannot be interpreted. The changed, unmeaningful data is known as ciphertext. Encryption must be accompanied by decryption, or changing the unreadable text back into its original form.

36 Encryption Standards

37 Private Key Encryption

38 Public Key Encryption

39 Digital Signature Encryption

40 Security Design Strategies
Make sure that router operating system software has been patched Identify those information assets that are most critical to the corporation, and protect those servers first. Implement physical security constraints to hinder physical access to critical resources such as servers. Monitor system activity logs carefully

41 Security Design Strategies
Develop a simple, effective, and enforceable security policy and monitor its implementatio. Consider installing a proxy server or applications layer firewall. Block incoming DNS queries and requests for zone transfers. Don’t publish the corporation’s complete DNS map on DNS servers that are outside the firewall. Disable all non essential TCP ports and services

42 Security Design Strategies
Install only software and hardware that you really need on the network. Allow only essential traffic into and out of the corporate network and elimi­nate all other types by blocking with routers or firewalls. Investigate the business case for outsourcing Web-hosting services so that the corporate Web server is not physically on the same network as the rest of the corporate information assets. Use routers to filter traffic by IP address.

43 RADIUS Architecture RADIUS allows network managers to centrally manage remote access users, access methods, and logon restrictions.

44 Tunneling Protocols and VPN
To provide VPN capabilities using the Internet as an enterprise network backbone, specialized tunneling protocols were developed that could establish private, secure channels between connected systems.

45 IP Packet and Security Headers

46 Government Impact Government agencies play a major role in the area of network security. The two primary functions of these various government agencies are: Standards-making organizations that set standards for the design, implementation, and certification of security technology and systems. Regulatory agencies that control the export of security technology to a company’s international locations

47 Orange Book Certification
The primary focus of the Orange Book is to provide confidential protection of sensitive information based on these requirements:    Security policy Marking Identification Accountability Assurance Continuous protection:

48 Orange Book Certification Criteria

Download ppt "Chapter 12 Network Security."

Similar presentations

Ads by Google