2 Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC).
3 Network SecurityA successful network security implementation requires a marriage of technology and process.Roles and responsibilities and corporate standards for business processes and acceptable network-related behavior must be clearly defined, effectively shared, universally understood, and vigorously enforced for implemented network security technology to be effective.Process definition and setting of corporate security standards must precede technology evaluation and implementation.
4 Security vs. Productivity Balance The optimal balance point that is sought is the proper amount of implemented security process and technology that will adequately protect corporate information resources while optimizing user productivity.
9 Establishing Security Policies Once policies have been developed, it is up to everyone to support those policies in their own way.Having been included in the policy development process, users should also be expected to actively support the implemented acceptable use policies.
16 Virus ProtectionVirus protection is often the first area of network security addressed by individuals or corporations.A comprehensive virus protection plan must combine policy, people, processes, and technology to be effective.Too often, virus protection is thought to be a technology-based quick fix.
21 FirewallsWhen a company links to the Internet, a two-way access point out of as well as into that company’s confidential information systems is created.Firewall software usually runs on a dedicated server that is connected to, but outside of, the corporate network.All network packets entering the firewall are filtered or examined
22 FirewallsFirewalls provide a layer of isolation between the inside network and the outside network.The underlying assumption in such a design scenario is that all of the threats come from the outside network.Incorrectly implemented firewalls can actually exacerbate the situation by creating new, and sometimes undetected, security holes.There are a number of Firewall types…
31 Authentication and Access Control The purpose of authentication is to ensure that users attempting to gain access to networks are really who they claim to be.Password protection was the traditional means to ensure authentication.Password protection by itself is no longer sufficient to ensure authentication.A wide variety of technology has been developed to ensure that users really are who they say they are.
34 Kerberos Architecture Kerberos architecture consists of three key components:client softwareauthentication server softwareapplication server software
35 EncryptionEncryption involves the changing of data into an indecipherable form before transmission.If the transmitted data are somehow intercepted, they cannot be interpreted.The changed, unmeaningful data is known as ciphertext.Encryption must be accompanied by decryption, or changing the unreadable text back into its original form.
40 Security Design Strategies Make sure that router operating system software has been patchedIdentify those information assets that are most critical to the corporation, and protect those servers first.Implement physical security constraints to hinder physical access to critical resources such as servers.Monitor system activity logs carefully
41 Security Design Strategies Develop a simple, effective, and enforceable security policy and monitor its implementatio.Consider installing a proxy server or applications layer firewall.Block incoming DNS queries and requests for zone transfers.Don’t publish the corporation’s complete DNS map on DNS servers that are outside the firewall.Disable all non essential TCP ports and services
42 Security Design Strategies Install only software and hardware that you really need on the network.Allow only essential traffic into and out of the corporate network and eliminate all other types by blocking with routers or firewalls.Investigate the business case for outsourcing Web-hosting services so that the corporate Web server is not physically on the same network as the rest of the corporate information assets.Use routers to filter traffic by IP address.
43 RADIUS ArchitectureRADIUS allows network managers to centrally manage remote access users, access methods, and logon restrictions.
44 Tunneling Protocols and VPN To provide VPN capabilities using the Internet as an enterprise network backbone, specialized tunneling protocols were developed that could establish private, secure channels between connected systems.
46 Government ImpactGovernment agencies play a major role in the area of network security.The two primary functions of these various government agencies are:Standards-making organizations that set standards for the design, implementation, and certification of security technology and systems.Regulatory agencies that control the export of security technology to a company’s international locations
47 Orange Book Certification The primary focus of the Orange Book is to provide confidential protection of sensitive information based on these requirements: Security policyMarkingIdentificationAccountabilityAssuranceContinuous protection: