Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Published byMoris Hunter Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260."— Presentation transcript:

1 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260

2 222 99-CE-257, 260 & 282 Agenda Network & Security Why Network must be secured? Designing the Security Infrastructure 1.Security Policy 2.Security Architecture 3.Security Technologies Concluding Annotations

3 333 99-CE-257, 260 & 282 Network & Security Presently, Business without networks are not survives And, if networks are not secure then Business can't survives So, when Organization designing a Network, Security Infrastructure is crucial

4 444 99-CE-257, 260 & 282 Network Security ( cont. ) Networks enable more and more applications are available to more and more users These more and more users more vulnerable to a wider range of security threats

5 555 99-CE-257, 260 & 282 Network Security ( cont. ) To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks

6 666 99-CE-257, 260 & 282 Why Network must be secured? According to the 2001 Computer Security Institute (CSI) and FBI "Computer Crime and Security Survey," 38 percent of respondents detected DoS attacks, compared with 11 percent in 2000. In December of 2000, a hacker stole user passwords from the University of Washington Medical Center in Seattle and gained access to files containing confidential information regarding approximately 5000 patients.

7 777 99-CE-257, 260 & 282 Why Network must be secured? ( cont. ) Result: Organization's infrastructure can lead to serious financial losses or legal liabilities

8 888 99-CE-257, 260 & 282 Network Must be Secured...

9 999 99-CE-257, 260 & 282 But How ?

10 10 99-CE-257, 260 & 282 Designing the Security Infrastructure Objective “The objective of network security is to protect networks and their applications against attacks, ensuring information availability, confidentiality and integrity”

11 11 99-CE-257, 260 & 282 Designing the Security Infrastructure (cont.) Different Organizations have different Threats Security Model build on Organization – Objective ( various factors ) – Different Risks of attacks or possible costs of repairing attack damages

12 12 99-CE-257, 260 & 282 Designing the Security Infrastructure (cont.) “Therefore, companies must perform cost- benefit analyses to evaluate - The potential returns on investment for various network security technologies - Components versus the opportunity costs of not implementing those items”

13 13 99-CE-257, 260 & 282 Designing the Security Infrastructure (cont.) Building Blocks are: Security Policy Security Architecture Security Technologies

14 14 99-CE-257, 260 & 282 1. Security Policy A security policy is a formal statement, supported by a company's highest levels of management, regarding the rules by which employees who have access to any corporate resource abide

15 15 99-CE-257, 260 & 282 1. Security Policy (cont.) Its the primary prerequisite for implementing network security Its the driver for the security design process

16 16 99-CE-257, 260 & 282 1. Security Policy (cont.) Two main issues: - The security requirements as driven by the business needs of the organization - The implementation guidelines regarding the available technology

17 17 99-CE-257, 260 & 282 1. Security Policy (cont.) For example, an authentication policy that defines the levels of passwords and rights required for each type of user (corporate, remote, dial-in, VPN, administrators, and so forth), length of password etc.

18 18 99-CE-257, 260 & 282 2. Security Architecture The security architecture should be developed by both the network design and the IT security teams It is typically integrated into the existing enterprise network and is dependent on the IT services that are offered through the network infrastructure

19 19 99-CE-257, 260 & 282 2. Security Architecture (cont.) Steps are: The access and security requirements of each IT service should be defined before the network is divided into modules with clearly identified trust levels Each module can be treated separately and assigned a different security model The goal is to have layers of security so that a "successful" intruder's access is constrained to a limited part of the network e.g. Ship Design contains a leak so that the entire ship does not sink

20 20 99-CE-257, 260 & 282 2. Security Architecture (cont.) Layered Security Design limits the damage a security breach has on the health of the entire network. In addition, the architecture should define common security services to be implemented across the network.

21 21 99-CE-257, 260 & 282 2. Security Architecture (cont.) Typical services include: Password authentication, authorization, and accounting (AAA) Confidentiality provided by virtual private networks (VPNs) Access (trust model) Security monitoring by intrusion detection systems (IDSs)

22 22 99-CE-257, 260 & 282 2. Security Architecture (cont.) After the key decisions have been made, the security architecture should be deployed in a phased format, addressing the most critical areas first

23 23 99-CE-257, 260 & 282 3. Security Technologies Selection of Security Technologies, which technology benefits organization Every network should include security components that address the following five aspects of network security are:

24 24 99-CE-257, 260 & 282 3. Security Technologies (cont.) 1.Identity 2.Perimeter Security 3.Secure Connectivity 4.Security Monitoring 5.Security Policy Management

25 25 99-CE-257, 260 & 282 1. Identity Identity is the accurate and positive identification of network users, hosts, applications, services and resources They ensure that authorized users gain access to the enterprise computing resources they need, while unauthorized users are denied access Radius, RAS, Cisco Secure Access Control Server

26 26 99-CE-257, 260 & 282 2. Perimeter Security Perimeter security solutions control access to critical network applications, data, and services This access control is handled by routers and switches with access control lists (ACLs) and by dedicated firewall appliances A firewall provides a barrier to traffic crossing a network's "perimeter" and permits only authorized traffic to pass, according to a predefined security policy Cisco PIX® Firewall

27 27 99-CE-257, 260 & 282 3. Secure Connectivity Companies must protect confidential information from eavesdropping during transmission By implementing Virtual Private Networks (VPNs) enterprises can establish private, secure communications across a public network usually the Internet and extend their corporate networks to remote offices, mobile users, telecommuters, and extranet partners Cisco VPN 3000 Concentrator Series and optimized routers

28 28 99-CE-257, 260 & 282 4. Security Monitoring To ensure that their networks remain secure, companies should continuously monitor for attacks and regularly test the state of their security infrastructures Network vulnerability scanners can proactively identify areas of weakness, and intrusion detection systems can monitor and reactively respond to security events as they occur Its an another layer of security Firewalls typically do not address the internal threat presented by insiders Cisco Intrusion Detection System (IDS), Cisco Secure Scanner

29 29 99-CE-257, 260 & 282 5. Security Policy Management As networks grow in size and complexity, the requirement for centralized security policy management tools that can administer security elements is paramount Tools needed that can specify, manage, and audit the state of security policy CSPM

30 30 99-CE-257, 260 & 282 Now Relax … “You did your job – to secure your network”

31 31 99-CE-257, 260 & 282 Concluding A nnotations Identify organization critical areas Do cost-benefit analysis Define Security Policy Divide network in layers (modules) Design Security Model Implements Security Model Now, Monitor your Network

32 32 99-CE-257, 260 & 282 Questions Comments appreciated!

Download ppt "1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260."

Similar presentations

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.

CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.

Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Www.tectia.com COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.

16254_08_2002 © 2002, Cisco Systems, Inc. All rights reserved. Cisco’s Security Vision Mario Mazzola Chief Development Officer August 29, 2002.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security Controls – What Works

Security Controls – What Works
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Network Security Philadelphia UniversityAhmad Al-Ghoul 2010-20111 Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.

Chapter 12 Network Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?

In this section, we'll cover one of the foundations of network security issues, It talks about VPN (Virtual Private Networks). What..,Why..,and How….?
VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.

VPN’s Kristin Belanger. VPN’s Accommodate employees at distant offices Accommodate employees at distant offices Usually set up through internet Usually.

Similar presentations

Ads by Google