1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering &...
-
Upload
moris-hunter -
Category
Documents
-
view
220 -
download
2
Transcript of 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering &...
![Page 1: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/1.jpg)
1
Deployment ofComputer Security in an Organization
CE-408Sir Syed University of Engineering & Technology99-CE-282, 257 & 260
![Page 2: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/2.jpg)
22299-CE-257, 260 & 282
Agenda
• Network & Security
• Why Network must be secured?
• Designing the Security Infrastructure
1.Security Policy
2.Security Architecture
3.Security Technologies
• Concluding Annotations
![Page 3: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/3.jpg)
33399-CE-257, 260 & 282
Network & Security
• Presently, Business without networks are not survives
• And, if networks are not secure then Business can't survives
• So, when Organization designing a Network, Security Infrastructure is crucial
![Page 4: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/4.jpg)
44499-CE-257, 260 & 282
Network Security ( cont. )
• Networks enable more and more applications are available to more and more users
• These more and more users more vulnerable to a wider range of security threats
![Page 5: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/5.jpg)
55599-CE-257, 260 & 282
Network Security ( cont. )
To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks
![Page 6: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/6.jpg)
66699-CE-257, 260 & 282
Why Network must be secured?
• According to the 2001 Computer Security Institute (CSI) and FBI "Computer Crime and Security Survey," 38 percent of respondents detected DoS attacks, compared with 11 percent in 2000.
• In December of 2000, a hacker stole user passwords from the University of Washington Medical Center in Seattle and gained access to files containing confidential information regarding approximately 5000 patients.
![Page 7: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/7.jpg)
77799-CE-257, 260 & 282
Why Network must be secured? ( cont. )
Result:
Organization's infrastructure can
lead to serious financial losses or
legal liabilities
![Page 8: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/8.jpg)
88899-CE-257, 260 & 282
Network Must be
Secured ...
![Page 9: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/9.jpg)
99999-CE-257, 260 & 282
But How ?
![Page 10: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/10.jpg)
10101099-CE-257, 260 & 282
Designing the Security Infrastructure
Objective
“The objective of network security is to protect networks and their applications against attacks, ensuring information availability, confidentiality and integrity”
![Page 11: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/11.jpg)
11111199-CE-257, 260 & 282
Designing the Security Infrastructure (cont.)
• Different Organizations have different Threats
• Security Model build on Organization
– Objective ( various factors )
– Different Risks of attacks or possible costs of repairing attack damages
![Page 12: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/12.jpg)
12121299-CE-257, 260 & 282
Designing the Security Infrastructure (cont.)
“Therefore, companies must perform cost-benefit analyses to evaluate
- The potential returns on investment for various network security technologies
- Components versus the opportunity costs of not implementing those items”
![Page 13: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/13.jpg)
13131399-CE-257, 260 & 282
Designing the Security Infrastructure (cont.)
Building Blocks are:
• Security Policy
• Security Architecture
• Security Technologies
![Page 14: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/14.jpg)
14141499-CE-257, 260 & 282
1. Security Policy
A security policy is a formal statement, supported by a company's highest levels of management, regarding the rules by which employees who have access to any corporate resource abide
![Page 15: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/15.jpg)
15151599-CE-257, 260 & 282
1. Security Policy (cont.)
• Its the primary prerequisite for implementing network security
• Its the driver for the security design process
![Page 16: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/16.jpg)
16161699-CE-257, 260 & 282
1. Security Policy (cont.)
• Two main issues:
- The security requirements as driven by the business needs of the organization
- The implementation guidelines regarding the available technology
![Page 17: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/17.jpg)
17171799-CE-257, 260 & 282
1. Security Policy (cont.)
• For example, an authentication policy that defines the levels of passwords and rights required for each type of user (corporate, remote, dial-in, VPN, administrators, and so forth), length of password etc.
![Page 18: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/18.jpg)
18181899-CE-257, 260 & 282
2. Security Architecture
• The security architecture should be developed by both the network design and the IT security teams
• It is typically integrated into the existing enterprise network and is dependent on the IT services that are offered through the network infrastructure
![Page 19: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/19.jpg)
19191999-CE-257, 260 & 282
2. Security Architecture (cont.)
Steps are:
• The access and security requirements of each IT service should be defined before the network is divided into modules with clearly identified trust levels
• Each module can be treated separately and assigned a different security model
• The goal is to have layers of security so that a "successful" intruder's access is constrained to a limited part of the network e.g. Ship Design contains a leak so that the entire ship does not sink
![Page 20: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/20.jpg)
20202099-CE-257, 260 & 282
2. Security Architecture (cont.)
• Layered Security Design limits the damage a security breach has on the health of the entire network.
• In addition, the architecture should define common security services to be implemented across the network.
![Page 21: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/21.jpg)
21212199-CE-257, 260 & 282
2. Security Architecture (cont.)
Typical services include:
• Password authentication, authorization, and accounting (AAA)
• Confidentiality provided by virtual private networks (VPNs)
• Access (trust model)
• Security monitoring by intrusion detection systems (IDSs)
![Page 22: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/22.jpg)
22222299-CE-257, 260 & 282
2. Security Architecture (cont.)
After the key decisions have been made, the security architecture should be deployed in a phased format, addressing the most critical areas first
![Page 23: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/23.jpg)
23232399-CE-257, 260 & 282
3. Security Technologies
• Selection of Security Technologies, which technology benefits organization
• Every network should include security components that address the following five aspects of network security are:
![Page 24: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/24.jpg)
24242499-CE-257, 260 & 282
3. Security Technologies (cont.)
1. Identity
2. Perimeter Security
3. Secure Connectivity
4. Security Monitoring
5. Security Policy Management
![Page 25: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/25.jpg)
25252599-CE-257, 260 & 282
1. Identity
• Identity is the accurate and positive identification of network users, hosts, applications, services and resources
• They ensure that authorized users gain access to the enterprise computing resources they need, while unauthorized users are denied access
• Radius, RAS, Cisco Secure Access Control Server
![Page 26: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/26.jpg)
26262699-CE-257, 260 & 282
2. Perimeter Security
• Perimeter security solutions control access to critical network applications, data, and services
• This access control is handled by routers and switches with access control lists (ACLs) and by dedicated firewall appliances
• A firewall provides a barrier to traffic crossing a network's "perimeter" and permits only authorized traffic to pass, according to a predefined security policy
• Cisco PIX® Firewall
![Page 27: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/27.jpg)
27272799-CE-257, 260 & 282
3. Secure Connectivity
• Companies must protect confidential information from eavesdropping during transmission
• By implementing Virtual Private Networks (VPNs) enterprises can establish private, secure communications across a public network usually the Internet and extend their corporate networks to remote offices, mobile users, telecommuters, and extranet partners
• Cisco VPN 3000 Concentrator Series and optimized routers
![Page 28: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/28.jpg)
28282899-CE-257, 260 & 282
4. Security Monitoring
• To ensure that their networks remain secure, companies should continuously monitor for attacks and regularly test the state of their security infrastructures
• Network vulnerability scanners can proactively identify areas of weakness, and intrusion detection systems can monitor and reactively respond to security events as they occur
• Its an another layer of security
• Firewalls typically do not address the internal threat presented by insiders
• Cisco Intrusion Detection System (IDS) , Cisco Secure Scanner
![Page 29: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/29.jpg)
29292999-CE-257, 260 & 282
5. Security Policy Management
• As networks grow in size and complexity, the requirement for centralized security policy management tools that can administer security elements is paramount
• Tools needed that can specify, manage, and audit the state of security policy
• CSPM
![Page 30: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/30.jpg)
30303099-CE-257, 260 & 282
Now Relax …
“You did your job – to secure your network”
![Page 31: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/31.jpg)
31313199-CE-257, 260 & 282
Concluding Annotations
• Identify organization critical areas
• Do cost-benefit analysis
• Define Security Policy
• Divide network in layers (modules)
• Design Security Model
• Implements Security Model
• Now, Monitor your Network
![Page 32: 1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.](https://reader035.fdocuments.us/reader035/viewer/2022062407/56649e205503460f94b0c65d/html5/thumbnails/32.jpg)
32323299-CE-257, 260 & 282
Questions
Comments appreciated!