FN612 : NetworkSecurityJabatan Teknologi Maklumat & Komunikasi

Learning OutcomeBy the end of this topic, students shall be able to :

Describe the need for network security.

Describe an open security, closed security models and restrictive security models

FN612 : Network Security

Why secure a Network ?To ensure:

To protect our network from unauthorized user to access our data.

Data is protected

FN612 : Network Security

Information SecurityProtecting the interests of those relying on information, and the systems & communications that deliver the information, from harm, resulting from failures of :

Confidentiality

Availability

Integrity

FN612 : Network Security

Principle of SecurityConfidentiality

Only the sender and the intended recipient(s) should be able to access the content of an information.FN612 : Network SecuritySecretLoss of ConfidentialityInterception

Principle of SecurityIntegrity

The contents of a message didnt change and intact.FN612 : Network SecurityLoss of IntegrityIdeal route of the messageActual route of the messageTransfer $100Transfer $1000Modification

Principle of SecurityAvailability

Resources should be available to authorized parties at all times.FN612 : Network SecurityAttack on AvailabilityInterruption

The Need of Network SecurityFN612 : Network Security Security has one purpose, to protect assets.

For most of history, this meant building strong walls to stop the bad guys, and establishing small, well- guarded doors to provide secure access for the good guys.

This strategy worked well for the centralized, fortress- like world of mainframe computers and closed networks

Here we divide a network design by 3 :

a) Open Networkb) Closed Network

Closed NetworkFN612 : Network Security The closed network typically consists of a network designed and implemented in a corporate environment and provides connectivity only to know parties and sites without connecting to public networks.

Networks were designed this way in the past and thought to be reasonably secure because of no outside connectivity

Open NetworkFN612 : Network SecurityToday, network are more open, As e-business and Internet applications continue to grow, the key to network security lies in defining the balance between a closed and open network and differentiating the good guys from the bad guys.

Identify Potential RiskFN612 : Network SecurityA risk analysis should identify the risk to the network, network resource, and data.

The intent of a risk analysis is to :

To identify the components of the network Evaluate the importance of each component Apply an appropriate level of security

This analysis helps to maintain a workable balance between security and required network access.

ContinueFN612 : Network SecurityAsset IdentificationIdentify the individual components that make up the network. You need to create an asset inventory that include all the network, device and endpoints.

VulnerabilityExistence of weakness design, or implementation error that can lead to and unexpected, undesirable event compromising the security of the system.

ThreatAn action or event that might prejudice security. A threat is a potential violation of security

Open VS Closed Security ModelFN612 : Network SecurityThe goals of any security design is to provide maximum security with minimum impact on user access and productivity.

Security Policy vary greatly in design. 3 general types of security models are :

Open Security Model Restrictive Security Model Closed Security Model

Open Security ModelFN612 : Network Security This model is easy to implement, protected assets are minimal, used are trusted and threats are minimal.

LAN are not connected to Internet or WAN. When security breaches occur, they are likely to result in great damage and loss.

Open Security ModelFN612 : Network Security

Restrictive Security ModelFN612 : Network SecurityA restrictive security model is more difficult to implement. Many security measures are implemented in the design.

Administrators configure exiting hardware and software for security capabilities in addition to deploying more costly hardware and software solutions such as firewalls, VPN, IDS, and identity servers. Firewalls and identity servers becomes the foundation of this model.

Restrictive Security ModelFN612 : Network Security

Closed Security ModelFN612 : Network SecurityA closed security mode is most difficult to implement. All available security measures are implemented in this design. Administrator configure existing hardware and software for maximum-security capabilities.

This model, assumes that the protected assets are premium, all user are not trustworthy, and that threats are frequent.

Closed Security ModelFN612 : Network Security

Security Organization FN612 : Network SecurityMany organizations provide useful information for security professionals. There organizations provide information on detecting and responding both established and emerging information security threats. Below is an Organizations of Information Security :

CERT/CC The CERT Coordination Center (CERT/CC) is a reporting center for Internet security issues. The CERT/CC plays a major roles in coordinating responses to Internet security threats.

US-CERTThe United States Computer Emergency Readiness Team (US-CERT) and it responsible to: a) Analyzing and reducing cyber threats and vulnerabilitiesb) Disseminating cyber threat warning informationc) Coordinating incident-response activities.

Continue..FN612 : Network SecuritySANS Institute The SysAdmin, Audit Network Security (SANS) Institute was established in 1989 as a cooperative research and education organization. The SANS Institute develops and maintains research documents about various aspects of information security

(ISC)2The International Information System Security Certification Consortium, Inc, (ISC2) is a non profit organization that maintains a collection of industry best practices for information security

Common CriteriaThe Common Criteria is an international stand for evaluating IT Security. There are 7 security levels defined for the Common Criteria evaluation process, Evaluation Assurance Level 4(EAL4) is the highest universal evaluation level implemented under the Common Criteria today.

Continue..FN612 : Network SecurityFIPS The Federal Information Processing Standard (FIPS) 140 is a U.S and Canadian government standard that specifics security requirements for cryptographic modules. FIPS 140 has 4 levels of assurance, L1 is the lowest and L4 is the most stringent

vii.ICSA ICSA Labs test firewalls against a standard set of functional and assurance criteria elements. ICSA Labs is presently testing firewalls and also test VPN devices for IP Security (IPsec) interoperability.

Security MethodFN612 : Network Security Logon : using strong password (encrypted login) File system install security patches regularly (install firewall) Data Communication restricted connection (do not open the network to the public without any monitoring)iv. Administrative depending to the network security personnel (monitor the network traffic all the time) wireshark