Chapter1a

23
FN612 : NetworkSecurity Jabatan Teknologi Maklumat & Komunikasi

description

network security

Transcript of Chapter1a

  • FN612 : NetworkSecurityJabatan Teknologi Maklumat & Komunikasi

  • Learning OutcomeBy the end of this topic, students shall be able to :

    Describe the need for network security.

    Describe an open security, closed security models and restrictive security models

    FN612 : Network Security

  • Why secure a Network ?To ensure:

    To protect our network from unauthorized user to access our data.

    Data is protected

    FN612 : Network Security

  • Information SecurityProtecting the interests of those relying on information, and the systems & communications that deliver the information, from harm, resulting from failures of :

    Confidentiality

    Availability

    Integrity

    FN612 : Network Security

  • Principle of SecurityConfidentiality

    Only the sender and the intended recipient(s) should be able to access the content of an information.FN612 : Network SecuritySecretLoss of ConfidentialityInterception

  • Principle of SecurityIntegrity

    The contents of a message didnt change and intact.FN612 : Network SecurityLoss of IntegrityIdeal route of the messageActual route of the messageTransfer $100Transfer $1000Modification

  • Principle of SecurityAvailability

    Resources should be available to authorized parties at all times.FN612 : Network SecurityAttack on AvailabilityInterruption

  • The Need of Network SecurityFN612 : Network Security Security has one purpose, to protect assets.

    For most of history, this meant building strong walls to stop the bad guys, and establishing small, well- guarded doors to provide secure access for the good guys.

    This strategy worked well for the centralized, fortress- like world of mainframe computers and closed networks

    Here we divide a network design by 3 :

    a) Open Networkb) Closed Network

  • Closed NetworkFN612 : Network Security The closed network typically consists of a network designed and implemented in a corporate environment and provides connectivity only to know parties and sites without connecting to public networks.

    Networks were designed this way in the past and thought to be reasonably secure because of no outside connectivity

  • Open NetworkFN612 : Network SecurityToday, network are more open, As e-business and Internet applications continue to grow, the key to network security lies in defining the balance between a closed and open network and differentiating the good guys from the bad guys.

  • Identify Potential RiskFN612 : Network SecurityA risk analysis should identify the risk to the network, network resource, and data.

    The intent of a risk analysis is to :

    To identify the components of the network Evaluate the importance of each component Apply an appropriate level of security

    This analysis helps to maintain a workable balance between security and required network access.

  • ContinueFN612 : Network SecurityAsset IdentificationIdentify the individual components that make up the network. You need to create an asset inventory that include all the network, device and endpoints.

    VulnerabilityExistence of weakness design, or implementation error that can lead to and unexpected, undesirable event compromising the security of the system.

    ThreatAn action or event that might prejudice security. A threat is a potential violation of security

  • Open VS Closed Security ModelFN612 : Network SecurityThe goals of any security design is to provide maximum security with minimum impact on user access and productivity.

    Security Policy vary greatly in design. 3 general types of security models are :

    Open Security Model Restrictive Security Model Closed Security Model

  • Open Security ModelFN612 : Network Security This model is easy to implement, protected assets are minimal, used are trusted and threats are minimal.

    LAN are not connected to Internet or WAN. When security breaches occur, they are likely to result in great damage and loss.

  • Open Security ModelFN612 : Network Security

  • Restrictive Security ModelFN612 : Network SecurityA restrictive security model is more difficult to implement. Many security measures are implemented in the design.

    Administrators configure exiting hardware and software for security capabilities in addition to deploying more costly hardware and software solutions such as firewalls, VPN, IDS, and identity servers. Firewalls and identity servers becomes the foundation of this model.

  • Restrictive Security ModelFN612 : Network Security

  • Closed Security ModelFN612 : Network SecurityA closed security mode is most difficult to implement. All available security measures are implemented in this design. Administrator configure existing hardware and software for maximum-security capabilities.

    This model, assumes that the protected assets are premium, all user are not trustworthy, and that threats are frequent.

  • Closed Security ModelFN612 : Network Security

  • Security Organization FN612 : Network SecurityMany organizations provide useful information for security professionals. There organizations provide information on detecting and responding both established and emerging information security threats. Below is an Organizations of Information Security :

    CERT/CC The CERT Coordination Center (CERT/CC) is a reporting center for Internet security issues. The CERT/CC plays a major roles in coordinating responses to Internet security threats.

    US-CERTThe United States Computer Emergency Readiness Team (US-CERT) and it responsible to: a) Analyzing and reducing cyber threats and vulnerabilitiesb) Disseminating cyber threat warning informationc) Coordinating incident-response activities.

  • Continue..FN612 : Network SecuritySANS Institute The SysAdmin, Audit Network Security (SANS) Institute was established in 1989 as a cooperative research and education organization. The SANS Institute develops and maintains research documents about various aspects of information security

    (ISC)2The International Information System Security Certification Consortium, Inc, (ISC2) is a non profit organization that maintains a collection of industry best practices for information security

    Common CriteriaThe Common Criteria is an international stand for evaluating IT Security. There are 7 security levels defined for the Common Criteria evaluation process, Evaluation Assurance Level 4(EAL4) is the highest universal evaluation level implemented under the Common Criteria today.

  • Continue..FN612 : Network SecurityFIPS The Federal Information Processing Standard (FIPS) 140 is a U.S and Canadian government standard that specifics security requirements for cryptographic modules. FIPS 140 has 4 levels of assurance, L1 is the lowest and L4 is the most stringent

    vii.ICSA ICSA Labs test firewalls against a standard set of functional and assurance criteria elements. ICSA Labs is presently testing firewalls and also test VPN devices for IP Security (IPsec) interoperability.

  • Security MethodFN612 : Network Security Logon : using strong password (encrypted login) File system install security patches regularly (install firewall) Data Communication restricted connection (do not open the network to the public without any monitoring)iv. Administrative depending to the network security personnel (monitor the network traffic all the time) wireshark