P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

19
PRINCIPLES OF NETWORKING SECURITY CHAPTERS 3 & 4 Matt Lavoie NST281-01

Transcript of P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Page 1: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

PRINCIPLES OF NETWORKING SECURITYCHAPTERS 3 & 4Matt Lavoie

NST281-01

Page 2: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.
Page 3: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Matt Lavoie

NST281-01

CHAPTER 3:

OPERATIONAL AND ORGANIZATIONAL SECURITY

Page 4: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Security in Your Organization

Policy: A broad statement of accomplishment

Procedure: The step-by-step method to implement a policy

Standards: Mandatory elements of implementing a policy

Guidelines: Recommendations related to a policy

Page 5: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Security in Your Organization Policy Lifecycle:

Plan Implement Monitor Evaluate

Establish a security perimeter

Page 6: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Physical Security

Mechanisms to restrict physical access to computers and networks

Locks (combination/biometric/keyed) Video surveillance, logs, guards A room has six sides Physical barriers (gates/walls, man-traps,

open space)

Page 7: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Environmental Issues

HVAC Systems: Climate control

UPS/Generators: Power failure

Fire Protection: Detect/suppress

Off-Site Backups: Bad stuff happens

Page 8: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Other Issues

Wireless Wi-Fi / Cellular / Bluetooth

Electromagnetic Eavesdropping TEMPEST

Location Bury the sensitive stuff

Page 9: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.
Page 10: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Matt Lavoie

NST281-01

CHAPTER 4:

THE ROLE OF PEOPLE IN SECURITY

Page 11: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Social Engineering

Making people talk Questions, emotions, weaknesses

Obtaining insider info (or having it) Knowledge of security procedures

Phishing Impersonation

Page 12: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Social Engineering

Vishing Trust in voice technology (VoIP, POTS)

Shoulder surfing Observation for passcodes, PINs, etc

Reverse social engineering Victim initiates contact

Page 13: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Poor Security Practices

Password selection Too short Not complicated Easy to guess Information on a person

Password policies Can encourage bad behavior

Page 14: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Poor Security Practices

Same password, multiple accounts One compromises all

Piggybacking Controlled access points

Dumpster Diving Sensitive information discarded

Page 15: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Poor Security Practices

Installing software/hardware Backdoors/rogue access points

Physical access by non-employees Control who gets in Pizza and flowers Legitimate access, nefarious intentions

Page 16: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

People as a Security Tool

Security Awareness Training/refreshers Be alert Don’t stick your head in the sand

Individual User Responsibilities Keep secure material secure

Page 17: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.
Page 18: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

In a properly secured environment, people are the weakest link

A system with physical access is a compromised system

What Have We Learned?

Page 19: P RINCIPLES OF N ETWORKING S ECURITY C HAPTERS 3 & 4 Matt Lavoie NST281-01.

Questions and Answers