Developing Effective Network Security Strategies

network governance n.w
1 / 34
Embed
Share

This session discusses the importance of developing network security strategies, the steps involved in creating a robust security plan, and the identification of network assets, security risks, and tradeoffs. It also emphasizes the significance of implementing technical strategies, testing security measures, and maintaining security in an organization.

  • Network Security
  • Security Strategies
  • Network Assets
  • Security Risks
  • Security Policy
rayaanacharya
scarl Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Network Governance SESSION 6 Developing Network Security Strategies D5727 Dr. Eng. Nico Surantha, ST., MT.

  2. OUTLINE 1. 2. 3. NETWORK SECURITY DESIGN SECURITY MECHANISMS MODULARIZING SECURITY DESIGN

  3. Network Security Design The 12 Step Program 1. Identify network assets 2. Analyze security risks 3. Analyze security requirements and tradeoffs 4. Develop a security plan 5. Define a security policy 6. Develop procedures for applying security policies Bina Nusantara University

  4. The 12 Step Program (continued) 7. 8. Develop a technical implementation strategy Achieve buy-in from users, managers, and technical staff Train users, managers, and technical staff 10. Implement the technical strategy and security procedures 11. Test the security and update it if any problems are found 12. Maintain security 9. Bina Nusantara University

  5. Network Assets Hardware Software Applications Data Intellectual property Trade secrets Company s reputation Bina Nusantara University

  6. Security Risks Hacked network devices Data can be intercepted, analyzed, altered, or deleted User passwords can be compromised Device configurations can be changed Reconnaissance attacks Denial-of-service attacks Bina Nusantara University

  7. Security Tradeoffs Tradeoffs must be made between security goals and other goals: Affordability Usability Performance Availability Manageability Bina Nusantara University

  8. A Security Plan High-level document that proposes what an organization is going to do to meet security requirements Specifies time, people, and other resources that will be required to develop a security policy and achieve implementation of the policy Bina Nusantara University

  9. A Security Policy Per RFC 2196, The Site Security Handbook, a security policy is a Formal statement of the rules by which people who are given access to an organization s technology and information assets must abide. The policy should address Access, accountability, authentication, privacy, and computer technology purchasing guidelines Bina Nusantara University

  10. Security Mechanisms Physical security Authentication Authorization Accounting (Auditing) Data encryption Packet filters Firewalls Intrusion Detection Systems (IDSs) Bina Nusantara University

  11. Modularizing Security Design Security defense in depth Network security should be multilayered with many different techniques used to protect the network Belt-and-suspenders approach Don t get caught with your pants down Bina Nusantara University

  12. Modularizing Security Design Secure all components of a modular design: Internet connections Public servers and e-commerce servers Remote access networks and VPNs Network services and network management Server farms User services Wireless networks Bina Nusantara University

  13. Ciscos Enterprise Composite Network Model Enterprise Campus Enterprise Edge Service Provide r Edge Building Access E-Commerce ISP A Infrastructure Building Distribution Network Management Edge ISP B Campus Internet Connectivity Distribution Campus Backbone PSTN VPN/ Remote Access Frame Relay, ATM WAN Server Farm Bina Nusantara University

  14. Cisco SAFE Cisco SAFE Blueprint addresses security in every module of a modular network architecture. Bina Nusantara University

  15. Securing Internet Connections Physical security Firewalls and packet filters Audit logs, authentication, authorization Well-defined exit and entry points Routing protocols that support authentication Bina Nusantara University

  16. Securing Public Servers Place servers in a DMZ that is protected via firewalls Run a firewall on the server itself Enable DoS protection Limit the number of connections per timeframe Use reliable operating systems with the latest security patches Maintain modularity Front-end Web server doesn t also run other services Bina Nusantara University

  17. Security Topologies DMZ Enterprise Network Internet Web, File, DNS, Mail Servers Bina Nusantara University

  18. Security Topologies Internet Firewall DMZ Enterprise Network Web, File, DNS, Mail Servers Bina Nusantara University

  19. Securing Remote-Access and Virtual Private Networks Physical security Firewalls Authentication, authorization, and auditing Encryption One-time passwords Security protocols CHAP RADIUS IPSec Bina Nusantara University

  20. Securing Network Services Treat each network device (routers, switches, and so on) as a high-value host and harden it against possible intrusions Require login IDs and passwords for accessing devices Require extra authorization for risky configuration commands Use SSH rather than Telnet Change the welcome banner to be less welcoming Bina Nusantara University

  21. Securing Server Farms Deploy network and host IDSs to monitor server subnets and individual servers Configure filters that limit connectivity from the server in case the server is compromised Fix known security bugs in server operating systems Require authentication and authorization for server access and management Limit root password to a few people Avoid guest accounts Bina Nusantara University

  22. Securing User Services Specify which applications are allowed to run on networked PCs in the security policy Require personal firewalls and antivirus software on networked PCs Implement written procedures that specify how the software is installed and kept current Encourage users to log out when leaving their desks Consider using 802.1X port-based security on switches Bina Nusantara University

  23. Securing Wireless Networks Place wireless LANs (WLANs) in their own subnet or VLAN Simplifies addressing and makes it easier to configure packet filters Require all wireless (and wired) laptops to run personal firewall and antivirus software Disable beacons that broadcast the SSID, and require MAC address authentication Except in cases where the WLAN is used by visitors Bina Nusantara University

  24. WLAN Security Options Wired Equivalent Privacy (WEP) IEEE 802.11i Wi-Fi Protected Access (WPA) IEEE 802.1X Extensible Authentication Protocol (EAP) Lightweight EAP or LEAP (Cisco) Protected EAP (PEAP) Virtual Private Networks (VPNs) Any other acronyms we can think of? :-) Bina Nusantara University

  25. Wired Equivalent Privacy (WEP) Defined by IEEE 802.11 Users must possess the appropriate WEP key that is also configured on the access point 64 or 128-bit key (or passphrase) WEP encrypts the data using the RC4 stream cipher method Infamous for being crackable Bina Nusantara University

  26. WEP Alternatives Vendor enhancements to WEP Temporal Key Integrity Protocol (TKIP) Every frame has a new and unique WEP key Advanced Encryption Standard (AES) IEEE 802.11i Wi-Fi Protected Access (WPA) from the Wi- Fi Alliance Realistic parts of IEEE 802.11i now! Bina Nusantara University

  27. Extensible Authentication Protocol (EAP) With 802.1X and EAP, devices take on one of three roles: The supplicant resides on the wireless LAN client The authenticator resides on the access point An authentication server resides on a RADIUS server Bina Nusantara University

  28. EAP (Continued) An EAP supplicant on the client obtains credentials from the user, which could be a user ID and password The credentials are passed by the authenticator to the server and a session key is developed Periodically the client must reauthenticate to maintain network connectivity Reauthentication generates a new, dynamic WEP key Bina Nusantara University

  29. Ciscos Lightweight EAP (LEAP) Standard EAP plus mutual authentication The user and the access point must authenticate Used on Cisco and other vendors products Bina Nusantara University

  30. Other EAPs EAP-Transport Layer Security (EAP-TLS) was developed by Microsoft Requires certificates for clients and servers. Protected EAP (PEAP) is supported by Cisco, Microsoft, and RSA Security Uses a certificate for the client to authenticate the RADIUS server The server uses a username and password to authenticate the client EAP-MD5 has no key management features or dynamic key generation Uses challenge text like basic WEP authentication Authentication is handled by RADIUS server Bina Nusantara University

  31. VPN Software on Wireless Clients Safest way to do wireless networking for corporations Wireless client requires VPN software Connects to VPN concentrator at HQ Creates a tunnel for sending all traffic VPN security provides: User authentication Strong encryption of data Data integrity Bina Nusantara University

  32. Conclusion Use a top-down approach Chapter 2 talks about identifying assets and risks and developing security requirements Chapter 5 talks about logical design for security (secure topologies) Chapter 8 talks about the security plan, policy, and procedures Chapter 8 also covers security mechanisms and selecting the right mechanisms for the different components of a modular network design Bina Nusantara University

  33. DAFTAR PUSTAKA/SUMBER Oppenheimer, Priscilla. (2013). Top Down Network Design. 3rd Edition. Cisco Press. Indianapolis. ISBN: 978-1-58705- 152-4. Hummel, S. L. (2015). Cisco Design Fundamentals: Multilayered Network Architecture and Design for Network Engineers. Bruno, A., & Jordan, S. (2016). CCDA 200-310 Official Cert Guide. Cisco Press.

  34. Thank You Thank You

Related


State of Letaba TVET College: Presentation to Portfolio Committee

State of Letaba TVET College: Presentation to Portfolio Committee

roisin
Transforming Governance Programme by Cause4

Transforming Governance Programme by Cause4

irina
Intro to Governance of Ontario Nonprofit Corporations.

Intro to Governance of Ontario Nonprofit Corporations.

eliot
Modeling and Generation of Realistic Network Activity Using Non-Negative Matrix Factorization

Modeling and Generation of Realistic Network Activity Using Non-Negative Matrix Factorization

sidra
TVET Colleges Governance Report Summary June 2023

TVET Colleges Governance Report Summary June 2023

mollie
The Shift from Government to Governance

The Shift from Government to Governance

princess
Governance & the Curriculum Committee: Understanding Regulations and Structures for Effective Governance

Governance & the Curriculum Committee: Understanding Regulations and Structures for Effective Governance

rayan
Network Slicing with OAI 5G CN Workshop Overview

Network Slicing with OAI 5G CN Workshop Overview

justice
Enhancing Governance and Service Delivery: Insights from PNG Australia Governance Partnership

Enhancing Governance and Service Delivery: Insights from PNG Australia Governance Partnership

zaven
Enhancing Higher Education Governance in Saudi Universities: A Case Study of Jeddah University

Enhancing Higher Education Governance in Saudi Universities: A Case Study of Jeddah University

kason
The Praia Group on Governance Statistics Handbook

The Praia Group on Governance Statistics Handbook

cross
European Open Science Cloud Governance Development Forum Summary

European Open Science Cloud Governance Development Forum Summary

eva_fai
Salinity in Seawater: Density, Composition, and Variations

Salinity in Seawater: Density, Composition, and Variations

kyliann
Governance Reform Update and Priorities Summary for PMNCH

Governance Reform Update and Priorities Summary for PMNCH

kgirt
Participatory Governance Assessments in REDD+ and Global Democratic Governance Programmes

Participatory Governance Assessments in REDD+ and Global Democratic Governance Programmes

manto
Future Role of State Governance through Meta-Governance and Political Leadership

Future Role of State Governance through Meta-Governance and Political Leadership

lbra
Enhancing VET Governance for Effective Policy and Data Utilization

Enhancing VET Governance for Effective Policy and Data Utilization

dlil
Pension Committee Self-Assessment - Saint Mary's University Pension Plan Governance Review

Pension Committee Self-Assessment - Saint Mary's University Pension Plan Governance Review

pble
Challenges and Governance Models in Healthcare Board Leadership

Challenges and Governance Models in Healthcare Board Leadership

lflin
Autonomous Governance & Risk Management in New Financial Ecosystems

Autonomous Governance & Risk Management in New Financial Ecosystems

maye_l
Corporate Governance: Importance and Impact

Corporate Governance: Importance and Impact

scott_v
Enhancing Network Stability with Network Monitoring Systems

Enhancing Network Stability with Network Monitoring Systems

rosa_735

More Related Content