Defending network

Cryptography ensures three components of information security:

  • Confidentiality
  • Integrity
  • Availability

Network data can be encrypted (made unreadable to unauthorized users) using various cryptography applications. The conversation between two IP phone users can be encrypted. The files on a computer can also be encrypted. These are just a few examples. Cryptography can be used almost anywhere that there is data communication. In fact, the trend is toward all communication being encrypted.

The concepts of confidentiality, integrity, and availability will be discussed often throughout this course.

Network Security Domains

It is vital for network security professionals to understand the reasons for network security. They must also be familiar with the organizations dedicated to network security, as well as the 12 network security domains.

Domains provide a framework for discussing network security.

There are 12 network security domains specified by the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC). Described by ISO/IEC 27002, these 12 domains serve to organize, at a high level, the vast realm of information under the umbrella of network security. These domains have some significant parallels with domains defined by the Certified Information Systems Security Professional (CISSP) certification.

  1. Risk assessment: This is the first step in the risk management process. It determines the quantitative and qualitative value of risk related to a specific situation or recognized threat.
  2. Security Policy: A document that addresses the constraints and behaviors of members of an organization and often specifies how data can be accessed and what data is accessible by whom.
  3. Organizations of information security: This is the governance model set out by an organization for information security.
  4. Asset management: This is an inventory of and classification scheme for information assets.
  5. Human Resource security: This addresses security procedures relating to employees joining, moving within, and leaving an organization.
  6. Physical and environmental security: This describes the protection of the computer facilities within an organization.
  7. Communication and operations management: This describes the management of technical security controls in systems and networks.
  8. Access control: This describes the restriction of access rights to networks, systems, applications, functions, and data.
  9. Information system acquisitions, development and maintenance: This describes how to anticipate and respond to information security breaches.
  10. Information security incident management: This describes how to anticipate and respond to information security breaches.
  11. Business continuity management:This describes the protection, maintenance, and recovery of business-critical processes and systems.
  12. Compliance: This describes the process of ensuring conformance with information security policies, standards, and regulations.
Security policy domain

One of the most important domains is the security policy domain. A security policy is a formal statement of the rules by which people that are given access to the technology and information assets of an organization, must abide. The concept, development, and application of a security policy are critical to keeping an organization secure. It is the responsibility of network security professionals to weave the security policy into all aspects of business operations within an organization.

The network security policy is a broad, end-to-end document designed to be clearly applicable to an organization’s operations. The policy is used to aid in network design, convey security principles, and facilitate network deployments.

The network security policy outlines rules for network access, determines how policies are enforced, and describes the basic architecture of the organization’s network security environment. Because of its breadth of coverage and impact, it is usually compiled by a committee, It is a complex document meant to govern items such as data access, web browsing, password usage, encryption, and email attachments.

When a policy is created, it must be clear what services will be made available to specific users. The network security policy establishes a hierarchy of access permissions, giving employees only the minimal access necessary to perform their work.

The network security policy outlines what assets should be protected and gives guidance on how they should be protected. This will then be used to determine the security devices and mitigation strategies and procedures that should be implemented on the network. One possible guideline that administrators can use when developing the security policy, and when determining various mitigation strategies, is the Cisco SecureX architecture.

 A network security policy explicitly defines how frequently virus software updates and virus definition updates must be installed. Additionally, the network security policy includes guidelines for what users can and cannot do. This is normally stipulated as a formal acceptable use policy (AUP). The AUP must be as explicit as possible to avoid misunderstanding.

The Security Artichoke

A common analogy used to describe what a hacker must do to launch an attack was called the “Security Onion.” In the analogy, a hacker would have to peel away at a network’s defense mechanisms in a similar manner to peeling an onion.

The Borderless network has changed this analogy to the “Security Artichoke.” In this analogy, hackers no longer have to peel away each layer. They only need to remove certain ‘artichoke leafs’. The bonus is that each ’leaf’ of the network may reveal sensitive data that is not well secured. And leaf after leaf, it all leads the hacker to more data. The heart of the artichoke is where the most confidential data is found. Each leaf provides a layer of protection while simultaneously providing a path to attack.

Not every leaf needs to be removed in order to get at the heart of the artichoke. The hacker chips away at the security armor along the perimeter to get to the “heart” of the enterprise.

While Internet-facing systems are usually very well protected and boundary protections are typically solid, persistent hackers, aided by a mix of skill and luck, do eventually find a gap in that hard-core exterior through which they can enter and go where they please.

 

 SecureX