Principles & Practices

decisioncrunchΔίκτυα και Επικοινωνίες

20 Νοε 2013 (πριν από 3 χρόνια και 4 μήνες)

73 εμφανίσεις

Network Security

Principles & Practices

By Saadat Malik

Cisco Press

2003


Network Security

2



Chapter 1



Introduction to Network Security


Model of Network Security Process


Elements of Network Security Policy


Elements of Network Security Design


Case Study

Network Security

3

Network Security

4

Elements of a Network Security Policy


Based on
FRC 2196 Site Security Handbook
.

B. Fraser.
September 1997. (
ftp://ftp.rfc
-
editor.org/in
-
notes/rfc2196.txt
)


1.
Computer technology purchasing guidelines



wrt security features

2.
Privacy policy



emails, user data

3.
Access policy



control of access to assets

4.
Accountability policy



roles/responsibilities, auditing, incident handling

Network Security

5

Elements of a Network Security Policy
(2)

5.
Authentication policy (identity management)



passwords, remote authentication, smart cards

6.
Availability statement



expected availability, QoS, hours

7.
Maintenance policy for IT system & network



esp. remote admin, outsourcing

8.
Violations reporting policy



types of violations, anonymous reporting?

9.
Supporting information



point(s) of contact, publicity, company policies, …

Network Security

6

Network Security Design


Assets + Threats + Risks


Policies



Policies + Control measures (tools,
procedures, etc.)


Design


Network Security

7

Elements of Network Security Design


Device security features

Admin passwords, Secure Shell, …


Firewalls


VPN

Client
-
server VPN, site
-
to
-
site VPN


IDS


AAA (Radius server)


Access control

Access Control Lists, Committed Access Rate


And more … ?

Network Security

8

Case Study


pp. 12
-
21



Exercise A: Draw a network diagram to show the
network security design of Biotech, Inc.



Exercise B: In Table 1
-
1, three criteria
(confidentiality, integrity, and availability) are
used in constructing the ‘critical asset risk rating’
table. Add two more criteria, origin integrity and
non
-
repudiability, into the table, and assign risk
ratings to the two new columns. Justify your
answer.

Network Security

9

Network Security Design:

An Exercise

1.
Refer to the paper “Design of Distributed Computer Security Lab”.

Journal of Computing Sciences in Colleges. Volume 20, Issue 1
. October
2004.
http://sce.cl.uh.edu/yang/research/DCSL%20RMCCSC04.pdf



2.
Task: The DCSL lab is currently located in Delta 140. A new Computer
Security Lab (CSL) is to be added to Delta 158. The new lab will consist
of 30 desktop computers, connected to a switch, through which a
connection to the DCSL network is established.

a)
Identify the assets.

b)
Identify the threats.

c)
Risk Analysis.

d)
Devise security policies based on the requirements you have collected from
the paper and from relevant personnel.

e)
Draw a network security diagram to illustrate your design of the complete
DCSL and CSL labs. Indicate what control measures are to be adopted to
counter the threats.