1 / 33

Developing Network Security Strategies

Developing Network Security Strategies. ______________________ Robert DeWolf. Developing Network Security Strategies. Network Security Design. Network Security Mechanisms. S ecurity : DESIGN. Factors Affordances (E-Commerce) Remote-Access Services Business partners

indivar-sam
Télécharger la présentation

Developing Network Security Strategies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Developing Network Security Strategies ______________________ Robert DeWolf

  2. Developing NetworkSecurity Strategies Network Security Design Network Security Mechanisms

  3. Security: DESIGN • Factors • Affordances (E-Commerce) • Remote-Access Services • Business partners • Top-Down Approach • Customer development

  4. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  5. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  6. Identify network assets • Network Hosts • OS • Applications • Data • Internetworking Devices • Routers • Switches • Network Data • Other • Trade Secrets • Company Reputation

  7. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  8. Analyze security risks Expert Intruders AND End Users

  9. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  10. Analyze securityrequirements and tradeoffs • Affordability • Usability • Performance • Availability • Manageability • Tradeoffs • Packet Filters/Data Encryption

  11. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  12. Develop a security plan • Resources • (time/people) • How will users/managers be involved? • Is there a need for specialized Administrators? • Will you be training on Security Policies and Procedures?

  13. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  14. Define a security policy • According to RFC 2196, "Site Security Handbook:" • “A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide.” • Personnel • Components • Access • Accountability • Authentication • Computer-technology guidelines

  15. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  16. Develop procedures forapplying security policies • There’s been an attack… OMG!!!!! • Separate Procedures • Users • Network Admin • Security Admin • Training?

  17. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  18. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  19. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  20. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  21. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  22. Security: DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.

  23. Maintain security • Reading Logs • Responding to incidents • Staying current with security standards (hardware/software) • Updating the plan and policy

  24. Security:Mechanisms Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention

  25. Security:Mechanisms Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Equipment Natural Disasters

  26. Security:Mechanisms Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Something the user knows Something the user has Something the user is

  27. Security:Mechanisms Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Privileges

  28. Security:Mechanisms Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Logging tasks

  29. Security:Mechanisms Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Yeah yeah yeah…

  30. Security:Mechanisms Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Uses Authentication and Authorization methods

  31. Security:Mechanisms Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Enforce Enterprise to Internet

  32. Security:Mechanisms Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention (IDS) Notification (IPS) Traffic Blocker

  33. Sweet Acting

More Related