1. Network Security

2. Trust Relationships (Trust Zones) • High trust (internal ) = f c (once you gain access); g p • Low trust () = more controls; fewer privileges • Trusted locations are systems • V partners are Semi trusted entities. You would give them access to non-publically available systems after being . • Customers are entities. After authentication, they can be given access to publically available systems.

3. Assessing the Risks • The first stage of designing security infrastructure for your organization is to that you might want to protect and to the organization if that asset is compromised. • Once you identify what needs to be protected, you then need to ask what you need to . • Conduct a comprehensive risk assessment to: • Identify all potential vulnerabilities • Assess the likelihood that they will be compromised. • Determine the impact/cost that will be incurred if the asset is compromised. • The combination of likelihood and impact are then combined to identify major inherent security risks.

4. Threats • Object, person, or other entity that represents a constant danger to an asset • Human error • Acts of Nature • Technical hardware or software failures – yours, a service provider’s • Deliberate Acts (attacks) – Sabotage, Vandalism, theft, software attacks (hacking, viruses, worms)

5. Defense in depth • Defense in depth • Implementation of security so that multiple layers of defense have to be circumvented to gain access to internal information and assets • Requires that organization establish sufficient security controls and safeguards so that an intruder faces . If one layer of security is breached, there will be another layer of security with • P and security are BOTH important. • How does a bank protect its assets?

6. Figure 5-15 – Spheres of Security IDS = Intrusion Detection System IR = Incident Response DR = Disaster Recovery BC = Business Continuity planning

7. Technology Controls • Access Controls – multiple levels – networks, systems, data • Intrusion Detection Systems • Disconnection • Monitoring Systems/Logging of User Activity • Proxy Servers • Firewalls • Encryption – in storage, in transmission • Backups • Antivirus • Redundant Systems • Patches and Upgrades

8. Definitions not found in CyberProtect Information • F : device that selectively discriminates against information flowing into or out of organization • Proxy Server: a separate computer that relays requests from an application to an untrusted zone, and receives responses before forwarding them back to the application.

9. Hardened Systems – Refers to stability and impenetrability of the operating system. Step 1 – Secure the Core Operating System • Eliminate unneeded services • Patch Management (both OS and Applications) • Avoid Unencrypted Protocols • Ensure Virus Protection • Rename Administrator Accounts • Change Default passwords • Disable Guest Accounts • Do not allow anonymous FTP • Control remote access to systems logs • Increase size of log files • File, Directory and other permissions. • Display a warning message for remote access

10. Hardened Systems • Step 2 – Apply Concept of – “Each subject should be granted the most restrictive set of privileges needed for the performance of authorized tasks. “ Usually accomplished through access control lists that are role-based. • Allow users only the system access that they specifically require to perform their role within the organization. • D

11. Hardened Systems • Step 3 - Separation of Duties – Cannot create new users, grant them access and activate their accounts. • Similar to NOT having the person who orders something also being the person responsible for receiving the goods. • This ensures that , and therefore reduces the risk of • Any local examples you can think of?