View
254
Download
3
Tags:
Embed Size (px)
Citation preview
SECURITY: DESIGN
•Factors- Affordances (E-Commerce)- Remote-Access Services- Business partners
•Top-Down Approach- Customer development
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
Identify network assets
•Network HostsOSApplicationsData
•Internetworking DevicesRoutersSwitches
•Network Data
•OtherTrade SecretsCompany Reputation
SECURITY: DESIGN
Identify network assets.
Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
SECURITY: DESIGN
Identify network assets.Analyze security risks.
Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
Analyze security requirements and tradeoffs
•Affordability•Usability•Performance•Availability•Manageability
•TradeoffsPacket Filters/Data Encryption
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.
Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
Develop a security plan
•Resources(time/people)
How will users/managers be involved?
Is there a need for specialized Administrators?
Will you be training on Security Policies and Procedures?
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.
Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
Define a security policy
According to RFC 2196, "Site Security Handbook:"
“A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide.”
•Personnel
•ComponentsAccessAccountabilityAuthenticationComputer-technology guidelines
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.
Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
Develop procedures for applying security policies
There’s been an attack… OMG!!!!!
•Separate ProceduresUsersNetwork AdminSecurity Admin
•Training?
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.
Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.
Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.
Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.
Implement the technical strategy and security procedures.Test the security and update it if any problems are found.Maintain security.
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.
Test the security and update it if any problems are found.Maintain security.
SECURITY: DESIGN
Identify network assets.Analyze security risks.Analyze security requirements and tradeoffs.Develop a security plan.Define a security policy.Develop procedures for applying security policies.Develop a technical implementation strategy.Achieve buy-in from users, managers, and technical staff.Train users, managers, and technical staff.Implement the technical strategy and security procedures.Test the security and update it if any problems are found.
Maintain security.
Maintain security
•Reading Logs
•Responding to incidents
•Staying current with security standards (hardware/software)
•Updating the plan and policy
SECURITY: MECHANISMS
Physical SecurityAuthenticationAuthorization
Accounting/AuditingData Encryption
Packet FiltersFirewalls
Intrusion DetectionIntrusion Prevention
SECURITY: MECHANISMS
Physical SecurityAuthenticationAuthorization
Accounting/AuditingData Encryption
Packet FiltersFirewalls
Intrusion DetectionIntrusion Prevention
Equipment
Natural Disasters
SECURITY: MECHANISMS
Physical SecurityAuthenticationAuthorization
Accounting/AuditingData Encryption
Packet FiltersFirewalls
Intrusion DetectionIntrusion Prevention
Something the user knows
Something the user has
Something the user is
SECURITY: MECHANISMS
Physical SecurityAuthenticationAuthorization
Accounting/AuditingData Encryption
Packet FiltersFirewalls
Intrusion DetectionIntrusion Prevention
Privileges
SECURITY: MECHANISMS
Physical SecurityAuthenticationAuthorization
Accounting/AuditingData Encryption
Packet FiltersFirewalls
Intrusion DetectionIntrusion Prevention
Logging tasks
SECURITY: MECHANISMS
Physical SecurityAuthenticationAuthorization
Accounting/AuditingData Encryption
Packet FiltersFirewalls
Intrusion DetectionIntrusion Prevention
Yeah yeah yeah…
SECURITY: MECHANISMS
Physical SecurityAuthenticationAuthorization
Accounting/AuditingData Encryption
Packet FiltersFirewalls
Intrusion DetectionIntrusion Prevention
Uses Authentication and Authorization
methods
SECURITY: MECHANISMS
Physical SecurityAuthenticationAuthorization
Accounting/AuditingData Encryption
Packet FiltersFirewalls
Intrusion DetectionIntrusion Prevention
Enforce
Enterprise to Internet
SECURITY: MECHANISMS
Physical SecurityAuthenticationAuthorization
Accounting/AuditingData Encryption
Packet FiltersFirewalls
Intrusion DetectionIntrusion Prevention
(IDS)Notification
(IPS)Traffic Blocker