320 likes | 445 Views
Network Domain. Zach Curry, Nick Tsamis, Andrew Arvay. Network Administrator Levels. Identifies Network Responsibilities Eliminates Excess Costs Over Training Training Consistency Divided Into: Network Administrator Level 1 (NAL1) Network Administrator Level 2 (NAL2)
E N D
Network Domain Zach Curry, Nick Tsamis, Andrew Arvay
Network Administrator Levels • Identifies Network Responsibilities • Eliminates Excess Costs • Over Training • Training Consistency • Divided Into: • Network Administrator Level 1 (NAL1) • Network Administrator Level 2 (NAL2) • Network Administrator Level 3 (NAL3)
Network Administrator Levels • Network Administrator Level 1 • End user devices • Workstations • Local Ethernet Cables • VoIP Devices • User Account Management • New Users • User Groups • Removal of Users • Setting File Sharing Permissions • Group Based Permissions
Network Administrator Levels • Network Administrator Level 2 • Network Infrastructure • Switches/Routers • Cat5E/Cat6 Cabling • Network Backbone • Servers • Backups • Firewall Administration
Network Administrator Levels • Network Administrator Level 3 • Network Device Certification and Accreditation • Network Documentation • Network Topology • Continuity Of Operations Plan (COOP)
Network Admin Certification • Network Administrator Level 1 (NAL1) • Network+ Certification • Used to measure skill as a network technician • Hardware • Software • Installation • Troubleshooting • Connections • OSI Model • LAN/WAN Protocols
Network Admin Certification • Network Administrator Level 2 (NAL2) • Security+ Certification • Computer Security • Cryptography • Access Control • Disaster Recovery • Risk Management • Network Security • Compliance and Operational Security • Threats and Vulnerabilities • Application, Data, and Host Security • Identity Management
Network Admin Certification • Network Administrator Level 3 (NAL3) • CISSP Certification • Certified Information Systems Security Professional • Access Control Systems & Methodology • Applications & Systems Development • Business Continuity & Disaster Recovery Planning • Cryptography • Law, Investigation & Ethics • Operations Security (Computer) • Physical Security • Security Architecture, Models, & Management Practices • Telecommunications & Network Security
Continuity Of Operations Plan (COOP) • Backups • Frequency • Type • Full • Incremental • Differential • Retention • Offsite Location
Continuity Of Operations Plan (COOP) • Redundancy • Services • Primary Domain Controller (PDC/BDC) • DHCP/DNS • Network • Core Routers • Switches • Power • UPS • Circuits
Continuity Of Operations Plan (COOP) • Natural Disasters • Fire • Flooding • Tornadoes • Hurricane • Earthquake • Power Loss • Hot/Cold Alternate Backbone
Device Certification and Accreditation • Due Diligence • Network Devices Meet • Security Requirements • Policy Requirements • Clearance Requirements • Can affect security requirements • Continuous Process • Cradle to Grave
Network Defense Testing • Practice As You Play • Password Cracking • Phishing Attempts • Blue Team • Red Team • Detailed Reports • Action Requirements • Resolution Deadlines
Personnel Decertification Procedures • Notify Helpdesk/Security Manager • Leaving • Decertification • Relocation • Permissions Applied As Groups • Group Y has write access to resource X • Removal From Group = Removed Access • Much more efficient vs. User-based permissions
Network Topology • Physical – The way devices are laid out in a network • Example: Ring, Star, Bus, etc • Logical – How signals behave on the network • Example: Ethernet
Network Segmentation • Keep traffic separate • Network load • Load balancing • VLANs • Traffic types
IPS/IDS • Intrusion Prevention/Detection System • Log and alert on suspicious activity • Firewalls • DMZ
Hardening and Patching • Keep security software and operating systems up to date • Properly configure network devices to close security holes • Only expose needed services on the network
IP Addressing • Create subnets to segment traffic • Private IP subnets: • 192.168.0.0/16 • 172.16.0.0/12 • 10.0.0.0/8 • Reserve IPs for critical devices • IPv6 & IPv4
QoS Policy • Quality of Service • Deals with network contention • Telephony • Protocols
WAN Encryption Policy • Depending on the sensitivity of the information, different network requirements may exist for different hardware • Classified information/hardware should always be encrypted and must stay on classified networks • Non-classified and classified networks should be physically separated • Sensitive information that traverses a public network should be encrypted BEFORE it leaves the private network • Have no idea who’s snooping it once it leaves • Classified and Non-classified networks must remain independent • Classified information should never be accessible from a non-classified network; The network should enforce that unauthorized hardware and software not run where prohibited
WAN Encryption - VPN • Virtual Private Network • Allows the extension of a private network across a public network (internet) • Encryption should always be used when passing data across public networks • A VPN creates an encrypted ‘tunnel’ through which a remote client can connect to an enterprise network for instance – Host to Gateway • Employees may be required to use a server on the private network. A VPN can allow that employee to securely access private resources remotely • Gateway to Gateway connections allow a regional office’s network to connect to the head office’s network image credit: wikipedia
Incident Response • For the purposes of IT, incidents are observed when normal network operation is disturbed; some level of crisis may be observed. • DOS (intentional or unintentional) • Classified information leak • Others (Power outage/flood/brownout/cable or router failure) • The purpose of Incident Response is to minimize the impact that the incident causes both immediately and may potentially create in the future. • Identify the incident. • Gather necessary resources for response. • Execute applicable incident response plan.
Incident Response Requirements • Need to have response teams and plans in place • Security team and plan should be updated to address specific incident concerns • Plan needs to be THOROUGH and COMPLETE. May have the need for several different kinds of plans. • ‘Big red button’ plans • Minimize number and severity of security incidents • Contain damage; minimize additional/ongoing, risks • What actions are to be taken against discovered attackers/offenders; lawsuit/Employee reprimand/etc • Specify the appropriate personnel • Avoid “Too many cooks in the kitchen”
Financial Responsibility Distribution • Insurance coverage may apply; must fulfill all insurance requirements • Federal implications, e.g. HIPAA/ICO/PCI-DSS • Ensure compliance to auditing authorities: • Information privacy - ICO (UK) • HIPAA – department of HHS • PlayStation Network data leak ended in ~$300k fines • Credit card numbers remained encrypted • Other personal information was not, however • Attack was found to be ‘preventable’ (pwned)
Financial Responsibility Distribution • Who is responsible for paying for what resources in a given enterprise? • Must have a plan in place to define who pays for what in order to avoid finger pointing! • Especially important to have this defined in critical situations (incident response) • Example: data storage in an academic environment • Professor may utilize computing resources more than others for research outside of the institution’s scope
Network Authentication • Used to verify identity • User is who they say they are • Multi-factor authentication: more than one factor • Authentication factors: • Knowledge: something user knows e.g.: password • Possession: something user has e.g.: token • Inherence : something user is e.g.: retinal scan
Physical Security Policy • Least Privilege - basic pillar of security • Access rights are set at the minimum required level in order to perform job duties • Principle of effectiveness: • Must be using security controls properly in order for them to be effective (e.g.: Locks do no good if the key is in the lock) • Separation of duty `
Network Infrastructure Security • Two levels of security: • Basic physical perimeter security on campus • Shared facilities can create cause for concern • Workstations should remain locked and protected by the main physical perimeter at least • Controlled, monitored access around critical infrastructure devices (e.g.: sever room, building network switch) • All employees don’t need access to the server room • Should employ a security mechanism independent of the campus security All employee access Restricted access Server room Building switch Enterprise campus Switch Switch Switch Switch
References • http://technet.microsoft.com • http://www.techsecuritytoday.com/index.php/entry/who-ultimately-pays-for-a-security-breach • http://www.bu.edu/tech/files/2010/01/sc02_enterasys.pdf • http://www.abetterkeywaylocksmith.com/images/content/cabinet-key-services.jpg?nxg_versionuid=published • http://docs.oracle.com/cd/B10501_01/network.920/a96582/scn81082.gif • http://www.confidenttechnologies.com/files/Post%20it%20note%20password.jpg • http://img.tfd.com/cde/_SECURID.GIF • http://webdesignlists.com/wp-content/uploads/2012/09/retinal-scan.jpg • http://4.bp.blogspot.com/_2ZvV0BgOUE0/TGikpYJwKYI/AAAAAAAAA4Q/5RgEQ9TR1zg/s1600/shrug.jpg • http://commons.wikimedia.org/wiki/File:Finger-pointing-icon.png • http://commons.wikimedia.org/wiki/File:DHS_Network_Topology.jpg • http://en.wikipedia.org/wiki/CompTIA • https://www.isc2.org/CISSP/Default.aspx