180 likes | 346 Views
Network Security 02. Dr. Pipat Sookavatana Department of Computer Engineering Mahanakorn University of Technology. Security Principles and Component. Asset and Risk Based INFOSEC (Information Security) Lifecycle model (ARBIL)
E N D
Network Security 02 Dr. Pipat Sookavatana Department of Computer Engineering Mahanakorn University of Technology
Security Principles and Component • Asset and Risk Based INFOSEC (Information Security) Lifecycle model (ARBIL) • Amodel represent an information security life cycle that can work for any organization
ARBIL • Understand Gain an understanding of • the organization’s mission; • its products and services; • the people, places, and departments that make up the organization; • And the assets that allow it to function and accomplish organizational goals and operational objectives in support of the mission. • Collect Compile information about • organizational, departmental, and group resources • Including people and data types, • computing and network infrastructure, • safeguards and controls in place, processes and procedures that are both in place and absent. • Conduct interviews, send questionnaires, and research project documents and strategic business and marketing documents.
Assess From the top down, starting with strategic business information to network and computing architecture, determine • the who, what, when, where, why, and how as they relate to the organizational mission, • the goals that support it, and the operational functions that are in place to make it happen. • Assess this information in the context of what safeguards and controls are currently in place or proposed, both technical and administrative. • Audit Once you understand the environments and the resources within them, perform a comprehensive audit of these environments and resources to benchmark the current security posture and the viability of in-place safeguards and controls.
Implement When corrective actions are determined, • they are prioritized and assigned for implementation. • Implementation can sometimes be driven by a cost-benefit analysis. • Manage Once the resources are properly assessed and audited, and the corrective actions taken, the safeguards and controls in place must be managed effectively • using the principles shown in the inner wheel of the ARBIL model. This phase is a transition for moving into the active security cycle of the inner wheel as well as restarting the understanding phase of the outer wheel.
ARBIL Inner Wheel • The inner circle of the ARBIL diagram comprises action-oriented safeguards and controls.
Safeguard Implement protective measures— • process, procedure, administrative, hardware and oftware —on and around organizational assets. • React Once an incident has been detected, • take appropriate measures and marshal resources to begin defending and recovering in a timely manner. • Monitor Audit and log system data and alerts, • and then assess that information for triggers and security events.
Recover Assess any damage, implement recovery measures, and reassess security needs given the incident. Any corrective measures determined will then feed into the safeguard phase. • Defend Reactive steps may be required to properly safeguard and mitigate damage occurring to assets.
Information Security Threats List • Confidentiality, integrity, and availability • are defined below in relation to information technology to provide a better understanding of how they relate to your information security goal.
Confidentiality (also known as secrecy), • meaning that the computing system's assets can be read only by authorized parties. • Integrity, • meaning that the assets can only be modified or deleted by authorized parties in authorized ways. • Availability, • meaning that the assets are accessible to the authorized parties in a timely manner (as determined by the systems requirements). The failure to meet this goal is called a denial of service.
INFOSEC TARGET MODEL Common network security targets model
Vulnerability List • Operating Systems • W1. Internet Explorer • W2. Windows Libraries • W3. Microsoft Office • W4. Windows Services • W5. Windows Configuration Weaknesses • M1. Mac OS X • U1. UNIX Configuration Weaknesses • Cross-Platform Applications • C1 Web Applications • C2. Database Software • C3. P2P File Sharing Applications • C4 Instant Messaging • C5. Media Players • C6. DNS Servers • C7. Backup Software • C8. Security, Enterprise, and Directory Management Servers • Network Devices • N1. VoIP Servers and Phones • N2. Network and Other Devices Common Configuration Weaknesses • Security Policy and Personnel • H1. Excessive User Rights and Unauthorized Devices • H2. Users (Phishing/Spear Phishing) • Special Section • Z1. Zero Day Attacks and Prevention Strategies IT realm is the SANS/FBI top 20 critical Internet security threats, available at http://www.sans.org/top20/.