90 likes | 109 Views
Network Security Principles & Practices. By Saadat Malik Cisco Press 2003. – Chapter 1 – Introduction to Network Security. Model of Network Security Process Elements of Network Security Policy Elements of Network Security Design Case Study. Elements of a Network Security Policy.
E N D
Network Security Principles & Practices By Saadat Malik Cisco Press 2003
– Chapter 1 – Introduction to Network Security • Model of Network Security Process • Elements of Network Security Policy • Elements of Network Security Design • Case Study Network Security
Elements of a Network Security Policy • Based on FRC 2196 Site Security Handbook. B. Fraser. September 1997. (ftp://ftp.rfc-editor.org/in-notes/rfc2196.txt) • Computer technology purchasing guidelines – wrt security features • Privacy policy – emails, user data • Access policy – control of access to assets • Accountability policy – roles/responsibilities, auditing, incident handling Network Security
Elements of a Network Security Policy (2) • Authentication policy (identity management) – passwords, remote authentication, smart cards • Availability statement – expected availability, QoS, hours • Maintenance policy for IT system & network – esp. remote admin, outsourcing • Violations reporting policy – types of violations, anonymous reporting? • Supporting information – point(s) of contact, publicity, company policies, … Network Security
Network Security Design • Assets + Threats + Risks Policies • Policies + Control measures (tools, procedures, etc.) Design Network Security
Elements of Network Security Design • Device security features Admin passwords, Secure Shell, … • Firewalls • VPN Client-server VPN, site-to-site VPN • IDS • AAA (Radius server) • Access control Access Control Lists, Committed Access Rate • And more … ? Network Security
Case Study • pp. 12-21 • Exercise A: Draw a network diagram to show the network security design of Biotech, Inc. • Exercise B: In Table 1-1, three criteria (confidentiality, integrity, and availability) are used in constructing the ‘critical asset risk rating’ table. Add two more criteria, origin integrity and non-repudiability, into the table, and assign risk ratings to the two new columns. Justify your answer. Network Security
Network Security Design:An Exercise • Refer to the paper “Design of Distributed Computer Security Lab”. Journal of Computing Sciences in Colleges. Volume 20, Issue 1. October 2004. http://sce.cl.uh.edu/yang/research/DCSL%20RMCCSC04.pdf • Task: The DCSL lab is currently located in Delta 140. A new Computer Security Lab (CSL) is to be added to Delta 158. The new lab will consist of 30 desktop computers, connected to a switch, through which a connection to the DCSL network is established. • Identify the assets. • Identify the threats. • Risk Analysis. • Devise security policies based on the requirements you have collected from the paper and from relevant personnel. • Draw a network security diagram to illustrate your design of the complete DCSL and CSL labs. Indicate what control measures are to be adopted to counter the threats. Network Security