240 likes | 281 Views
Security Management. IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong. Note:. Textbook now available in bookstore Essay due next week in tutorials Seminars one and two due next week in tutorials Lecture note powerpoint files can be accessed from
E N D
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong
Note: • Textbook now available in bookstore • Essay due next week in tutorials • Seminars one and two due next week in tutorials • Lecture note powerpoint files can be accessed from • http://www.uow.edu.au/~gene/2005/iact418/lectures/
Overview Security Management • Security management is the process of protecting sensitive information • Sensitive information is any data an organisations wants to secure • It may include • Payroll data • Customer accounts • Research and development schedules
Overview Security Management • Security management enables network engineers to protect sensitive data by • Limiting access to hosts and network devices • Notifying the engineer of actual breaches
Overview Security Management • It consists of • Identifying the sensitive information to be protected • Finding the access points • software services • Hardware components • Network media • Securing the access points • Maintaining the secure access points
Overview Security Management • Should NOT be confused with • Application security • Operating system security • Physical security
Benefits of the Security Management Process • Primary concern of users • Lack of security for sensitive information located on HOST • One solution • Remove network access to host • Whilst secure this method is not efficient and removes need for data network altogether • Drawbacks of NOT having security management • All users have access to ALL information • What happen if network connects to a public network • Virus and worm attacks
Accomplishing Security Management • Balance required between • Need to secure sensitive information • Needs of users to access information to do their job • Security Management involves the following four steps • Identify the sensitive information • Find the access points • Secure the access points • Maintain the secure access points
Identify the Sensitive Information • Determine which hosts on the network have sensitive information • Organisation may have polices on what is considered sensitive • Information may relate to • Accounting • Financial • Customer • Market • Engineering • Employees
Identify the Sensitive Information • What is defined as sensitive may vary depending on the specific environment • Most difficult part may be identifying WHERE the information resides
Find the Access Points • Once you know • What data is considered sensitive • Where the data is located • Need to find out how network users access the information • Access methods and points may be • Physical • Software
Find the Access Points • Software that accesses the network can potentially access any data on the network • Most networks allow for remote login • If remote login doesn’t • Identify users uniquely and • Limit their movements to authorised areas • This access point needs to be examined
Find the Access Points • File transfer programs • If users cannot be uniquely identified • Use needs to be examined or limited • Restrict access to onsite • DMZs • Firewall anonymous FTP
Find the Access Points • Other programs to examine may include • Email • Remote process execution • File and directory servers • Name servers • Web servers
Find the Access Points • Security management can be accomplished by • Hiding information from client systems • Segmenting network into regions • Apple zones • DMZ
Find the Access Points • Leaks may come from • Network analysers • Network management protocols • Network management system • Policies may include • Hosts with sensitive information may not also allow anonymous FTP • Personal computer software packages MUST meet security standards before installation
Secure the Access Points • Access points can be secured by • Using encryption at the data link layer • Secure traffic flow by using packet filters at the network layer • On every host use one or more of • Host authentication • User authentication • Key authentication
Maintain the Secure Access Points • Key to maintaining security is the location of actual or potential security breaches • May be done as part of the security audit • Hard to keep current with volume of networking software • May use a program itself to check for known security problems • May offer a cash prize to first to breach security • Generally offered by company who designed software/hardware
Attaching to a Public Network • Three types of access from a public data network to an organisations network • No access • Send and receive email • Modem used • Full access • Limited access • Small subset of hosts authorised to provide public access service • These hosts should be separated with firewall from private zone
Security Management on a Network Management System • Simple • Show where security measures have been set up • Show all security measures applicable to device or host • Query configuration database
Security Management on a Network Management System • More Complex • Include real time application to monitor access points • Query number of breaches using network management tool • Produce reports on breaches • Automatic notification • Advanced • Use data to guide network engineers • Examine types of security required • Alerts for repercussions
Reporting Security Events • Audit trails that summarise and report on security • Example • Key personnel leaving to go to competition • Remove physical access to network • Remove accounts, change passwords etc • Set up, or confirm, audit trails on device former employee had access to • Look for files application employee may have altered to gain future access
Note: • Textbook now available in bookstore • Essay due next week in tutorials • Seminars one and two due next week in tutorials • Lecture note powerpoint files can be accessed from • http://www.uow.edu.au/~gene/2005/iact418/lectures/