Download presentation
Presentation is loading. Please wait.
Published byElwin Stevens Modified over 8 years ago
1
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management
2
© ITT Educational Services, Inc. All rights reserved.Page 2 IS3220 Information Technology Infrastructure Security Class Agenda 1 2/25/16 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times as per School Regulations. Note: Submit all Assignment and labs due today Final Project is due in the next class Final Exam will be held in the next class.
3
© ITT Educational Services, Inc. All rights reserved.Page 3 IS3220 Information Technology Infrastructure Security Class Agenda 2 Theory: 6:00pm -8:00pm Lab: 8:15pm to 11:00pm Chapter 6 and 15 Other Materials: NIST SP 800-61: Computer Security Incident Handling Guide http://www.nist.gov/customcf/get_pdf.cfm?p ub_id=51289 http://www.nist.gov/customcf/get_pdf.cfm?p ub_id=51289
4
© ITT Educational Services, Inc. All rights reserved.Page 4 IS3220 Information Technology Infrastructure Security Learning Objective and Key Concepts Learning Objectives Identify network security management best practices and strategies for responding when security measures fail Key Concepts Best practices for network security management Strategies for integrating network security strategies with firewall defenses and VPN remote access Value of incident response planning, testing and practice
5
© ITT Educational Services, Inc. All rights reserved.Page 5 IS3220 Information Technology Infrastructure Security Best Practices: Strategy Create written plans Security policy Incident Response Plan Business Continuity Plan (BCP) Disaster Recovery Plan (DRP) Security checklists Perform regular maintenance Back up regularly and test restores frequently Monitor and review collected log files frequently Constantly identify the weakest architectural link
6
© ITT Educational Services, Inc. All rights reserved.Page 6 IS3220 Information Technology Infrastructure Security Best Practices: Strategy (cont.) Perform diligent testing of new systems before deploying in production Implement the principle of least privilege Deploy layered defenses
7
© ITT Educational Services, Inc. All rights reserved.Page 7 IS3220 Information Technology Infrastructure Security Best Practices: Devices Maintain physical security over users and equipment Install and maintain virus and malware protection at all layers in the environment Harden both internal and perimeter devices Develop and follow a patch management strategy Enforce hard drive or file encryption
8
© ITT Educational Services, Inc. All rights reserved.Page 8 IS3220 Information Technology Infrastructure Security Best Practices: Connectivity Restrict Internet connections to required activity Limit remote access to required connectivity Encrypt all internal network traffic Require multi-factor authentication Use default deny over default permit as possible
9
© ITT Educational Services, Inc. All rights reserved.Page 9 IS3220 Information Technology Infrastructure Security User Training Q: What is user training? A: Educational information presented through various mechanisms that clearly defines security policies, their boundaries and imposed limitations Q: Why is user training important? A: Training drives user accountability, understanding, and acceptance of obligatory security policies It is imperative that regular renewal of security awareness training occurs
10
© ITT Educational Services, Inc. All rights reserved.Page 10 IS3220 Information Technology Infrastructure Security Security Awareness Defines, informs, explains, and teaches users the principles and importance of security Every user in an organization has a part to play in upholding company security Awareness and education may be tailored to job specific or role specific content Policies and procedures are driven by people Without mechanisms to aid users in secure network use, much of the work put into implementing best practices for network security may become disreputable
11
© ITT Educational Services, Inc. All rights reserved.Page 11 IS3220 Information Technology Infrastructure Security Network Security Assessments Q: What is a network security assessment? A: The process of judging, testing, and evaluating a deployed security solution
12
© ITT Educational Services, Inc. All rights reserved.Page 12 IS3220 Information Technology Infrastructure Security Conducting Network Security Assessments Perform a risk assessment Execute the security assessment: 1. Perform configuration scanning 2. Perform vulnerability scanning 3. Execute penetration testing Perform a post-mortem assessment review
13
© ITT Educational Services, Inc. All rights reserved.Page 13 IS3220 Information Technology Infrastructure Security Security Information and Event Monitoring (SIEM) A SIEM is a tool that allows for automation of log and event centralization and analysis Functions of a SIEM Log centralization Log management Log monitoring Purposes of a SIEM Incident detection Incident response and alerting
14
© ITT Educational Services, Inc. All rights reserved.Page 14 IS3220 Information Technology Infrastructure Security Commonly Available SIEM Tools enVision Qradar Eventia Security Manager nDepth Student should check this tools online.
15
© ITT Educational Services, Inc. All rights reserved.Page 15 IS3220 Information Technology Infrastructure Security Commonly Available Network Monitoring Tools (Open Source) Nagios – network management and monitoring SmokePing –monitors network latency Can visualize the entire network GroundWork – highly scalable network management and monitoring Ganglia – geared toward clusters and grids Cacti Ntop
16
© ITT Educational Services, Inc. All rights reserved.Page 16 IS3220 Information Technology Infrastructure Security Commonly Available Network Monitoring Tools (Commercial) WhatsUp Gold Proactive monitoring and management tool Iris Network traffic monitoring and analysis tool
17
© ITT Educational Services, Inc. All rights reserved.Page 17 IS3220 Information Technology Infrastructure Security Considerations for the Future State of Firewalls and VPNs as Part of Network Security Strategies Threats Firewall capabilities Encryption Authentication Metrics Industry focus Cloud security Mobile device security IPv6 support
18
© ITT Educational Services, Inc. All rights reserved.Page 18 IS3220 Information Technology Infrastructure Security Integration of Firewalls and VPNs into Network Security Strategies Functions Enhanced threat management Authentication Encryption Value Add Confidentiality Integrity Availability
19
© ITT Educational Services, Inc. All rights reserved.Page 19 IS3220 Information Technology Infrastructure Security Assignment and Lab Discussion 10.1 Incident Response Strategies Lab 10.2 in lab manual. See Vlab Assignment 10.3 Postincident Executive Summary Report
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.