Download presentation
Presentation is loading. Please wait.
2
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS
3
S ECURITY : DESIGN Factors -Affordances (E-Commerce) -Remote-Access Services -Business partners Top-Down Approach -Customer development
4
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
5
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
6
Identify network assets Network Hosts OS Applications Data Internetworking Devices Routers Switches Network Data Other Trade Secrets Company Reputation
7
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
8
Analyze security risks E XPERT I NTRUDERS ANDE ND U SERS
9
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
10
Analyze security requirements and tradeoffs Affordability Usability Performance Availability Manageability Tradeoffs Packet Filters/Data Encryption
11
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
12
Develop a security plan Resources (time/people) How will users/managers be involved? Is there a need for specialized Administrators? Will you be training on Security Policies and Procedures?
13
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
14
Define a security policy According to RFC 2196, "Site Security Handbook:" “A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide.” Personnel Components Access Accountability Authentication Computer-technology guidelines
15
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
16
Develop procedures for applying security policies There’s been an attack… OMG!!!!! Separate Procedures Users Network Admin Security Admin Training?
17
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
18
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
19
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
20
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
21
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
22
S ECURITY : DESIGN Identify network assets. Analyze security risks. Analyze security requirements and tradeoffs. Develop a security plan. Define a security policy. Develop procedures for applying security policies. Develop a technical implementation strategy. Achieve buy-in from users, managers, and technical staff. Train users, managers, and technical staff. Implement the technical strategy and security procedures. Test the security and update it if any problems are found. Maintain security.
23
Maintain security Reading Logs Responding to incidents Staying current with security standards (hardware/software) Updating the plan and policy
24
S ECURITY : M ECHANISMS Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention
25
S ECURITY : M ECHANISMS Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Equipment Natural Disasters
26
S ECURITY : M ECHANISMS Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Something the user knows Something the user has Something the user is
27
S ECURITY : M ECHANISMS Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Privileges
28
S ECURITY : M ECHANISMS Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Logging tasks
29
S ECURITY : M ECHANISMS Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Yeah yeah yeah…
30
S ECURITY : M ECHANISMS Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Uses Authentication and Authorization methods
31
S ECURITY : M ECHANISMS Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention Enforce Enterprise to Internet
32
S ECURITY : M ECHANISMS Physical Security Authentication Authorization Accounting/Auditing Data Encryption Packet Filters Firewalls Intrusion Detection Intrusion Prevention (IDS) Notification (IPS) Traffic Blocker
33
S WEET A CTING
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.