Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 2: Designing Network Security

Similar presentations


Presentation on theme: "Module 2: Designing Network Security"— Presentation transcript:

1 Module 2: Designing Network Security
Course 6435A Module 2: Designing Network Security Presentation: 90 minutes Lab: 55 minutes Module 2: Designing Network Security This module helps students to implement content streaming. After completing this module, students will be able to: Describe a network security design Create a network security plan Identify threats to network security Overview of the Defense-in-Depth model Required materials To teach this module, you need the Microsoft® Office PowerPoint® file 6435A_02.ppt. Important It is recommended that you use PowerPoint 2002 or a later version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides might not be displayed correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Complete the practices. This section contains information that will help you to teach this module. For some topics in this module, references to additional information appear in notes at the end of the topics. Read the additional information so that you can prepare to teach the module. During class, ensure that students are aware of the additional information.

2 Module 2: Designing Network Security
Course 6435A Module Overview Module 2: Designing Network Security Overview of Network Security Design Creating a Network Security Plan Identifying Threats to Network Security Analyzing Risks to Network Security Defense-in-Depth Model Overview There are many aspects to a network security design. One important aspect is using a consistent process for monitoring and maintaining security. The STRIDE and Defense-in-Depth models provide consistent frameworks for identifying network threats. After you have used the models to identify risks, you can analyze them to determine how you will mitigate those risks.

3 Lesson 1: Overview of Network Security Design
Course 6435A Lesson 1: Overview of Network Security Design Module 2: Designing Network Security Key Principles of Network Security Security Design and Implementation Components of Network Security Network Security Design Process Many organizations underestimate the value of their information technology (IT) environment, often because they exclude substantial indirect costs. If there is a severe attack on the servers in the IT environment, it could significantly damage the entire organization. For example, an attack in which your organization’s Web site is brought down could cause a major loss of revenue or customer confidence, which could affect your organization’s profitability. An effective security design helps an organization to protect its assets.

4 Key Principles of Network Security
Course 6435A Key Principles of Network Security Module 2: Designing Network Security Principle Definition Defense-in-Depth Provides multiple layers of protection Least privilege Grants the least amount of permission necessary to perform required tasks Minimized attack surface Reduces the number of vulnerable points on the network For any network, users must have access to resources and the network requires a secure shared IT infrastructure. To attain these goals, three principles can be applied: • Defense in depth refers to a combination of people, operations, and security technologies. Defense in depth provides multiple layers of protection to a network by defending against threats at multiple points in the network. • Least privilege refers to granting a user, resource, or application the least amount of privilege or permissions necessary to perform the required task. Granting excessive permissions can introduce numerous vulnerabilities that attackers can easily exploit. • A minimized attack surface reduces the number of possible points of entry for an attacker by removing unnecessary software, services, and devices.

5 Security Design and Implementation
Course 6435A Security Design and Implementation Module 2: Designing Network Security Security Design Ensures that a logical and carefully planned strategy is used for securing organization’s assets Ensures that security is applied throughout the organization in a controlled and logical manner Creates policies and procedures for security Security design ensures that an organization has a logical and carefully planned strategy for securing its assets. For example, not all assets are of equal value. In some cases, the cost of protecting an asset may exceed the value of the asset. Security design balances these and other considerations to ensure that security is applied throughout the organization in a controlled and logical manner. Security implementation applies the policies and procedures that you created during the design and ensures that they are deployed consistently throughout the organization. For example, security implementation ensures that individual computers receive the appropriate security templates and that computers are correctly configured to achieve the level of security that a specific security policy requires. Security Implementation Applies the policies and procedures created during the design to the organization’s assets Ensures that policies and procedures are deployed consistently throughout the organization

6 Components of Network Security
Course 6435A Components of Network Security Module 2: Designing Network Security Physical security Hosts Accounts and services Authentication Data Data transmission Perimeter networks Consider these components when securing a network: Physical security - Poorly secured buildings, data links, theft of hardware Hosts - Attacks during initial installation, incorrectly configured baseline security Accounts – Incorrect privileges, misuse of administrator accounts, weak passwords Authentication - Interception of passwords, incompatibility with software, weak encryption Data - Configuration of permissions, failure of hardware, corruption of data Data Transmission - Attackers monitoring network, address spoofing, data modification, denial of service Perimeter networks - Exposure of network information, lack of control over infrastructure, exposure of computers to attack

7 Network Security Design Process
Course 6435A Network Security Design Process Module 2: Designing Network Security Detect occurrences of security violations and respond to them Detecting and reacting Review the security policies and modify them as necessary Managing and reviewing Analyze and prioritize risks based on likelihood of occurrence and cost Performing risk management Create policies and procedures to mitigate the selected risks Designing security measures Task Phase Predict attacks to assets Performing threat modelling Include diverse membership to ensure success Creating a security design team The stages in the network security design process are: • Create a security design team. Ensure that your design is the product of various perspectives so that all vulnerabilities and threats may be discovered. As well, wide consultation encourages acceptance of the finished plan. • Perform threat modeling. This predicts threats to a given asset or resource. Knowing the threats that affect an asset helps you to design countermeasures to protect the asset. • Perform risk management. This analyzes the likelihood of a threat occurring and the potential damage that a threat may cause. Risk management is a valuable tool that can help you to convince management that security measures are necessary to adequately defend a resource against a threat. • Design security measures for your network elements. Create appropriate policies and procedures to protect your network based on the threat modeling and risk management that has been performed. Detect and react. Identify ways to detect intrusions and respond to security incidents in a controlled manner. Early detection of an attack is vital to limiting the damage that the attack may cause. Careful and thoughtful response can make recovery easier and can also prevent mistakes that may make the situation worse. • Manage and review network security on a continual basis. Create, implement, and review policies for acceptable use, network management, and the secure operation of a network.

8 Lesson 2: Creating a Network Security Plan
Course 6435A Lesson 2: Creating a Network Security Plan Module 2: Designing Network Security Security Policies and Procedures Guidelines for Creating Policies and Procedures Guidelines for Creating a Security Design Team A network security plan includes policies and procedures that need to be followed by users and administrators. You should follow guidelines to ensure that the risk of policy failure is minimized. You should also follow guidelines when creating a security design team.

9 Security Policies and Procedures
Course 6435A Security Policies and Procedures Module 2: Designing Network Security Security policies describe what must be implemented to secure a network Security policies are individual policies and guidelines that you create to govern the secure and appropriate use of technology and processes in your organization. • Administrative policies are enforced by management. These policies cannot be enforced by operating systems, applications, or physical controls. An example is a nondisclosure agreement. • Technical policies are enforced by operating systems and applications such as security templates. • Physical policies. Policies that are enforced by implementing physical controls such as locks. Security procedures describe how to comply with security policies. These should include the detailed steps necessary implement the security policies. Administrative policies are enforced by management Technical policies are enforced by operating systems and applications Physical policies are enforced by physical controls such as locks Security procedures provide detailed steps that describe how to implement policies

10 Guidelines for Creating Policies and Procedures
Course 6435A Guidelines for Creating Policies and Procedures Module 2: Designing Network Security Guidelines include: Write clear and concise policies ü Provide examples of how each of the guidelines can be accomplished, based on your experience. Guidelines for creating policies and procedures include: • Ensure that your security policies serve a clear purpose and are written concisely. • Write simple procedures and policies that demonstrate how to successfully comply with the policies. • Obtain management support for the purpose, implementation, and enforcement of security policies. • Distribute your security policies so that employees can refer to them easily. For example, give paper copies of policies to employees or post the policies to convenient internal Web sites, and update the policies regularly. • Before implementing security policies, ensure that they do not disrupt business processes. • Using technology to enforce security policies helps to prevent employees from unwittingly violating security policies. However, remember that technology is not the only method of enforcement. Ensure that the consequences of violating security policy are consistent with the severity of the violation and with the culture of your organization. Ensure that managers are empowered to enforce the consequences of violating security policy. Write simple procedures ü Obtain management support ü Make policies and procedures easily accessible ü Ensure no disruption to business processes ü Implement technology where possible ü Ensure that consequences are consistent for policy violation ü

11 Guidelines for Creating a Security Design Team
Course 6435A Guidelines for Creating a Security Design Team Module 2: Designing Network Security Guidelines include: Have a single executive sponsor ü Explain why each of these guidelines is important, based on your experience. Guidelines for creating a security design team include: • An executive sponsor who can make decisions gives authority to your design and helps to keep team members focused on the project. • Coordinating team members from various parts of your organization is a difficult task. Ensure that you use a program manager who is experienced with personnel and with your corporate culture. • Teams that will deploy and manage network security are essential to the success of your design after you have finished it. Involving them in the planning process promotes successful implementation. • Legal and human resources departments can ensure that your design is legal and ethical. • Involving representatives of managers and end users in the design will help to ensure that all managers and end users follow your policies. • Ensure that all members of the security design team understand their responsibilities and the goals of all other roles. • Communicate regularly and clearly to your organization so that people know whom to expect communication from and have time to prepare for your design. Various communication tasks should be planned and assigned to specific team members. Involve an experienced project manager ü Involve teams that deploy and manage security ü Involve legal and human resources personnel ü Involve managers and end-users ü Provide clear roles and responsibilities for all members ü Communicate regularly and clearly ü

12 Lesson 3: Identifying Threats to Network Security
Course 6435A Lesson 3: Identifying Threats to Network Security Module 2: Designing Network Security Reasons for Network Attacks Stages of Network Attacks Types of Network Attacks Common Network Vulnerabilities STRIDE Threat Model Overview Guidelines for Modeling Network Threats Countering Network Threats When you incorporate security in your network it helps to understand how attackers think. By thinking like an attacker and being aware of security threats you can be more effective when applying countermeasures. The STRIDE model is one model that helps you to predict network threats.

13 Stages of Network Attacks
Course 6435A Stages of Network Attacks Module 2: Designing Network Security Deny Service Survey and Assess Exploit and Penetrate Maintain Access Escalate Privileges 1 2 3 4 5 By understanding the basic approach used by attackers to target your network, you are better equipped to take defensive measures. The first step that an attacker usually takes is to survey the potential target to identify and assess its characteristics. These characteristics may include its supported services and protocols together with potential vulnerabilities and entry points. 2. After surveying a potential target, the next step is to exploit and penetrate. Attackers will look for known vulnerabilities based on the list of network resources they have gathered during survey and assessment. 3. After compromising a network, attackers immediately attempt to escalate privileges by accessing administrative and system accounts. Using least privileged service accounts throughout your network is a primary defense against privilege escalation attacks. 4. After gaining access to a system, attackers take steps to make future access easier, such as planting back-door programs, using an existing account that lacks strong protection or creating a new account. Then attackers cover their tracks by clearing logs and hiding tools. 5. Attackers who cannot gain access may mount a denial of service attack to prevent others from using the services on your network. For other attackers, the denial of service option is their goal from the outset.

14 Types of Network Attacks
Course 6435A Types of Network Attacks Module 2: Designing Network Security Types of attack Characteristics Eavesdropping An attacker intercepts your communications Data modification An attacker alters your data packets Identity spoofing An attacker falsifies a source IP address Password based An attacker uses a valid account Denial of service An attacker prevents access to your computer or network Man in the middle An attacker monitors, captures, and controls communication Compromised key An attacker obtains a key used for securing communication Application layer An attacker targets an application by deliberately causing an error Some types of network attacks are: • Eavesdropping is performed by using a network sniffer to capture network communication. All clear text data is at risk. However packet sniffing is relatively difficult on a switched network. • Data modification can be performed after data has been captures with a network sniffer. Most network sniffers support modifying packets and replaying them. • Identify spoofing can be used fool some firewalls into thinking communication is coming from an internal source rather than an external source by falsifying the source IP address. • Password-based attacks rely on users with simple passwords. After guessing the password of a user, attackers can view network resource that can be accessed by that user. • Denial of service attacks prevents normal users from accessing network services. Most denial service attacks are possible due to software flaws that are exploited. Man-in-the-middle attacks require a computer to monitor and potentially modify network communication between two hosts. This is relatively difficult to implement. • A compromised key occurs when a key used for encryption is known to anyone other than legitimate parties to communication. Knowledge of the key allows unauthorized parties to view the contents of encrypted communication. This also includes unauthorized knowledge of private keys for certificates used during authentication. • Application layer attacks cause faults in an operating system or application to bypass normal access controls. A common application layer attack is a buffer overflow.

15 Common Network Vulnerabilities
Course 6435A Common Network Vulnerabilities Module 2: Designing Network Security User rights should be restricted to the minimum requirements to perform necessary tasks User rights Any service or application may have flaws, making the computer vulnerable to attacks Services Description Vulnerability If auditing is not enabled, you cannot report an attack that has occurred Audit settings Password is either too simple or shared among users Account passwords Provide some specific examples of network vulnerabilities and how they can be mitigated. You can mention WSUS as a way to minimize attacks on software and services. Most successful attacks on networks succeed by exploiting common and well known vulnerabilities or weaknesses. These can be organized into the following general categories: • Weak passwords and authentication systems allow attackers to gain access to your system by using brute force password attacks. You can increase security by requiring complex passwords or introducing two factor authentication such as smart cards. However, increased security for passwords must be balances with ease of use. • Audit logs can be used to monitor which users accessed network resources and when. If audit logs are not enabled, or are not configured to collect the appropriate information, then it may be impossible to detect attackers accessing your network. • The rights and permissions granted to any users should be the minimum required to perform their job. Then if an account is compromised by an attacker, the damage they can cause is minimized. This is also true for service accounts. • Any service or application is a potential point of attack. To minimize the risk of applications and services being attacked, all unnecessary applications and services should be removed. As well, you should regularly apply security updates for your applications and services.

16 STRIDE Threat Model Overview
Course 6435A STRIDE Threat Model Overview Module 2: Designing Network Security Spoofing Attempts to gain access to a system by using a false identity Tampering Unauthorized modification of data Threats faced by the network can be categorized based on the purposes of the attacks. A working knowledge of these threat categories can help you to organize a security strategy so that you have planned responses to threats. A threat model is a structured approach to predicting potential threats to information security. By discovering potential threats while performing threat modeling, you can create an accurate risk management plan. By predicting threats, you can proactively reduce your risk. Repudiation Ability of users to deny that they performed specific actions or transactions Information disclosure Unwanted exposure of private data Denial of service The process of making a system or application unavailable Elevation of privilege Users assume more privileges than the limited privileges granted to them

17 Guidelines for Modeling Network Threats
Course 6435A Guidelines for Modeling Network Threats Module 2: Designing Network Security Use the following guidelines when modeling threats to your network: ü Encourage creative thinking among team members Explain why each of the guidelines is important. For example, if you have implemented virtualization, that is another software layer that may be vulnerable, and if the host operating system is compromised, then all guest operating systems are affected as well. The following guidelines will assist you when modeling threats to your network: • Encourage creative thinking among team members. Some suggestions, however unrealistic, may prompt others to discover additional valid threats. • Ensure that team members have all the information that they require, such as network diagrams or application source code. • Manage discussions about the validity of a threat to focus on threats to the network and to avoid disagreements about minor differences of opinion. • When assembling your team, consider including a trusted third party who specializes in network penetration testing. The third party will have skills that are likely not available internally, and will bring a different perspective. • Use caution when including team members who may have conflicts of interest. For example, a developer who wrote the code in the application being assessed, or a manager who funded the project to create the application may overestimate the ability of the application to withstand an attack, or may be too familiar with it to be objective about its assessment. Ensure that you have all the information Manage discussions about the validity of a threat Include specialized network penetration testers Apply caution when it involves conflict of interests Consider technology-specific threats ü

18 Countering Network Threats
Course 6435A Countering Network Threats Module 2: Designing Network Security Use data hashing and signing Use digital signatures and strong authorization Tampering Use digital signatures Repudiation Use strong authorization and encryption Information disclosure Use resource and bandwidth throttling techniques Denial of service Follow the principle of least privilege for all resource requests Elevation of privilege Use strong authentication Do not pass credentials in plain text over the wire Spoofing Examples of counter measures Threat category Each threat category described by STRIDE has a corresponding set of countermeasure techniques that should be used to reduce risk. The appropriate countermeasure depends upon the specific attack. Spoofing - Protect authentication credentials by using SSL. Do not store personal information in plaintext Tampering - Use tamper-resistant protocols across communication links. Protect communication links by using protocols that provide message integrity Repudiation - Create secure audit trails Information disclosure - Protect communication links by using protocols that provide message confidentiality. Do not store secrets, such as passwords, in plaintext Denial of service - Validate and filter inputs Elevation of privilege - Use least privileged service accounts to run processes and access resources

19 Lesson 4: Analyzing Network Security Risks
Course 6435A Lesson 4: Analyzing Network Security Risks Module 2: Designing Network Security Risk Assessment Network Assets at Risk Calculating Risk Impact Microsoft Operations Framework (MOF) Risk Management Process Overview Risk analysis is the act of examining the relative value of your assets and then allocating your security resources based on the likelihood of the risk occurring and the value of the asset. Risk analysis helps you to prioritize your efforts and spending to secure your network.

20 Module 2: Designing Network Security
Course 6435A Risk Assessment Module 2: Designing Network Security Prioritize security risks Determine the appropriate level of security Justify costs Create metrics Document all potential security issues Avoid overlooking critical network security issues Describe to students each of the reasons for risk assessment. The overall purpose of risk assessment is to secure the network and reduce the overall costs. Risk assessment helps to ensure that your security plan is rational and that you apply your resources to maximize results. By assessing risks and creating a risk management plan, you can: • You can rank security risks to your organization relative to other risks. This helps your organization to determine how to allocate resources to secure the network. • You can discover the point at which incremental improvements to security become inefficient and costly. • You can use a quantitative risk analysis to justify the expense of security personnel, hardware, and software. • Risk assessment requires a comprehensive list of threats to your network and their potential impacts. This is necessary to properly allocate resources for network security. • An organized process of risk assessment ensures that all important threats are identified. An organization that chooses to respond to security threats randomly may overlook critical security issues on its network. • Risk assessment creates metrics that help you to judge the success of your security plan. You can also use metrics to prepare compensation plans for executives and security personnel.

21 Module 2: Designing Network Security
Course 6435A Network Assets at Risk Module 2: Designing Network Security Asset Example Hardware Desktop and portable computers Routers and switches Backup media Software Software installation CDs Operating system images Custom software code Virtualized servers Documentation Security policies and procedures Network diagrams and building plans Data Trade secrets Employee information Customer information Explain to students that goodwill can also be considered an asset. Goodwill is lost when a data loss is publicly exposed. When assessing risk, you must start with a comprehensive list of assets that may be attacked. You can then analyze the various risks for each asset. Some categories of risk are hardware, software, documentation, and data. A large part of the role of security is protecting public confidence and the trust of business partners. This is known as goodwill. For example, suppose an attacker has defaced your organization’s Web site. You notify customers that the attacker has stolen the private information of the Web site’s users, including their addresses and credit card numbers. In addition to incurring direct financial losses from lost business, your organization also suffers a loss of goodwill because the company’s image is tarnished.

22 Calculating Risk Impact
Course 6435A Calculating Risk Impact Module 2: Designing Network Security Impact of a risk is based on: The probability of the occurrence of the risk Direct costs such as lost orders during an outage Indirect costs such as loss of goodwill and loss of prospective customers Mention to students that it can be difficult to calculate the probability and indirect costs of a particular risk. A qualitative approach can also be used where the costs are assigned a ranking compared to other risks rather than a dollar value. The impact of any given risk is based on the probability of the risk occurring and the costs associated with that risk occurring. The costs can be direct such as staff time to perform a recovery or lost orders during an outage. The costs can also be indirect such as loss of good will and prospective customers. The overall impact of a risk is calculated as: • Risk impact = probability of occurrence x (direct costs + indirect costs) In most cases, there is not exact method for calculating costs or the probability of occurrence. These values must be estimated as accurately as possible. In some cases, due to a lack of data, organizations prefer a qualitative approach that assigns a ranking to various risks rather than a dollar value. Example: A Web server, which is vulnerable to one hour of denial-of-service attack, has 1% probability of the occurrence of the risk over the next year. The direct cost of lost orders in that hour is $50,000. The indirect cost involved in loss of customer confidence is $200,000. Risk impact = .01 x ($50,000 + $200,000) = $2,500

23 Microsoft Operations Framework (MOF) Risk Management Process
Course 6435A Microsoft Operations Framework (MOF) Risk Management Process Module 2: Designing Network Security Stage Description Identifying risks Identify risks including the cause and consequence Analyzing and prioritizing risks Determine the impact of a risk by using probability of occurrence and cost Planning and scheduling risk actions Determine how risks can be mitigated based on the cost of mitigation and impact of the risks Tracking and reporting risk Gather information about how risks are changing Controlling risk Implement appropriate risk actions as risks change Learning from risk Use risk review meetings and a risk knowledge base to capture information about successful and unsuccessful risk actions Describe each stage in the risk management process and provide examples based on your experience. Most IT organizations attempt to reduce risk by restricting change. This is an effective way to reduce risk, but it also restricts the ability of organizations to respond to changes in their environment and take advantage of opportunities. The MOF risk management process provides a way to manage risks instead of simply attempting to avoid them all. The stages of the risk management process are: • Identify risks as early as possible and frequently to ensure that all risks are known and can be managed appropriately. • Analyze and prioritize risks by using a consistent process to rank or value the known risks. • Plan and schedule how to mitigate risks based on the rankings or values produces by risk analysis. • Track and report specific risks and their occurrence to ensure that your estimates of cost and probability of occurrence are accurate. • Control risks by implementing plans for risk mitigation. This also includes initiating change control requests when changes in risk status affect SLA agreements or service availability. • Learn from risks by formally documenting risk occurrences and other knowledge related to the risk management process. This is essential in the future when refining risk management plans.

24 Lesson 5: Defense-in-Depth Model Overview
Course 6435A Lesson 5: Defense-in-Depth Model Overview Module 2: Designing Network Security Layers of the Defense-in-Depth Model Using Defense-in-Depth to Identify Risks Using Defense-in-Depth to Mitigate Risks The Defense-in-Depth model is a layered approach for analyzing network security. It can be used to both identify risks and methods for mitigating those risks. The layered approach allows you to see how mitigation methods can be combined for greater security.

25 Using Defense-in-Depth to Identify Risks
Course 6435A Using Defense-in-Depth to Identify Risks Module 2: Designing Network Security Layer Example Risks Data Unauthorized viewing, or changing of data Application Loss of application functionality Host Operating system weakness Internal network Packet sniffing and unauthorized use of wireless networks Perimeter Attacks from anonymous Internet users Physical security A user with direct physical access to a computer can modify it or access data Polices, procedures, and awareness Users and IT staff not following policies due to lack of understanding Include other risks based on your experience. The Defense-in-Depth model can be used to identify network risks. For each layer in the Defense-in-Depth model, you can generate a list of assets and risks that can be used for risk analysis.

26 Using Defense-in-Depth to Mitigate Risks
Course 6435A Using Defense-in-Depth to Mitigate Risks Module 2: Designing Network Security Layer Mitigation Examples Data Access Control List (ACL) encryption, Encrypting File System (EFS), and Digital Rights Management (DRM) Application Application hardening and antivirus software Host Operating system hardening, authentication, update management, and Network Access Protection Internal network Network segmentation, IPsec, and intrusion detection Perimeter Firewalls and VPNs Physical security Locks and tracking devices Polices, procedures, and awareness User education Include other mitigation examples based on your experience. Be sure to highlight NAP and mention that it is covered later in this course. In addition to identifying risks, the Defense-in-Depth model can also be used to identify methods for mitigating risks. The costs associated with these risk mitigation methods can then be used as part of risk analysis.


Download ppt "Module 2: Designing Network Security"

Similar presentations


Ads by Google