Designing Security Services © 2004 Cisco Systems, Inc. All rights reserved. Evaluating Network Security Policies ARCH v1.26-1.

Презентация:



Advertisements
Похожие презентации
Designing Security Services © 2004 Cisco Systems, Inc. All rights reserved. Implementing Network Security Using the SAFE Security Blueprints ARCH v
Advertisements

© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Security Design Review Define the security requirements. Define the security policy. Integrate.
© 2000, Cisco Systems, Inc. CSPFF Chapter 1 Network Security and the Cisco Secure PIX Firewall.
Designing Network Management Services © 2004 Cisco Systems, Inc. All rights reserved. Designing the Network Management Architecture ARCH v
© 2004 Cisco Systems, Inc. All rights reserved. IPTX v Module Summary Quality of Service (QoS) is the ability of the network to provide better or.
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Module Summary Maintaining a high level of network security requires a continuous effort.
Introducing Cisco Network Service Architectures © 2004 Cisco Systems, Inc. All rights reserved. Introducing the Enterprise Composite Network Model ARCH.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Module Summary The Cisco Discovery Protocol is an information-gathering tool used by network.
© 2006 Cisco Systems, Inc. All rights reserved.ISCW v IPsec VPNs Implementing the Cisco VPN Client.
© 2006 Cisco Systems, Inc. All rights reserved. SND v Introduction to Network Security Policies Developing a Comprehensive Security Policy.
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Structuring and Modularizing the Network Designing the Network Hierarchy.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Managing Your Network Environment Managing Cisco Devices.
Designing Enterprise Edge Connectivity © 2004 Cisco Systems, Inc. All rights reserved. Reviewing the Enterprise Edge Network Design Methodology ARCH v
© 2006 Cisco Systems, Inc. All rights reserved. HIPS v Using CSA Analysis Configuring Application Behavior Investigation.
© 2001, Cisco Systems, Inc. CSIDS Chapter 2 Introduction to Network Security.
© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Module Summary An effective enterprise network management strategy is critical to guarantee.
Designing Enterprise Campus Networks © 2004 Cisco Systems, Inc. All rights reserved. Reviewing the Enterprise Network Design Methodology ARCH v
© 2006 Cisco Systems, Inc. All rights reserved.SND v Module Summary Routers play an important role in ensuring that network perimeters are secure;
© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Introduction to VoIP Considering Security Implications of VoIP Networks.
Designing IP Telephony Solutions © 2004 Cisco Systems, Inc. All rights reserved. Reviewing the Cisco IP Telephony Solution ARCH v
Транксрипт:

Designing Security Services © 2004 Cisco Systems, Inc. All rights reserved. Evaluating Network Security Policies ARCH v1.26-1

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Threat Capabilities

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Network Vulnerabilities

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Security Policy: Defines Network Design Requirements Definition: What data and assets are to be covered by the policy? Identity: How do you identify the users affected by the policy? Trust: Under what conditions is a user allowed to perform an action? Enforceability: How will the policys implementation be verified? Risk assessment: What is the impact of a policy violation? How are violations detected? Incident response: What actions are required upon a violation of the security policy?

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Security Policy Coverage Acceptable-use policy Identification and authentication policy Internet-use policy Campus-access policy Remote-access policy

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Network Security Is a Continuous Process Network security is a continuous process built around a security policy.

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Risk Assessment and Management Assign a risk level to each network resource: Low risk Medium risk High risk Identify the internal and external users of each system: Administrators Privileged users Users Partners Others

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Example: Risk Assessment Matrix SystemDescriptionRisk LevelTypes of Users Network switches Core network device High Administrators All others for use as a transport Network routers Edge network device High Administrators All others for use as a transport Closet switches Access network device Medium Administrators All others for use as a transport ISDN or dial-up servers Access network device Medium Administrators Partners and privileged users for special access Firewall Access network device High Administrators All others for use as a transport DNS and DHCP servers Network applications Medium Administrators General and privileged users for use Internal serverNetwork applicationMedium Administrators All other internal users for use Oracle databaseNetwork application Medium or High Administrators Privileged users for data updates General users for data access All others for partial data access

© 2004 Cisco Systems, Inc. All rights reserved. ARCH v Summary Networks are vulnerable to a variety of threats that can be classified as loss of privacy, data theft, impersonation, and loss of integrity. Network security efforts are based on a security policy. The policy should contain information about what is being protected, how users are identified and trusted, how the policy is to be enforced, the consequences of a violation, and the response to a violation. The ongoing steps of a security policy include securing the network, monitoring network security, testing security, and improving security. A risk assessment identifies risks to your network, network resources, and data. The risk assessment helps determine the validity of a network security implementation and should be performed periodically.