© 2006 Cisco Systems, Inc. All rights reserved. SND v2.01-1 Introduction to Network Security Policies Designing a Secure Network Life-Cycle Model.

Презентация:



Advertisements
Похожие презентации
© 2005 Cisco Systems, Inc. All rights reserved.SND v Module Summary Applying an effective security policy is the most important step that an organization.
Advertisements

Designing Security Services © 2004 Cisco Systems, Inc. All rights reserved. Evaluating Network Security Policies ARCH v
Introducing Cisco Network Service Architectures © 2004 Cisco Systems, Inc. All rights reserved. Introducing the Cisco AVVID Framework ARCH v
© 2006 Cisco Systems, Inc. All rights reserved. BCMSN v Introducing Campus Networks Network Requirements.
© 2005 Cisco Systems, Inc. All rights reserved.INTRO v Managing Your Network Environment Managing Cisco Devices.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing VPNs.
Introducing Cisco Network Service Architectures © 2004 Cisco Systems, Inc. All rights reserved. Introducing the Network Design Methodology ARCH v
Copyright 2003 CCNA 4 Chapter 22 Developing Network Security and Network Management Strategies By Your Name.
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Security Design Review Define the security requirements. Define the security policy. Integrate.
Lesson 15 Steps to Success for Cisco Network Security and VPN Solutions © 2005 Cisco Systems, Inc. All rights reserved. CSI v
Designing Security Services © 2004 Cisco Systems, Inc. All rights reserved. Implementing Network Security Using the SAFE Security Blueprints ARCH v
© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Introduction to VoIP Introducing VoIP Network Technologies.
Designing Network Management Services © 2004 Cisco Systems, Inc. All rights reserved. Designing the Network Management Architecture ARCH v
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Integrating Voice in the Network Design Define the requirements for voice services. Select.
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Identifying Voice Networking Considerations Identifying Design Considerations for Voice Services.
© 2007 Cisco Systems, Inc. All rights reserved.DESGN v Structuring and Modularizing the Network Designing the Network Hierarchy.
The waterfall model is a popular version of the systems development life cycle model for software engineering. Often considered the classic approach to.
© 2006 Cisco Systems, Inc. All rights reserved. CVOICE v Introduction to VoIP Considering Security Implications of VoIP Networks.
Designing Network Management Services © 2004 Cisco Systems, Inc. All rights reserved. Developing an Enterprise Network Management Strategy ARCH v
© 2006 Cisco Systems, Inc. All rights reserved. SND v Module Summary An IPsec VPN is a collection of protocols that help you to hook up your company.
Транксрипт:

© 2006 Cisco Systems, Inc. All rights reserved. SND v Introduction to Network Security Policies Designing a Secure Network Life-Cycle Model

© 2006 Cisco Systems, Inc. All rights reserved. SND v Outline Overview Components of Network Security Design Secure Network Life-Cycle Management Planning a Secure Network Designing a Secure Network Implementing a Secure Network Operating a Secure Network Optimizing a Secure Network Disposing of Secure Network Components Principles of Secure Network Design Summary

© 2006 Cisco Systems, Inc. All rights reserved. SND v Secure Network Design Factors Many factors affect the design of a secure network: Business needs Risk analysis Security policy Industry best practices Security operations Security System Security Operations Incident Response, Monitoring Maintenance, and Compliance Auditing Industry Best Practices Business Needs Risk Analysis Security Policy Policies, Guidelines, Standards

© 2006 Cisco Systems, Inc. All rights reserved. SND v Typical Business Goals Increase revenue and profit Increase market share Expand into new markets Increase competitive advantages over companies in the same market Reduce costs Increase employee productivity Shorten product- development cycles Use just-in-time manufacturing Plan around component shortages Offer new customer services Offer better customer support Open the network to key constituents (prospects, investors, customers, business partners, suppliers, and employees) Build relationships and information accessibility to a new level, as a basis for the network organizational model Avoid business disruption caused by network security problems Avoid business disruption caused by natural and unnatural disasters Modernize outdated technologies Reduce telecommunications and network costs, including overhead associated with separate networks for voice, data, and video

© 2006 Cisco Systems, Inc. All rights reserved. SND v Phases of a secure network life cycle: Plan Design Implement Operate Optimize Dispose Secure Network Life Cycle Corporate Security Policy Plan Design Implement Operate Optimize

© 2006 Cisco Systems, Inc. All rights reserved. SND v PDIOO Applied to the Secure Network Life Cycle Plan Design Implement Operate Optimize Assess the Effectiveness of the Security Policy Domain of Managers and Users

© 2006 Cisco Systems, Inc. All rights reserved. SND v Secure NetworkPlanning Phase Planning and network security assessments: Security posture assessment Internal assessment External assessment Wireless assessment Dial-up assessment Security posture assessment analysis and documentation Plan Design Implement Operate Optimize Corporate Security Policy

© 2006 Cisco Systems, Inc. All rights reserved. SND v Secure NetworkDesign Phase Design a scalable, flexible and easy-to-use security solution: Design review –Review security business goals –Review existing network security architecture –Identify design vulnerabilities Design deployment –Develop a logical design of network topology and capabilities –Develop a physical design to specify hardware and software requirements –Test, optimize, and document the design Plan Design Implement Operate Optimize Corporate Security Policy

© 2006 Cisco Systems, Inc. All rights reserved. SND v Secure NetworkImplement Phase Plan Design Implement Operate Optimize Corporate Security Policy Implement integrated security into the network infrastructure: Implementation plan review –Review implementation plans –Review network staging, implementation, and test plans Implementation engineering –Develop an implementation plan –Provide education

© 2006 Cisco Systems, Inc. All rights reserved. SND v Secure NetworkOperate Phase Plan Design Implement Operate Optimize Corporate Security Policy Analyze the information gathered from the operational network: Review network and security changes periodically –Review changes in the network (devices, applications, policies) –Document changes and their impact Analyze incidents –Identify and classify the incident –Conduct a detailed analysis

© 2006 Cisco Systems, Inc. All rights reserved. SND v Continually identify and mitigate risk: Network security optimization –Define criteria for optimization –Monitor and inspect security logs –Impact analyses of new software and features –Use hardware and software to optimize the system Secure NetworkOptimize Phase Plan Design Implement Operate Optimize Corporate Security Policy

© 2006 Cisco Systems, Inc. All rights reserved. SND v Disposal of Secure Network Components The reality: Systems and components break down, wear out, or become obsolete. Information, hardware, and software provide an open vulnerability. Decomissioning and disposal must be completed in accordance to all applicable regulations and practices. Therefore: Move information to another system, archive, discard, or destroy information. –Consider storage media and technology –Destroy hard drives and other media Keep keys for encrypted information secure and available.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Principles of Secure Network Design A principle is a rule or standard or a basic truth. NIST provides a list of system-level security principles to use throughout the life cycle of a secure network. Principles are used by users, system engineers and architects, and IT staff and managers.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Selected Principles for IT Security PrincipleDescription 1Establish a sound security policy as the foundation for the design. 5Assume that external systems are insecure. 6 Balance potential trade-offs of reducing risk against increasing costs and decreasing operational effectiveness. 7Implement layered security to prevent single points of vulnerability. 11Minimize the number of elements to be trusted. 12Use a combination of measures distributed physically and logically. 16Isolate public access systems from critical business assets. 20 Design and implement audit mechanisms to detect unauthorized use and to support incident investigations 21Ensure that your secure network design is scalable. 22 Authenticate users and processes to ensure appropriate access control decisions both within and across domains. 25Do not implement unnecessary security mechanisms. 26Protect information while being processed, in transit, and in storage. 30Ensure proper security in the shutdown or disposal of a system. Source: Engineering Principles for Information Technology Security, NIST

© 2006 Cisco Systems, Inc. All rights reserved. SND v Summary Building secure networks requires proactive thought and action to deal with unforeseen security issues after the network is in operation. Use the PDIOO network life-cycle model to assist in secure network design. Balance business and operation needs against the provisions of security policies. The plan phase helps identify network requirements. The design phase provides the logical and physical design based on requirements gathered during the plan phase.

© 2006 Cisco Systems, Inc. All rights reserved. SND v Summary (Cont.) The implement phase builds the network and verifies the design. The operate phase is the final test of the effectiveness of the design and provides input into the optimize phase of the network life cycle. The optimize phase uses proactive network management techniques to identify and resolve problems before network disruptions arise. Final disposal of network components is an activity that needs attention from the very beginning of the network life cycle. NIST engineering principles for network security aid in designing a secure information system.

© 2006 Cisco Systems, Inc. All rights reserved. SND v