Network Security Strategy
These are the 5 most important security groups that need to be considered in any enterprise security model. They include perimeter security, network, transaction and monitoring security. These are all essential components of any company’s security strategy . A perimeter is a security system that includes every device and circuit that connects to public and private networks. All servers, data and devices that are used in company operations comprise the internal network. The demilitarized zone (DMZ) is a gap that lies between the internal network, and the outer perimeter comprised of firewalls and other servers that are public. It permits access to external users to these servers, but denies traffic that would get to internal servers. This doesn’t mean that everyone outside users are blocked access to internal networks. A well-designed security plan will define who has access to which information and from where. For example, telecommuters can make use of VPN concentrators in the perimeter to connect to Windows and Unix servers. Business partners also have the option of using Extranet VPN connections to access the S/390 Mainframe. To ensure the security of company files and applications, establish the security standards for each server dll program download. Find transaction protocols that are required to protect data when it travels through secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real-time, to provide a proactive and defensive strategy for protecting against internal and external attacks. Recent research has revealed that internal attacks from disgruntled employees and consultants are more frequent than hacker attacks. Virus detection needs to be considered since sessions that are allowed could be carrying a virus on the application level, such as an email or file transfer.
Security Policy Document
The security policy document outlines the various policies that are applicable to all employees that use the network of the enterprise. It defines the things employees can do with the resources they have. This policy also applies to non-employees, such as business partners, clients consultants, as well as fired employees. Security policies for Internet e mail and detection of viruses are specified. It determines what cyclical process, if any, is utilized to analyze and improve security.
This describes a first protection that users from outside have to be aware of prior to authenticating on the network. It’s security for all traffic whose source and destination is an external network. Many components are used to secure the perimeter of networks. This analysis looks at all perimeter devices in use today. Routers, modems and firewalls, TACACS servers and RADIUS servers are just a few examples of perimeter devices.
This is defined as all of the server and legacy host security used for authenticating and authorizing employees both external and internal. Once a user has been authenticated through perimeter security, it’s the security aspect that needs to be taken care of prior to starting any applications. The network can be used to transport traffic between workstations as well as applications on the network. Network applications run using a shared server that may be running an operating system like Windows, Unix or Mainframe MVS. It is the duty of the operating system store information and respond to requests for information and ensure the security of that data. Once a user is authenticated to the Windows ADS domain using a specific user account, they will be granted privileges. Such privileges would be to access specific directories at some or all servers, to start applications and manage a portion or all of the Windows servers. When a user authenticates to the Windows Active Directory Services distributed it does not belong to any particular server. This provides tremendous management and availability benefits. Each account is managed through a central view, and copies of security databases can be maintained on various servers in the network. Unix and Mainframe hosts typically require the login of a specific system, however the rights on the network can be shared to many hosts.
* Domain of operating system network authentication and authorization
* Windows Active Directory Services authentication & authorization
* Unix and Mainframe host authentication. Authorization
* Application authorization per server
* Authorization for data and file
Security for transactions is dynamic. It is designed to secure every session with five primary functions. They are authenticity, confidentiality, integrity non-repudiation and detection of viruses. Transaction security is a way to ensure that session information can be safely transferred across an organization or over the Internet. This is important when working with the Internet because data can be vulnerable to people who would access the valuable information without permission. E-Commerce utilizes industry standards such as SET and SSL. These protocols describe a set that provides the security of confidentiality, non-repudiation, and integrity. To safeguard transactions by detecting viruses, the system is employed to detect viruses in data files prior to their transfer to internal users or sent over the Internet. Below are industry-standard security protocols.
Non-Repudiation – RSA Digital Signatures
Integrity The integrity MD5 Route authentication
Authentication – Digital Certificates
Confidentiality – IKE/IPSec/IPSec
Virus Detection Security Detection McAfee/Norton Antivirus Software
Security strategies must be monitoring network traffic to detect suspicious events, security weaknesses and security vulnerabilities. This evaluation identifies the methods and tools are utilized. The following is a listing of typical monitoring options. For monitoring traffic arriving at your perimeter, intrusion detection sensors can be employed to track it. IBM Internet Security Scanner can be used to assess security risks in your business. Syslog server messaging, a Unix application that records security events into an audit log file and analysis, is employed in a variety of companies. Audit trails are essential to document network changes as well as identifying security problems. Large companies that use many analog dial lines for modems frequently employ dial scanners to identify gaps in the lines that could be exploited. Facilities security is a common badge access to equipment and servers that host mission critical data. Badge access systems record the date time that each specific employee was in the room for telecom and exited. Cameras may record specific activities were conducted as well.
Intrusion Prevention Sensors (IPS)
Cisco sells intrusion prevention devices (IPS) to corporate clients, increasing the security posture of their network. Cisco IPS 4200 series uses sensors in strategic places on both sides of the network to protect routers, switches and servers from hacker attacks. IPS sensors are able to monitor network traffic in real-time or inline and compare packets with pre-defined signatures. The sensor will notify you when it observes suspicious behaviour and then remove the packet. The IPS sensor can be deployed inline IPS or IDS, where traffic isn’t flowing through the devices or hybrid devices. Most sensors in the data center network will be in an IPS mode. This mode has advanced security features that can stop attacks from taking place in the first instance. IOS intrusion prevention software is available to be purchased with routers in the present.
Vulnerability Assessment Testing
IBM Internet Security Scanner (ISS) is a vulnerability assessment scanner that is targeted at corporate customers to evaluate security vulnerabilities in networks from both an external and internal perspective. The software is run by agents and scans various network devices and servers for security flaws that are known and possible vulnerabilities. It also includes network discovery as well as data collection and analysis and also reports. Data is collected through routers, switches, servers and firewalls, as well as workstations, operating systems and network service. Potential vulnerabilities are verified through non-destructive testing and recommendations made for correcting any security problems. The scanner has a report facility included in the scanner that presents the information findings to employees of the company.
Syslog Server Messaging Cisco IOS has a Unix software called Syslog that provides reports on a range of device activity and error circumstances. Most routers and switches create Syslog messages, which are then sent to a designated Unix workstation to be reviewed. If your Network Management Console (NMS) is using the Windows platform There are tools which allow you to view log files as well as sending Syslog files between Unix NMS and a Windows NMS.