Quản trị mạng - Chapter 9: Managing a secure network

Chapter 9- Managing a Secure Network CCNA Security Objectives • Describle the principles of secure network design. • Describle threat identificaion and risk analysis. • Describle risk managenment and risk avoidance. • Describle the Cisco SecureX architecture. • Describle operation security. • Describle network security testing tools and techniques. • Describle business continuity and disaster recovery. • Describle the system development life cycle concept and its application to a secure network life cycle. • Describle the purpose and function of a network security policy Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Introduction • To help simplify network design, it is recommended that all security mechanisms come from a single vendor. • The Cisco SecureX architecture is a comprehensive, end-to-end solution for network security that includes solutions to secure the network, email, web, access, mobile users and data center resources. Ensuring a Network is Secure • Mitigating network attacks requires a comprehensive, end-to-end approach: • Secure network devices with AAA, SSH, role- based CLI, syslog, SNMP, and NTP. • Secure services using AutoSecure and CCP one-step lockdown. • Protect network endpoints (such as workstations and servers) against viruses, Trojan Horses, and worms, with Cisco NAC and Cisco IronPort. Ensuring a Network is Secure • Use Cisco IOS Firewall and accompanying ACLs to secure resources internally while protecting those resources from outside attacks. • Supplement Cisco IOS Firewall with Cisco IPS technology to evaluate traffic using an attack signature database. • Protect the LAN by following Layer 2 and VLAN recommended practices and by using a variety of technologies, including BPDU guard, root guard, PortFast, and SPAN. Ensuring a Network is Secure • When developing security policies, several questions must be answered: Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Ensuring a Network is Secure 1. Business needs 2. Threat identification 3. Risk analysis Refer to 9.1.1.1 4. Security needs 5. Industry-recommended practices 6. Security operations Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Ensuring a Network is Secure • Many security assumptions are made when designing and implementing a secure network. • There are guidelines to help you avoid making wrong assumptions: Refer to 9.1.1.2 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Ensuring a Network is Secure 1. Expect that any aspect of a security system might fail. 2. Identify any elements that fail-open. 3. Try to identify all attack possibilities. 4. Evaluate the probability of exploitation. 5. Assume that people will make mistakes. 6. Attackers will not use common and well-established techniques to compromise a system. 7. Check all assumptions with other people. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Threat Identification and Risk Analysis 1.What are the possible vulnerabilities of a When identifying threats, it is important to ask two questions: system? 2.What are the consequences if system vulnerabilities are exploited? Threat Identification – Bank Scenario Internal system compromise Insider attack on the system Identified ThreatsRefer to 9.1.2.1 Stolen customer data Phony transactions Data Input errors Data Center Destruction Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Risk Analysis • Evaluate each threat to determine its severity and probability • Quantitative Risk Analysis uses a mathematical model • Qualitative Risk Analysis uses a scenario-based model Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Refer to 9.1.2.2 Risk Analysis 1. Internal system compromise 2. The first step in developing a risk analysis is to evaluate each threat to determine its severity and probability Refer to 9.1.2.2 Stolen customer data 3. Phony transactions if external server is breached 4. Phony transactions using a stolen customer PIN or smart card 5. Insider attack on the system 6. Data input errors 7. Data center destruction Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Quantitative Risk Analysis • Asset Value (AV) is the cost of an individual asset. • Exposure Factor (EF) is the loss, represented as a percentage, that a realized threat could have on an asset. • Single Loss Expectancy (SLE) is the result of AV * EF, or the cost of a single instance of a threat. Refer to 9.1.2.3 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Annualized Rate of Occurrence • Annualized Rate of Occurrence (ARO) - estimated frequency that a threat is expected to occur. • Single Loss Expectancy (SLE) • Annualized Loss Expectancy (ALE) - expected financial loss that an individual threat will cause an organization. Refer to 9.1.2.4 ALE = SLE *ARO Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Threat Identification and Risk Analysis Refer to 9.1.2.5 Ways to Handle Risk 1.Risk management Refer to 9.1.3.1 2.Risk avoidance Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Risk Management Scenario 1. Internal system compromise Keep in mind that not all mitigation techniques are implemented based on the risk versus cost formula used in the quantitative risk analysis: Refer to 9.1.3.2 2. Stolen customer data 3. Phony transactions if external server is broken into 4. Phony transactions if customer PIN or smart card is stolen 5. Insider attack on the system 6. Data input error 7. Data Center destruction Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Risk Avoidance Scenario Using the risk avoidance approach, a company would decide not to offer e-banking service at all because it would be deemed too risky. Refer to 9.1.3.3 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Introducing the Cisco SecureX Architecture Refer to 9.2.1.1 • Traditional network security ? • Today’s network ? Introducing the Cisco SecureX Architecture Refer to 9.2.1.2 • This new security architecture uses a high-level policy language that can describe the full context of a situation, including who, what, where, when and how. • This architecture is comprised of five major components Introducing the Cisco SecureX Architecture Refer to 9.2.1.3 • How does IT support this new computing model in a way that scales and ensures that resources are secure? • By using a context-aware network scanning element that uses central polices to enforce security. Introducing the Cisco SecureX Architecture Refer to 9.2.1.4 • The context-aware scanning architecture uses local network context from Cisco TrustSec technology. This is a packet tagging technology that allows security elements to share information gathered from the scanning elements as well as the endpoint client. Solution for the Cisco SecureX Architecture • The Cisco SecureX architecture refers to five product families: 1. Secure edge and branch 2. Secure email and web 3. Secure access 4. Secure mobility 5. Secure data center and virtualization. Solution for the Cisco SecureX Architecture Secure edge and branch ( Refer to 9.2.2.1) Solution for the Cisco SecureX Architecture Secure Email and Web ( Refer to 9.2.2.2) Solution for the Cisco SecureX Architecture Secure Access ( Refer to 9.2.2.3) Solution for the Cisco SecureX Architecture Secure Mobility ( Refer to 9.2.2.4) Solution for the Cisco SecureX Architecture Secure Data Center and Virtualization ( Refer to 9.2.2.4) Future Trends for Network Security 1. The consumerization of the endpoint 2. The increasing use of high-definition video The next few years are going to be a period of significant change, driven by three major trends: conferencing systems like Cisco TelePresence 3. The adoption of cloud computing. Refer to 9.2.3 Introducing Operations Security • While the Cisco SecureX architecture does increase the level of security, it cannot guarantee a completely invulnerable network. • Operations security is concerned with the day-to-day practices necessary to first deploy and later maintain a secure system. Core Principles 1. Separation of duties 2. Rotation of duties 3. Trusted recovery 4. Change and configuration controls Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Principles of Operations Security Separation of Duties • Separation (or segregation) of duties (SoD) is one of the main concepts of internal control and is the most difficult and sometimes the most costly control to achieve. • SoD states that no single individual has control over two or more phases of a transaction or operation. Refer to 9.3.2.1 Principles of Operations Security Rotation of Duties • To successfully implement this principle, it is important that individuals have the training necessary to complete more than one job. Refer to 9.3.2.2 Principles of Operations Security Trusted Recovery • This principle states that systems fail at some point, so a process for recovery must be established. • The most common way to prepare for failure is to back up data on a regular basis. Refer to 9.3.2.3 Trusted Recovery Network security professionals propose that a secure backup program contain some of the following practices: 1. A junior staff member is responsible for loading blank media. 2. Backup software uses an account that is unknown to individuals to bypass file security. 3. A different staff member removes the backup media and securely stores it on site while being assisted by another member of the staff. 4. A separate copy of the backup is stored off site and is handled by a third staff member who is accompanied by another staff member. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Principles of Operations Security Configuration and Change Control • The configuration and change controls should address three major components: 1. the processes in place to minimize system and network disruption 2. backups and reversing changes that go badly 3. guidance on the economical use of resources and time. Refer to 9.3.2.4 Configuration and Change Control There are five steps in a change control process: 1.Apply to introduce the change. 2.Catalogue the proposed change. 3.Schedule the change. 4.Implement the change. 5.Report the change to relevant parties. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Objectives of Security Testing and Evaluation
Uncover design, implementation, and operational flaws that could lead to the violation of the security policy. Objectives of ST&E:
Determine the adequacy of security mechanisms, assurances, and device properties to enforce the security policy.
Assess the degree of consistency between the system documentation and its implementation. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Assessing the Operational Status 1. Network scanning 2. Vulnerability scanning 3. Password cracking 4. Log review Refer to 9.4.1.2 5. Integrity checkers 6. Virus detection 7. Wardialing 8. Wardriving (802.11 or wireless LAN testing) 9. Penetration testing Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Using Testing Results • As a reference point for corrective action • To define mitigation activities to address identified vulnerabilities • As a benchmark to trace the progress of an organization in meeting security requirements • To assess the implementation status of system security requirements • To conduct cost and benefit analysis for improvements to system security • To enhance other activities such as risk assessments, Certification and Authorization (C&A), and performance improvement efforts Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Security Testing Tools Refer to 9.4.2.1 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Nmap • Classic TCP and UDP port scanning • Classic TCP and UDP port sweeping • Stealth TCP and UDP port scans and sweeps • Remote operating system identification, known as OS fingerprinting. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com SuperScan • Improved host detection using multiple ICMP methods • TCP SYN scanning • UDP scanning (two methods) • Source port scanning • Fast hostname resolving • Extensive banner grabbing • IP and port scan order randomization • Extensive Windows host enumeration capability Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Continuity Planning Objectives • Moving or relocating critical business components and people to a remote location while the original location is being repaired • Utilizing different channels of communication to deal with customers, shareholders, and partners until operations return to normal Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Disaster Recovery • The process of regaining access to the data, hardware, and software necessary to resume critical business operations after a disaster. • Plan for coping with unexpected or sudden loss of key personnel. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Disruptions and Backups • Identify types of disasters or disruptions possible • Take into account the magnitude of the disruption Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Disruption and Backups • Redundancy – Replacement components owned by the organization or a server provider – Service level agreement (SLA) • Redundant facility – Hot Site – Warm Site – Cold Site Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Refer to 9.5.2.2 Secure Copy • Two of the most critical components of a functional network are the router configuration and the router image files. • The secure copy (SCP) feature provides a secure and authenticated method for copying router configuration or router image files. Refer to 9.5.3.1 Secure Copy Refer to 9.5.3.2 Secure Copy Refer to 9.5.3.2 Secure Copy Refer to 9.5.3.2 System Development Life Cycle (SDLC) Initiation Initiation Acquisition and Development DispositionSecurity categorization: This task defines three levels of potential impact on organizations or individuals should there be a breach of security: low, Refer to 9.6.2 Implementation Operations and Maintenance moderate, and high,. Security categorization standards help organizations make the appropriate selection of security controls for their information systems. Preliminary risk assessment: This task results in an initial description of the basic security needs of the system. A preliminary risk assessment should define the threat environment in which the system will operate. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Acquisition and Development Initiation Acquisition and Development Disposition Risk assessment: an analysis that identifies the protection requirements for the system through a formal risk assessment process. Security functional requirements: an analysis of requirements Security assurance requirements: an analysis of the requirements that address the developmental activities that are required and the assurance evidence that is needed to produce the desired level of confidence Implementation Operations and Maintenance Security cost considerations and reporting: determines how much of the development cost to attribute to information security Security planning: new and current agreed upon security controls should be fully documented. Security control development: ensures that the security controls that the respective security plans describe are designed, developed, and implemented. Developmental security test and evaluation: ensures that security controls that are developed for a new information system are working properly and are effective. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Implementation Initiation Acquisition and Development Disposition Inspection and acceptance: ensures that the organization validates and verifies that the functionality that the specification describes is included in the deliverables. System integration: ensures that the system is integrated at the operational site where the information system is deployed for operation. Security certification: ensures that one effectively implement the controls through established verification techniques and procedures. Implementation Operations and Maintenance Security accreditation: provides the necessary security authorization of an information system to process, store, or transmit information that is required. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Operations and Maintenance Initiation Acquisition and Development Disposition Configuration management and control: ensures that there is adequate consideration of the potential security impacts due to specific changes to an information system or its surrounding environment. Continuous monitoring: ensures that controls continue to be effective in their application through periodic testing and evaluation. Implementation Operations and Maintenance Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Disposition Initiation Acquisition and Development Disposition Implementation Operations and Maintenance Information preservation: ensures that information is retained, as necessary, to conform to current legal requirements and to accommodate future technology changes that can render the retrieval method obsolete. Media sanitization: ensures that data is deleted, erased, and written over, as necessary. Hardware and software disposal: ensures that hardware and software is disposed of as directed by the information system security officer. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Determining an Organization’s Assets Determine what the assets of an organization are by asking questions: 1. What does the organization have that others want? 2. What processes, data, or information systems are critical to the organization? 3. What would stop the organization from doing business or fulfilling its mission? Security Policies are designed to protect assets Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Refer to 9.7.1.1 Security Policy Benefits 1. Demonstrates an organization’s commitment to security. 2. Sets the rules for expected behavior. 3. Ensures consistency in system operations, software and hardware acquisition and use, and maintenance. 4. Defines the legal consequences of violations. 5. Gives security staff the backing of management. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Refer to 9.7.1.2 Audience for the Security Policy • Anyone with access to the network – Internal audience – External audience • Determines the content of the policy Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Structure of a Security Policy Governing Policy Refer to 9.7.2.1 Technical Policies End-User Policies Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Governing Policy Important components: • A statement of the issue that the policy addresses. • How the policy applies in the environment. • The roles and responsibilities of those affected by the policy. • The actions, activities, and processes that are allowed and those that are not. • The consequences of noncompliance. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Refer to 9.7.2.2 Technical Policies • General policies • E-mail policies • Remote -access policies • Telephony policy • Application policies • Network policies • Wireless communication policy Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Refer to 9.7.2.3 End User Policy • Cover all rules pertaining to information security that end users should know about, comply with, and implement. • May overlap with technical policies. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Refer to 9.7.2.4 Standards, Guidelines, and Procedures • The security policy documents are high-level overview documents • Standards, guidelines, and procedures contain the actual details defined in the policies • Each document serves a different function, covers different specifications and targets a different audience Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Standards Documents Refer to 9.7.3.2 Standards documents include the technologies that are required for specific uses, hardware and software versioning requirements, program requirements, and any other organizational criteria Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Guideline Documents • Provide a list of suggestions • Provide flexibility • Not usually mandatory • Sources: Refer to 9.7.3.3 – National Institute of Standards and Technology (NIST) Computer Security Resource Center – National Security Agency (NSA) Security Configuration Guides – The Common Criteria standard Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Procedure Documents Refer to 9.7.3.4 Procedure documents include the details of implementation, usually with step-by-step instructions and graphics Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Roles and Responsibilities Executive-level management must always be consulted during security policy creation in order to ensure the policy is comprehensive, cohesive, and legally binding. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Roles and Responsibilities • Chief Executive Officer (CEO) • Chief Technology Officer (CTO) • Chief Information Officer (CIO) • Chief Security Officer (CSO) Refer to 9.7.4.2 • Chief Information Security Officer (CISO) Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Security Awareness Program • Reflects the business needs of an organization • Informs users of their IT security responsibilities • Explains all IT security policy and procedures • Explains proper rules of behavior for the use of the IT Refer to 9.7.5 systems and data • Details sanctions for noncompliance • Components – Awareness campaigns – Training and education Security Awareness Program Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Awareness Campaigns Methods for increasing awareness: • Lectures, videos • Posters, newsletter articles, and bulletins • Awards for good security practices • Reminders such as login banners, mouse pads, coffee cups, and notepads Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Training and Education From: IT department To: all Employees Subject: Course Offerings We are currently offering several training opportunities. Please see the list below and contact your manager if interested. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Success A successfully implemented security awareness program measurably reduces unauthorized actions by insiders, increases the effectiveness of existing controls, and helps fight waste, fraud, and abuse of information systems resources. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Laws and Ethics • Types of Laws – Criminal – Civil – Administrative • Ethics – Computer Ethics Institute – Internet Activities Board (IAB) – Generally Accepted System Security Principles (GASSP) – International Information Systems Security Certification Consortium, Inc (ISC)2 Code of Ethics Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Refer to 9.7.6 The ISC2 Code of Ethics • Code of Ethics Preamble Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this Code is a condition of certification. • Code of Ethics Canons – Protect society, the commonwealth, and the infrastructure. – Act honorably, honestly, justly, responsibly, and legally. – Provide diligent and competent service to principals. – Advance and protect the profession. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Responding to a Security Breach • Motive answers the question of why a person (or persons) committed the illegal act. • Opportunity answers the question of when and where the person committed the crime. • Means answers the question of how the person committed the crime. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Forensics Procedures • Proper data collection • Data chain of custody • Data storage • Data backups Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Summary • Mitigating network attacks requires a comprehensive end-to-end approach. • Threat identification and risk analysis are the firt steps in creating the protection strategy. • Risk management and risk avoidance are tow distinct approaches to addressing risks. • Ciso Self-Defending Network provides a comprehensive, end-to-end solution for network security. • CSDN solutions include threat control and containment, secure communications, and operational control and policy management. • Cisco Security Manager and Cisco MARS provide management solutions for CSDN. • The Cisco integrated Security Portfolio of security products designed to meet the requirements and diverse deploument models of any network environment. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Summary • Operations security is an important part of managing a secure network. • Separation of duties states that no single individual has control over tow more phases of a transaction or opration. • Rotation of duties is a security measure in which individuals are given a specific assignment for a certain amount of time before moving to a new assignment. • Trusted recovery is an important principle of operations security. • Network security testing is a critical process in maintaining a secure network. • Nmap and SuperScan are two useful tools for network security testing. • Tests include network scanning, vulnerability scanning, password cracking, log review, integrity checking, virus detection, war driving , and penetration testing. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Summary • The security policy is an integral component of an organization’s network security design and implementation. It answers questions about what assets are to be protected and how to protect them. • A security policy typically consists of a goverming policy, a technical policy, and an end-user policy. • Standards, guidelines, and procedures contain the details degined in the policies. • The policy should set out the various roles and responsibilities among the IT professionals. • A securiy awareness program is necessary to ensure all employees within an organization are aware of and adhere to the security policies. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com