Course Summary

Course Overview

Mitigating network attacks requires a comprehensive, end-to-end approach that includes creating and maintaining security policies based on the security needs of an organization. The first step in establishing an organization's security needs is to identify likely threats and perform a risk analysis, the results of which are used to establish the security hardware and software implementations, mitigation policies, and network design.

Risk Analysis Approaches

  • Quantitative Risk Analysis: Uses numerical values to assess risk levels and potential losses
  • Qualitative Risk Analysis: Uses descriptive categories to evaluate risk based on experience and judgment

Key Principles

  • Mitigating network attacks requires a comprehensive, end-to-end approach
  • Threat identification and risk analysis are the first steps in creating the protection strategy
  • Risk management and risk avoidance are two distinct approaches to addressing risks

Cisco Self-Defending Network Solutions

To help simplify network design, it is recommended that all security mechanisms come from a single vendor. The Cisco Self-Defending Network (SDN) is a comprehensive, end-to-end solution for network security.

CSDN Components

Policy Management

Cisco Security Manager - Centralized policy management for security devices

Threat Management

Cisco Security MARS - Security monitoring, analysis, and response system

Endpoint Security

Cisco NAC Appliance and Cisco Security Agent - Network access control and endpoint protection

Network Infrastructure

Cisco IPS Sensor Software, Cisco IOS Software, and Cisco ASA Adaptive Security Appliances - Core network security

Key Benefits

  • Cisco Self-Defending Network provides a comprehensive, end-to-end solution for network security
  • CSDN solutions include threat control and containment, secure communications, and operational control and policy management
  • Cisco Security Manager and Cisco MARS provide management solutions for CSDN
  • The Cisco Integrated Security Portfolio of security products is designed to meet the requirements and diverse deployment models of any network environment

Operations Security Principles

Operations security is an important part of managing a secure network. After the network is designed, operations security entails the day-to-day practices necessary to first deploy and later maintain the secure system.

Key Operations Security Principles

  • Separation of Duties: No single individual has control over two or more phases of a transaction or operation
  • Rotation of Duties: Individuals are given a specific assignment for a certain amount of time before moving to a new assignment
  • Trusted Recovery: An important principle of operations security that ensures system integrity during recovery processes

Operations Security Areas

  • Data Center Support: Physical and logical security of data center operations
  • Technical Support: Secure technical support procedures and access controls
  • Data Entry: Secure data entry processes and validation procedures

Network Security Testing

Part of maintaining a secure system is network security testing. Security testing is performed by the operations team to ensure that all security implementations are operating as expected. Testing is also used to provide insight into business continuity planning.

Security Testing Tools

  • Nmap: Network discovery and security auditing tool
  • SuperScan: Port scanner and network discovery utility

Types of Security Tests

  • Network scanning
  • Vulnerability scanning
  • Password cracking
  • Log review
  • Integrity checking
  • Virus detection
  • War driving
  • Penetration testing

Key Points

  • Network security testing is a critical process in maintaining a secure network
  • Nmap and SuperScan are two useful tools for network security testing
  • Tests include network scanning, vulnerability scanning, password cracking, log review, integrity checking, virus detection, war driving, and penetration testing

Business Continuity Planning

Business continuity planning addresses the continuing operations of an organization in the event of a disaster, disruption, or prolonged service interruption that affects the mission of the organization.

Planning Process

  1. Identify Disruptions: The possible types of disruptions should first be identified
  2. Assess Magnitude: The magnitude of the disruption determines the response
  3. Implement Redundancy: Redundancy ensures continuity of business operations
  4. Service Level Agreements: SLAs should include information regarding redundancy

Key Principles

  • Business continuity planning addresses the continuing operations of an organization in the event of a disaster, disruption, or prolonged service interruption
  • The possible types of disruptions should first be identified. The magnitude of the disruption determines the response
  • Redundancy ensures continuity of business operations. SLAs should include information regarding redundancy

System Development Life Cycle

After a secure network is implemented and continuity plans are established, those plans and documents must be continuously updated based on the changing needs of the organization. For this reason, it is necessary to understand the system development life cycle (SDLC) for the purposes of evaluating system changes and adjusting security implementations.

SDLC Phases

  1. Initiation: Project initiation and planning phase
  2. Acquisition and Development: System acquisition and development phase
  3. Implementation: System implementation and deployment phase
  4. Operations and Maintenance: Ongoing operations and maintenance phase
  5. Disposition: System disposal and decommissioning phase

Key Points

  • A system development life cycle (SDLC) encompasses evaluating system changes and adjusting plans accordingly
  • The SDLC consists of 5 phases
  • It is important to include security considerations in all phases of the SDLC

Security Policy Development

A network security system cannot completely prevent assets from being vulnerable to threats. New attacks are developed and vulnerabilities identified that can be used to circumvent security solutions. Additionally, technical, administrative, and physical security systems can be defeated if the end user community does not adhere to security practices and procedures.

Security Policy Components

  • Standards: Specific mandatory requirements for security implementation
  • Guidelines: Recommended approaches and best practices
  • Procedures: Step-by-step instructions for security operations

Key Principles

  • The security policy is an integral component of an organization's network security design and implementation
  • It answers questions about what assets are to be protected and how to protect them
  • A security policy typically consists of a governing policy, a technical policy, and an end-user policy
  • Standards, guidelines, and procedures contain the details defined in the policies
  • The policy should set out the various roles and responsibilities among the IT professionals
  • A security awareness program is necessary to ensure all employees within an organization are aware of and adhere to the security policies
  • Network security professionals must be aware of all laws and ethics pertaining to network security
  • Procedures for responding to security breaches are outlined in a security policy

Conclusion

If security policies are established and followed, organizations can minimize the loss and damages resulting from attacks. A comprehensive security policy must be maintained which identifies an organization's assets, specifies the security hardware and software requirements for protecting those assets, clarifies the roles and responsibilities of personnel, and establishes the proper protocol for responding to security breaches.

Table of Contents