Close
Posts Tagged ‘Network’

Network Security Model – Defining an Enterprise Security Strategy

Date : November 30th, 2009Category : Movies Hall of FameAuthor : EditorNo comments

Overview

These are the 5 primary security groups that should be considered with any enterprise security model. These include security policy, perimeter, network, transaction and monitoring security. These are all part of any effective company security strategy. Any enterprise network has a perimeter that represents all equipment and circuits that connect to external networks both public and private. The internal network is comprised of all the servers, applications, data, and devices used for company operations. The demilitarized zone (DMZ) represents a location between the internal network and the perimeter comprised of firewalls and public servers. It that allows some access for external users to those network servers and denies traffic that would get to internal servers. That doesn’t mean that all external users will be denied access to internal networks. On the contrary, a proper security strategy specifies who can access what and from where. For instance telecommuters will use VPN concentrators at the perimeter to access Windows and Unix servers. As well business partners could use an Extranet VPN connection for access to the company S/390 Mainframe. Define what security is required at all servers to protect company applications and files. Identify transaction protocols required to secure data as it travels across secure and non-secure network segments. Monitoring activities should then be defined that examine packets in real time as a defensive and pro-active strategy for protecting against internal and external attacks. A recent survey revealed that internal attacks from disgruntled employees and consultants are more prevalent than hacker attacks. Virus detection should then be addressed since allowed sessions could be carrying a virus at the application layer with an e-mail or a file transfer.

Security Policy Document

The security policy document describes various policies for all employees that use the enterprise network. It specifies what an employee is permitted to do and with what resources. The policy includes non-employees as well such as consultants, business partners, clients and terminated employees. In addition security policies are defined for Internet e-mail and virus detection. It defines what cyclical process if any is used for examining and improving security.

Perimeter Security

This describes a first line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to secure the perimeter of a network. The assessment reviews all perimeter devices currently utilized. Typical perimeter devices are firewalls, external routers, TACACS servers, RADIUS servers, dial servers, VPN concentrators and modems.

Network Security 

This is defined as all of the server and legacy host security that is implemented for authenticating and authorizing internal and external employees. When a user has been authenticated through perimeter security, it is the security that must be dealt with before starting any applications. The network exists to carry traffic between workstations and network applications. Network applications are implemented on a shared server that could be running an operating system such as Windows, Unix or Mainframe MVS. It is the responsibility of the operating system to store data, respond to requests for data and maintain security for that data. Once a user is authenticated to a Windows domain with a specific user account, they have privileges that have been granted to that account. Such privileges would be to access specific directories at one or many servers, start applications, and administer some or all of the Windows servers. When the user authenticates to the Windows Active Directory Services distributed it is not any specific server. There is tremendous management and availability advantages to that since all accounts are managed from a centralized perspective and security database copies are maintained at various servers across the network. Unix and Mainframe hosts will usually require logon to a specific system, however the network rights could be distributed to many hosts.

·  Network operating system domain authentication and authorization

·  Windows Active Directory Services authentication and authorization

·  Unix and Mainframe host authentication and authorization

·  Application authorization per server

·  File and data authorization

Transaction Security 

Transaction security works from a dynamic perspective. It attempts to secure each session with five primary activities. They are non-repudiation, integrity, authentication, confidentiality and virus detection. Transaction security ensures that session data is secure before being transported across the enterprise or Internet. This is important when dealing with the Internet since data is vulnerable to those that would use the valuable information without permission. E-Commerce employs some industry standards such as SET and SSL, which describe a set of protocols that provide non-repudiation, integrity, authentication and confidentiality. As well virus detection provides transaction security by examining data files for signs of virus infection before they are transported to an internal user or before they are sent across the Internet. The following describes industry standard transaction security protocols.

Non-Repudiation – RSA Digital Signatures 

Integrity – MD5 Route Authentication

Authentication – Digital Certificates 

Confidentiality – IPSec/IKE/3DES

Virus Detection  – McAfee/Norton Antivirus Software

Monitoring Security

Monitoring network traffic for security attacks, vulnerabilities and unusual events is essential for any security strategy. This assessment identifies what strategies and applications are being employed. The following is a list that describes some typical monitoring solutions. Intrusion detection sensors are available for monitoring real time traffic as it arrives at your perimeter. IBM Internet Security Scanner is an excellent vulnerability assessment testing tool that should be considered for your organization. Syslog server messaging is a standard Unix program found at many companies that writes security events to a log file for examination. It is important to have audit trails to record network changes and assist with isolating security issues. Big companies that utilize a lot of analog dial lines for modems sometimes employ dial scanners to determine open lines that could be exploited by security hackers. Facilities security is typical badge access to equipment and servers that host mission critical data. Badge access systems record the date time that each specific employee entered the telecom room and left. Cameras sometimes record what specific activities were conducted as well.

Intrusion Prevention Sensors (IPS)

Cisco markets intrusion prevention sensors (IPS) to enterprise clients for improving the security posture of the company network. Cisco IPS 4200 series utilize sensors at strategic locations on the inside and outside network protecting switches, routers and servers from hackers. IPS sensors will examine network traffic real time or inline, comparing packets with pre-defined signatures. If the sensor detects suspicious behavior it will send an alarm, drop the packet and take some evasive action to counter the attack. The IPS sensor can be deployed inline IPS, IDS where traffic doesn’t flow through device or a hybrid device. Most sensors inside the data center network will be designated IPS mode with its dynamic security features thwarting attacks as soon as they occur. Note that IOS intrusion prevention software is available today with routers as an option.

Vulnerability Assessment Testing (VAST)

IBM Internet Security Scanner (ISS) is a vulnerability assessment scanner focused on enterprise customers for assessing network vulnerabilities from an external and internal perspective. The software runs on agents and scans various network devices and servers for known security holes and potential vulnerabilities. The process is comprised of network discovery, data collection, analysis and reports. Data is collected from routers, switches, servers, firewalls, workstations, operating systems and network services. Potential vulnerabilities are verified through non-destructive testing and recommendations made for correcting any security problems. There is a reporting facility available with the scanner that presents the information findings to company staff.

Syslog Server Messaging

Cisco IOS has a Unix program called Syslog that reports on a variety of device activities and error conditions. Most routers and switches generate Syslog messages, which are sent to a designated Unix workstation for review. If your Network Management Console (NMS) is using the Windows platform, there are utilities that allow viewing of log files and sending Syslog files between a Unix and Windows NMS.

Network Planning and Design Guide is available at Amazon.com and eBookmall.com

Shaun Hummel is an author of various technical books and has a web site focused on information technology job search solutions and certifications.

http://www.networkjobsolutions.com

Tags : , , , , ,

How a Full Network Audit Could Benefit Your Business

Date : November 20th, 2009Category : Movies Hall of FameAuthor : EditorNo comments

As the backbone of your organisation’s information technology infrastructure, your IT network needs to be kept at optimum performance level. Productivity and profit could be lost, not to mention customers and staff, if your IT is creating work for everyone instead of reducing it, by failing to provide the efficiencies it was designed for, or worse, not protecting you from catastrophic loss of data.

Why are we networked?

In the late 1980s and early 1990s, IT was generally considered to be a necessary evil, consuming enormous budgets and confusing lots of people who would have preferred to be doing something else. Computing was considered a distraction and the actual benefits in terms of profit, and certainly in terms of increased productivity, were at the very best inconclusive: employees had mixed feelings as increasingly computers took or changed their jobs.

At this time, IT was moving from mainframe and mid-frame systems (which processed large repetitive jobs such as payroll and now had dumb terminals attached to allow minimal activity outside the IT department) to client/server technology, where processing was more local and terminals more intelligent – although not necessarily the users who used up inordinate amounts of support staff time. The arrival of the client/server model and the development of Ethernet networks greatly reduced the space required by massive mainframes and revolutionised the distribution of computing power throughout the organisation.

In 2008, distributed IT is no longer an option, but a necessity. All but the very smallest companies have some kind of networked computing power and ‘keeping up with the Jones’ in this respect has become a global consideration, not simply a British obsession: it is simply not possible for anything but the smallest company to remain competitive without it. The outrage of the 1990s has abated as the human race has adapted to a new way of working – users are becoming remarkably IT savvy. As the IT Infrastructure is used for more and more business functionality, so additional data equipment and software is purchased. The IT department is expected to implement changes to the network and its components, usually under strict time constraints, whilst maintaining control processes, and as most IT professionals will agree, this can be a difficult balancing act. These issues, along with the global habit of stimulating company growth by acquisition, gives the IT department a potential headache in terms of thousands of pounds worth of company assets not properly accounted for.

And still it is not plain sailing for the IT department

The job now involves tracking an unwieldy and growing number of IT products and equipment and dealing with a far more unwieldy number of staff from various disciplines. IT department staff come and go, records can be misplaced, knowledge of products is lost and not replaced, the network may have been upgraded and some products no longer serve effective purpose.

Critical to keeping an IT network functioning effectively and at peak performance, is a network audit, which should ideally be performed annually. If records are updated between audits, annual audits become easy and quick to perform. Without proper auditing, you are likely to have:

- No preparation for crisis management
- Chaotic cash flow due to duplication or ill-advised purchases, no buy- back arrangement, etc
- Lower productivity
- Less profit
- Limited spend forecasting ability
- Less computing power than you need
- Inability to locate and fix bugs
- Reduced ability to track obsolete assets
- Inability to measure or reduce environmental impact
- Inadequate insurance cover
- Uncontrolled power consumption
- Compliance issues

Let’s say that you are now convinced you must invest in an audit: it may be that the resources required to perform the audit are not available in-house. There is a multitude of companies offering auditing services – some good, some not – but how can you recognise a reputable company? What should you be looking out for?

Features of a competent IT audit specialist

- Experienced with up to date asset recognition software
- Regularly perform physical audits in addition
- All technicians are technically qualified
- Engineers government security cleared (SC)
- Full documentation provided in agreed format
- Includes initial discussion to pre-determine level of detail required
- Excellent references
- Solid business history

There is a good possibility that the audit will highlight products and components that need to be replaced shortly and there will be requirements for updates to the system. It may be convenient to choose a company that can not only carry out audits, but can also provide buy-back facilities and offers both refurbished and new products at competitive prices. In this way, your company will benefit from making best use of time and financial resources.

Cost issues

A network audit is an investment, and as such, it brings rewards after the initial outlay. In some cases, significant advantages will be immediately obvious, such as:

- Finding and fixing bugs to enable smooth operation of the network
- Locating all components to ensure no duplication of purchases
- Staff finding the system more responsive
- Customers not having to wait so long for assistance
- Planning for future IT requirements becoming easier
- Users less needy
- More time to spend on new or important but less urgent projects

Other benefits will take longer to realise:

- Profitability is improved over time by, for example, sales staff available for more calls, and an optimised phone system
- Competitive advantage may be achieved through identification of appropriate new technologies not yet implemented by business rivals.

Business information systems are constantly evolving and in order not to be caught lagging behind, or in the obsolescence trap, a network audit is a cost effective and business critical function.

Tags : , , , , ,