Importance Of Network Security Strategy

Overview

Five main security groups that should be considered when drafting an enterprise security plan. They comprise security policy, perimeter, network, monitoring and transaction security. They are all components of any successful security plan for your company. A perimeter is a system which covers the entire circuit and equipment that connects to public and private networks. The internal network is comprised of all the servers software, applications, data and equipment used in business operations. The demilitarized zone (DMZ), is the space that exists between the internal network and the surrounding area comprised of firewalls and other servers that are public. It permits access to network servers to certain external users, but blocks traffic to internal servers. That doesn’t mean that everyone outside users are denied access to internal networks. A well-designed security plan will define who is able to access what information and where. For example, telecommuters can utilize VPN concentrators in the perimeter to gain access to Windows as well as Unix servers. Business partners can also make use of the Extranet VPN connection for access to the company S/390 Mainframe. To safeguard company data and applications, establish the security standards for each server. Find transaction protocols that are required to secure data as it moves through secured and non-secure networks. Monitoring activities should then be identified that analyze packets in real time as a defensive and pro-active plan to guard against internal and external attacks. Recent research has revealed that internal attacks from unhappy employees and consultants are more prevalent than hacker attacks. It is essential to take care of the issue of virus detection since allowed sessions could be infected with viruses at their application layer via e-mail, file transfer, or other means.

Security Policy Document

The security policy document outlines different policies for employees using the network. It clarifies what employees are allowed to use what resources. It also includes non-employees also consultants, clients, business partners and fired employees. In addition security policies are designed for Internet email and virus detection. It defines what cyclical process that is utilized to analyze and enhance security.

Perimeter Security

This describes a basic protection that users of external networks must be aware of prior to authenticating on the network. It is security for traffic whose origin and destination is an outside network. Many components are used to secure the perimeter of networks. This assessment analyzes the perimeter devices in use today. Firewalls, modems, routers, TACACS servers and RADIUS servers are all examples of perimeter devices.

Network Security

This is defined as all of the server and legacy host security used to authenticate and authorize both employees, both internal and external. Once a user has been authenticated by security perimeters, it is the security aspect that has to be taken care of prior to starting any applications. The network exists to carry data between workstations and applications on the network. Network applications run on a shared server, which may be running an operating system, such as Windows, Unix or Mainframe MVS free download dll files. The operating system is responsible for maintaining data and responding to requests for data, and ensuring security. After a user is authenticated to the Windows ADS domain with a specific user account, they have access rights that are given to that account. These privileges allow the user to access directories on several servers, run software and manage some or all of the Windows server. When a user authenticates to the Windows Active Directory Services distributed it is not a specific server. It has huge benefits in terms of management and availability for this since each account is managed from a centralized perspective and security database copies are maintained at various servers throughout the network. Unix and Mainframe hosts could require login to a specific system. However, rights to network can be distributed to several hosts.

* Domain authentication and authorization for the Network Operating System

* Windows Active Directory Services authentication & authorization

* Unix and Mainframe host authentication and authorization

* Application authorization per server

* Authorization of data and file

Transaction Security

Transaction security is viewed from a dynamic angle. Each session is protected by five major activities. These include integrity, confidentiality, authentication non-repudiation and detection of viruses. Transaction security makes sure that session data is safely transferred across an organization or over the Internet. This is crucial when working with the Internet as data can be misused with no authorization. E-Commerce uses industry standards such as SET and SSL which define the protocols that guarantee non-repudiation, integrity, authentication and confidentiality. In addition, virus detection can provide security to transactions by looking over data files for indications of virus infection before they are sent to an internal user , or before they are transmitted over the Internet. Below are industry-standard transaction security protocols.

Non-Repudiation RSA Digital Signatures

Integrity – MD5 Route Authentication

Authentication – Digital Certificates

Confidentiality – Confidentiality – IPSec/IKE/3DES

Virus Detection The Virus Detection McAfee/Norton Antivirus Software

Monitoring Security

Security strategies should be monitoring network traffic to detect unusual events, security vulnerabilities, and attacks. The analysis helps identify the strategies and tools being employed. This is a list of typical solutions for monitoring. For monitoring traffic arriving at your perimeter intrusion detection sensors could be utilized to monitor it. IBM Internet Security Scanner can be used to determine the level of the vulnerability of your business. Syslog Server Messaging is a typical Unix program found at numerous companies. It writes security events to the log file to be analyzed. It is crucial to have audit trails that document network changes and assist with isolating security issues. Large companies that use lots of analog dial lines for modems frequently utilize dial scanners to detect open lines that might be used to gain access. Facility security involves accessing servers and equipment that store mission-critical information with badge access. Access control systems for badges track the time each employee entered and left the room for telecom. Cameras sometimes record what specific activities were conducted as well.

Intrusion Prevention Sensors

Cisco offers intrusion prevention devices (IPS) to corporate clients to improve the security of their company’s network. Cisco’s IPS 4200 series utilize sensors at strategic locations on the inside and outside network protecting switches, routers and servers from hackers. IPS sensors will examine network traffic real time or inline, comparing packets with known signatures. The sensor will alert you if it detects suspicious activity and will remove the packet. The IPS sensor can be found inline IPS or IDS, which means that the doesn’t allow traffic to flow through the device, or as a hybrid device. Most sensors inside the data center network are designated IPS mode with its highly dynamic security features, which stop attacks when they occur. Be aware that IOS intrusion prevention software is available today with routers that are an option.

Vulnerability Assessment Testing (VAST)

IBM Internet Security Scanner is an vulnerability scanner designed for enterprise users. It can evaluate vulnerabilities in networks from an internal and external view. The software is run by agents and scans a variety of networks and servers for known security holes and potential vulnerabilities. The process is comprised of network discovery, data collection, analysis and reports. The data is collected from routers and switches, servers, firewalls as also workstations, operating system networks, network services, and servers. Non-destructive testing is used to determine the vulnerability and to make recommendations on how to fix them. There is a reporting facility accessible with the scanner which provides the results to company staff.

Syslog Server Messaging

Cisco IOS has a Unix program known as Syslog that reports on a variety of device activities and error situations. The majority of routers and switches produce Syslog messages that are transmitted to a specific Unix workstation to be reviewed. If your Network Management Console (NMS) uses the Windows platform, there are utilities that let you view log files and sending Syslog files between Unix NMS and a Windows NMS.