Network Security Model – Defining an Enterprise Security Strategy

Overview

These are the 5 primary security groups that should be considered when implementing any company security model. These security groups include perimeter security, network, transaction and monitoring security. All of these are essential to any successful security plan for your company. Each enterprise’s network is surrounded by a perimeter which includes all devices and connections to other networks both public and private. Every server, data and devices that are utilized in the company’s operations make up the internal network. The demilitarized zone (DMZ) refers to a space between the internal network and the perimeter made up of public servers and firewalls. It permits access for users from outside to those network servers and prevents traffic from getting to internal servers. This doesn’t necessarily mean that everyone outside won’t be able to gain access to the internal networks. In fact, a proper security strategy determines who has access to what from where. Telecommuters, for example can use VPN concentrators to access Unix as well as Windows servers. Business partners can also make use of the Extranet VPN connection to gain access to the company S/390 Mainframe. Establish the level of security required for all servers in order to protect corporate applications and data. Determine the transaction protocols that are necessary to safeguard data when it moves between secure and not-secure networks segments. Monitoring activities should then be identified that analyze packets in real time to provide a proactive and defensive plan to guard against both external and internal threats. A recent survey discovered that internal attacks by disgruntled employees and consultants are more frequent than hacker attacks. It is important to address the issue of virus detection since allowed sessions may be infected by an infection at the application layer through e-mail or file transfer, as well as other means.

Security Policy Document

The security policy document describes different policies for employees that use the enterprise network. It outlines the things employees can do with the resources they have. It also includes non-employees also consultants and business partners, clients , and fired employees. Security guidelines for Internet email and virus detection are defined dll-files download. It is the basis for determining what cyclical procedure, if any, is used to study and improve security.

Perimeter Security

This describes a basic line of defense that external users must deal with before authenticating to the network. It is security for traffic whose source and destination is an external network. Many components are used to safeguard the perimeter of a network. The assessment reviews the perimeter devices that are currently in use. Firewalls, modems, routers, TACACS servers and RADIUS servers are all examples of devices that are considered to be perimeter.

Network Security

This covers all server and legacy host security that is used to authenticate and authorize both internal as well as external employees. Once a user is authenticated by security perimeters, security needs to be taken care of prior to the user being able to launch any program. The network functions to transfer data between workstations and applications on the network. On a shared server networks, applications can be developed. This could be an operating system like Windows, Unix, Mainframe MVS or Unix. It is the responsibility of the operating system store data and respond to requests for data , and ensure the security of that data. After a user is authenticated to a Windows ADS domain with a particular user account, they will have access to privileges granted to the account. This includes the ability to be able to access directories specific to some or all servers, start applications, and administer some or all of the Windows servers. The Windows Active Directory Services distributed is the only server that users can access once he authenticates. This can provide enormous management benefits and also availability. All accounts are managed through a central view, and copies of security databases can be maintained on various servers in the network. Unix and Mainframe hosts may require login to a specific system. However, network rights can be distributed to many hosts.

* Network operating system domain authentication and authorization

* Windows Active Directory Services authentication & authorization

* Unix and Mainframe host authentication. Authorization

* Application authorization per server

* File and data authorization

Transaction Security

The security of transactions is constantly evolving. It attempts to secure each session by focusing on five main activities. They are integrity, confidentiality, authentication, non-repudiation and virus detection. Transaction security is a way to ensure that session information can be securely transmitted across the enterprise or on the Internet. This is essential when dealing with the Internet as data can be exposed to people who would access the information without authorization. E-Commerce uses industry standards like SET and SSL that define the protocols that offer non-repudiation security, authenticity and integrity. To protect transactions, virus detection is used to detect the presence of viruses in files prior to the transfer to internal users or sent via the Internet. The following section outlines industry-standard protocol for security of transactions.

Non-Repudiation – RSA Digital Signatures

Integrity – MD5 Route Authentication

Authentication – Digital Certificates

Confidentiality – IPSec/IKE/3DES

Virus Detection Antivirus Software McAfee/Norton Antivirus Software

Monitoring Security

Monitoring network traffic for vulnerabilities, security threats and unusual events is a must to any security plan. This analysis will reveal the methods and applications being used. Below is an overview of the most common monitoring options. To monitor traffic that is arriving at your perimeter, intrusion detection sensors can be utilized to monitor it. IBM Internet Security Scanner can be used to evaluate the security risks in your business. Syslog server messaging, an Unix program that records security events into the log file to be inspected, is used in many businesses. It is crucial to have audit trails to record network changes and assist with identifying security problems. Large corporations that utilize many dial lines analog to modems typically utilize dial scanners to detect gaps in the lines that could be targeted. Facilities security is a common badge access to equipment as well as servers that host mission critical information. Systems for badge access keep track of the time each specific employee entered the telecom room and then left. Cameras sometimes record what specific actions were carried out and recorded.

Intrusion Prevention Sensors

Cisco sells intrusion prevention sensors (IPS), to corporate clients, increasing the security posture of their company’s network. The Cisco IPS 4200 series uses sensors in strategic locations to guard routers, switches and servers from hacker. IPS sensors will examine the network’s traffic in real-time or inline, comparing packets that have known signatures. The sensor will notify the user if it finds suspicious behavior and drop the packet. The IPS sensor is accessible inline IPS or IDS, which means that the doesn’t allow traffic to flow through the device, or as a hybrid device. Most sensors in the data center network will be assigned an IPS mode. This mode features advanced security features that can stop attacks from happening as soon as they happen. It is important to note that IOS intrusion prevention software is currently available with routers as an option.

Vulnerability Assessment Testing

IBM Internet Security Scanner (ISS) is a vulnerability assessment scanner focused on enterprises to assess security vulnerabilities in networks from both an internal and external perspective. Agents are utilized to check different devices and servers for security flaws or weaknesses. It also includes network discovery as well as data collection and analysis, as well as reports. The data is collected from routers, switches, servers firewalls, workstations operating systems and network service. Potential vulnerabilities are verified through non-destructive testing and recommendations provided for fixing any security issues. A reporting tool is available with the scanner that communicates the findings of the scan to employees of the company.

Syslog Server Messaging Cisco IOS has a Unix software called Syslog that provides reports on a wide range of device activity and error circumstances. Syslog messages are created by the majority of routers and switches. These messages are delivered to the Unix workstation for review. If your Network Management Console (NMS) is using the Windows platform There are applications that allow viewing of log files and sending Syslog files between Unix NMS and a Windows NMS.