Chapter 4 - Security Policy and Design

Network Management and
Security
Chapter 4
Security Policies and Secure Design
Gebeyehu B. (Dr. of Eng.) Asct Professor
Ge.be09@yahoo.com
Network management and security Chapter 4

Chapter contents
Basic concepts of Security Policies and Secure Design
Security Policies
Definition, Importance and Development Process of a Security

Policy
Incident Handling Process, Security Wheel and Sample
Security Policy
Secure Network Design Principles and Methodologies

Basic concept of Security Policies and Secure
Design
Secure network design and information security policy begins with
creation and/or review of system requirements and organization’s
structures towards security, standards, and practices
Then, secure network design and information security architecture
are the development and use of a detailed information infrastructures
leads to success.
Without policy and secure network design, organizations are unable
to meet information security needs of various communities of
interest
Policies direct how issues should be addressed and technologies used
Security policies are least expensive controls to execute but most
difficult to implement

Design
High level statements describing the security goals, priorities and the
management intention with regard to information systems security,
as well as the ways to achieve these goals.
Written in one or more documents.
The policy maker, set the tone & the emphasis on how important a
role infosec will have within the agency.
Policies are important reference documents for internal audits & for resolution
of legal disputes about management’s due diligence
Policy documents can act as a clear statement of management’s intent

For policies to be effective, they must be:
Properly disseminated
Read
Understood
Agreed-to
Design
Policy documentation
Policy= Direction for Control Employees must understand intent
Philosophy of organization Auditors test for compliance
Created by Senior Mgmt
Reviewed periodically
Procedures: Standards: Guidelines

Detailed steps to An image of Recommendations
implement a policy. what is acceptable and acceptable
Written by process alternatives
owners

Design
.
Law and Regulations

e.g. Data Protection, Intellectual Property Management
Security Requirements
confidentiality, availability, privacy, integrity, non repudiation
Best practices and Security Standards
Security, countermeasures, guidelines and procedures

Design
Provides a comprehensive framework for the selection and
implementation of security measures
Communication means among different nodes
Management of resources
Resources: interconnected devices, people, skills, money, time
Conveys the importance of security to all members of the systems
Helps promote “trust relationships” between the partners and there

functions

Design
Policy: the bull’s eye model
Policies: first layer of defence

Networks: threats first meet organization’s network
Systems: computers & manufacturing systems
Applications: all applications systems
Security Policies
Security policy
Security policy is an essential foundation of effective information
security (infosec) program
The success of an information resources protection program
depends on the policy generated, & on the attitude of
management toward securing information on automated systems.
The primary responsibility is to set the information resource

security policy for the organization
With the objectives of reduced risk, compliance with laws &
regulations, & assurance of operational continuity, information
integrity, & confidentiality.”

Security Policies n
Security policy
A quality infosec program begins & ends with policy
Policies are least expensive means of control & often the most
difficult to implement
Basic rules to follow when shaping policy:

Never conflict with law
Properly supported and administered
Contribute to the success of the organization
Involve end users of information systems

Security Policies
Policy standard
more detailed statement of what must be done to comply with
policy
Practices, procedures & guidelines: explain how individuals will
comply with policy
Policies require constant modification & maintenance
In order to produce a complete infosec policy, management must
define as:
Enterprise infosec program policy
Issue-specific infosec policies
Systems-specific infosec policies

Security Policies
System specific policies
They may often be created to function as standards or procedures to be used
when configuring or maintaining systems
System security polices can be separated into:

Management guidance
Technical specifications
Combined in a single policy document
Enable administrations to restrict access according to user, computer,

time, duration, or even a particular file

Security Policies
Policy development
Policy development as a two-part project:
Design & develop policy (or redesign & rewrite out-dated policy)
Establish management processes to perpetuate policy within organization
The former is an exercise in project management, while the latter

requires adherence to good business practices
Policy development or re-development projects should be well
planned, properly funded, & aggressively managed to ensure
completion on time & within budget
When a policy development project is undertaken, the project can
be guided by the Security system requirement process

Security Policies
Policy design
How policies will be distributed
How verification of distribution will be accomplished
Specifications for any automated tools
Revisions to feasibility analysis reports based on improved costs & benefits as
design is clarified
Implementation phase
Write the policies!
Make certain policies are enforceable as written
Policy distribution is not always as straightforward
Effective policy:
Is written at a reasonable reading level
Attempts to minimize technical jargon & management terminology

Security Policies
Policy maintenance phase
Maintain & modify policy as needed to ensure that it remains
effective as a tool to meet changing threats
Policy should have a built-in mechanism via which users can

report problems with the policy, preferably anonymously
Periodic review should be built into the process

Security Policies
Policy approaches and applications
Key Reference Materials
Defined work framework
Structuring Review, Approval, & Enforcement Processes
Coverage matrix

Issue specific Security Policy
Provides detailed, targeted guidance to instruct organization in
secure use of tech systems
Begins with intro to fundamental technological philosophy of the
system
Serves to protect the system from inefficiency/ambiguity
Documents how technology-based system is controlled Identifies
Processes & authorities that provide this control
Serves to indemnify organization against liability for inappropriate
or illegal system use
Address specific technology-based systems
Require frequent updates
Contain an issue statement on the organization’s position on an issue

It includes
email
use of Internet & World Wide Web
specific minimum configurations of computers to defend against malware
prohibitions against hacking or testing organization security controls
home use of company-owned computer equipment
use of personal equipment on company networks
use of telecommunications technologies
use of photocopy equipment

Components
Statement of Purpose:
Scope & Applicability
Definition of Technology Addressed
Responsibilities
Authorized Access & Usage of Equipment:

User Access
Fair & Responsible Use
Protection of Privacy
more ...

Security policy requirements
Must develop an enterprise security architecture at conceptual,

logical, functional, and physical levels
Must manage risk to acceptable levels

Risk develops the Business Case that convinces mgmt security should be
performed
Must be defined in business terms to help nontechnical

stakeholders understand and endorse program goals
Must provide security-related feedback to business owners and

stakeholders

Policies objectives and functionalities
Policy Objective: Describes ‘what’ needs to be accomplished
Policy Control: Technique to meet objectives
Procedure: Outlines ‘how’ the Policy will be accomplished
Standard: Specific rule, metric or boundary that implements policy
Example 1:
Policy: Computer systems are not exposed to illegal, inappropriate, or
dangerous software
Policy Control Standard: Allowed software is defined to include ...
Policy Control Procedure: A description of how to load a computer with
required software.
Example 2:
Policy: Access to confidential information is controlled
Policy Control Standard: Confidential information SHALL never be emailed
without being encrypted
Policy Guideline: Confidential info SHOULD not be written to a memory
stick

Secure Network Design Principles and
Methodologies
Objectives
Ultimately, our network design must answer some pretty basic
questions
What stuff do we get for the network?
How do we connect it all?
How do we have to configure it to work right?
Traditionally this meant mostly capacity planning – having enough
bandwidth to keep data moving
May be effective, but result in over engineering
And while some uses of the network will need a lot of bandwidth
(multimedia), we may also need to address:
Security
Considering both internal and external threats
Possible wireless connectivity
Reliability and/or availability
Like speed for a car, how much are you willing to afford?
Methodologies
Design phases
Designing a network is typically
broken into three sections:
Determine requirements
Define the overall architecture
Choose technology and specific devices
Two typical methods

Traditional analytic design
Building block approach
Both use a similar iterative approach
Methodologies
Traditional design proves
Agree requirem ents
Design requirements
Engage end users
Inform ation gathering
Translate requirements
Business objectives –> technical specification
D esign process
Phasing the requirements
Right level of detail at each design stage
M eets constraints?
Designing the requirements
No Y es Aim for completeness
D eploym ent Prioritise with a hierarchical system such as
[M] - Mandatory
C om m issioning [H] – Highly desirable
[D] - Desirable
M odify [N] – Note
Consider all aspects
E.g. support & maintenance, depreciation,
commissioning costs, project management
Network management and security
fees, Chapter 4
Methodologies
Design
Specification
Detailed document of the design
Acts as a benchmark for design changes
Final design choices and changes need justification and documenting
Should include change history to aid maintenance
Used for the implementation
Implementation
Needs a project plan to include
Phased introduction of new technology
Educating the users (what to expect)
Pilot installation (test for possible problems)
Acceptance testing (to prove performance meets requirements)
Deployment (provide support on going live and provide fallback position)

Methodologies
Design
Connectivity options
Technology choices
LANs (Ethernet, Token ring, ATM)
MANs (FDDI, SMDS, ATM, SONET/SDH)
WANS (Frame relay, ATM, ISDN, X.25, PDCs, Satellite)
Wireless (802.11, Bluetooth, GPRS, GSM)
Dial-up lines
Serial links
Connectivity options determinants

Packet, cell or circuit switching
Wired or wireless
Distance
Performance
Bandwidth, Quality of Service, Availability
Methodologies
Block design
An alternative and high tech
Needs Technology
Analysis design
Cost
Assessment

Methodologies
Secure design principles and methodologies
For a network design to work well, we need to balance between
Hierarchy – how much network traffic flows connect in tiers of
organization
Like tiers on an org chart, hierarchy provides separation and structure
for the network
Interconnectivity – offsets hierarchy by allowing connections between
levels of the design, often to improve performance between them
Detail considerations or refine

Identify customer requirements
Characterize the existing network
Design topology
Plan the implementation
Build a pilot network
Document the design
Implement the design, and monitor its use
Chapter 4
Methodologies
Plan ahead

Methodologies
Requirements
Requirements for a network probably isn’t as much fun as
shopping for really expensive hardware
And that may be why many networks are poorly designed – no one
bothered to think through their requirements!
Many people will jump to a specific technology or hardware solution,
without fully considering other options – the obvious solution may not be
the best one
We need to develop the low level design and the higher level
architecture, and understand the environment in which they operate
We also need to prove that the design we’ve chosen is ‘just right’
Managing the customer’s expectations
They may expect a much simpler or more expensive solution than is really
needed
Methodologies
Requirements
Managing the customer’s expectations
Showing analysis of different design options, technologies, or architectures
can help prove you have the best solution
Need to use a systems approach for understanding the network

The system goes far beyond the network hardware, software, etc.
Also includes understanding the users, applications or services, and
external environment
How do these need to interact?

What does the rest of the organization expect from the network?

Methodologies
Requirements
Consider how devices communicate

Methodologies
Requirements
What services are expected from the network?
Typical performance levels might include capacity, delay time, reliability
Providing 1.5 Mb/s peak capacity to a remote user
Guaranteeing a maximum round-trip delay of 100 ms to servers in a
server farm
Functions include security, accounting, scheduling,
management
Defining a security or privacy level for a group of users or an
organization
Service requirements could include the QoS (quality of service)
guarantees (ATM, Intserv, Diffserv, etc.)
This connects to network management monitoring of network performance

Methodologies
Requirements
Capacity refers to the ability to transfer data

Bandwidth is the theoretical capacity of some part of the network
Throughput is the actual capacity, which is less than the bandwidth, due to
protocol overhead, network delays, etc.
Kind of like hard drive actual capacity is always less than advertised, due
to formatting
Methodologies
Requirement analysis
Given these concepts, how do we describe requirements for a
network?
Need a process to filter or classify requirements
Network requirements (often have high, medium, low priorities)
Future requirements (planned upgrades)
Rejected requirements (remember for future ref.)
Informational requirements (ideas, not required)
Requirements can come from many aspects of the network system

User Requirements
Application Requirements
Device Requirements
Network Requirements
Other Requirements
Methodologies
User Requirements
User requirements are often qualitative and very high level
What is ‘fast enough’ for download? System response (RTT)?
How good does video need to be?
What’s my budget?

Methodologies
What types of apps are we using?
Mission-critical
Rate-critical
Real-time and/or interactive
How sensitive are apps to RMA (reliability, maintainability,

availability)?
What capacity is needed?
What delay time is acceptable?
What groups of apps are being used?
Telemetry/command and control - remote devices
Visualization and simulation
Distributed computing

Methodologies
What groups of apps are being used?
Web development, access, and use
Bulk data transport – FTP
Teleservice – VOIP, teleconference
Operations, admin, maintenance, and provisioning (OAM&P) – DNS,
SMTP, SNMP
Client-server – ERP, SCM, CRM
Where are the apps located?
Are some only used in certain locations?

Methodologies
Device Requirements
What kinds of devices are there (in the network)?
Generic computing devices include normal PCs, Macs, laptops, handheld
computers, workstations
Servers include all flavors of server – file, print, app/computation, and backup
Specialized devices include extreme servers (supercomputers, massively
parallel servers), data collection systems (POS terminals), industry-specific
devices, networked devices (cameras, tools), stoplights, ATMs, etc.
Specialized devices are often location-specific

Methodologies
Device Requirements
We want an understanding of the device’s performance – its ability to
process data from the network
Device I/O rates
Delay time for performing a given app function
Performance results from many factors
Storage performance, that is, flash, disk drive, or tape
performance
Processor (CPU) performance
Memory performance (access times)
Bus performance (bus capacity and arbitration
efficiency)
OS performance (effectiveness of the protocol stack
and APIs)
Device driver performance
The device locations are also critical
Often generic devices can be grouped by their
quantity
Servers and specialized stuff are shown individually
Methodologies
Network requirements (sounds kinda redundant) are the
requirements for interacting with the existing network(s) and
network management concerns
Most networks have to integrate into an existing network, and
plan for the future evolution of the network
Issues with network integration include
Scaling dependencies – how will the size of the existing network affect the
new one?
Will the existing network change structure, or just add on a new wing?
Location dependencies – interaction between old and new networks could
change the location of key components
Performance constraints – existing network could limit performance of the
new one
Network, system, and support service dependencies
Methodologies
Issues with network integration include
Addressing, security, routing protocols and network management can all
be affected by the existing network
Interoperability dependencies
Changes in technology or media at the interfaces between networks need to be
accounted for, as well as QoS guarantees, if any
Network obsolescence – do protocols or technologies become obsolete
during transition?
Network management and security issues need to be addressed
throughout development
How will the network be monitored for events?
Monitoring for network performance?
What is the hierarchy for management data flow?
Network configuration?
Troubleshoot support?
Methodologies
Effect/ Probability User Devices Servers Network Software Services Data
Security Unauthorized Access B/A B/B C/B A/B B/C A/B

analysis
Unauthorized Disclosure B/C B/B C/C A/B B/C A/B
can
include the Denial of Service B/B B/B B/B B/B B/B D/D
severity Theft A/D B/D B/D A/B C/C A/B
(effect) of Corruption A/C B/C C/C A/B D/D A/B
an attack, Viruses B/B B/B B/B B/B B/C D/D
and its Physical Damage A/D B/C C/C D/D D/D D/D
probability Effect: Probability:

of A: Destructive C: Disruptive A: Certain C: Likely
occurrence
B: Disabling D: No Impact B: Unlikely D: Impossible

Methodologies
Other Requirements
Requirements can come from other outside sources – your customer, legal
requirements, larger scale organization (enterprise) requirements, etc.
Additional requirements can include
Operational suitability – how well can the customer configure and monitor the
system?
Supportability – how well can the customer maintain the system?
Confidence – what is the data loss rate when the system is running at its required
throughput?
Financial requirements can include not only the initial system cost, but also
ongoing maintenance costs
System architecture may be altered to remain within cost constraints
This is a good reason to present the customer with design choices, so they see the impact
of cost versus performance
Enterprise requirements typically include integration of your network with existing
standards for voice, data, or other protocols

Methodologies
Requirements for specification and map are also equally important
A requirements specification is a document which summarizes the
requirements for (here) a network
Often it becomes a contractual obligation, so assumptions, estimates, etc.
should be carefully spelled out
Requirements are classified by Status, as noted earlier
(core/current, future, rejected, or informational requirement)
Priority can provide additional numeric distinction within a given
Status
Sources for Gathering requirements can be identified, or give
basis for Deriving it
Type is user, app, device, network or other

Methodologies
Requirements analysis process
So, how do we
determine what the
requirements are for
our network?
Collect requirements
service metrics, and
delays to help
develop and map
requirements

End!

Chapter 4 - Security Policy and Design

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Chapter 4 - Security Policy and Design

Uploaded by

Copyright:

Available Formats

Network Management and

Security Policies and Secure Design

Gebeyehu B. (Dr. of Eng.) Asct Professor

Network management and security Chapter 4

Definition, Importance and Development Process of a Security

Secure Network Design Principles and Methodologies

Network management and security Chapter 4

Network management and security Chapter 4

Policy documents can act as a clear statement of management’s intent

Procedures: Standards: Guidelines

Network management and security Chapter 4

Law and Regulations

Network management and security Chapter 4

Communication means among different nodes

Conveys the importance of security to all members of the systems

Helps promote “trust relationships” between the partners and there

Network management and security Chapter 4

Policies: first layer of defence

The primary responsibility is to set the information resource

Network management and security Chapter 4

Basic rules to follow when shaping policy:

Network management and security Chapter 4

Network management and security Chapter 4

System security polices can be separated into:

Enable administrations to restrict access according to user, computer,

Network management and security Chapter 4

The former is an exercise in project management, while the latter

Network management and security Chapter 4

Network management and security Chapter 4

Policy should have a built-in mechanism via which users can

Periodic review should be built into the process

Network management and security Chapter 4

Network management and security Chapter 4

Network management and security Chapter 4

use of Internet & World Wide Web

specific minimum configurations of computers to defend against malware

prohibitions against hacking or testing organization security controls

home use of company-owned computer equipment

use of personal equipment on company networks

use of telecommunications technologies

use of photocopy equipment

Network management and security Chapter 4

Authorized Access & Usage of Equipment:

Network management and security Chapter 4

Must develop an enterprise security architecture at conceptual,

Must manage risk to acceptable levels

Must be defined in business terms to help nontechnical

Must provide security-related feedback to business owners and

Network management and security Chapter 4

Network management and security Chapter 4

Define the overall architecture

Choose technology and specific devices

Two typical methods

Network management and security Chapter 4

Connectivity options determinants

An alternative and high tech

Network management and security Chapter 4

Detail considerations or refine

Network management and security Chapter 4

Need to use a systems approach for understanding the network

How do these need to interact?

Network management and security Chapter 4

Network management and security Chapter 4