Professional Documents
Culture Documents
1 - NS Overview
1 - NS Overview
Assets?
Information assets Paper documents Software assets Physical assets People Company image and reputation Services
Ver. 1.0
Network Security
Protection of Integrity, Availability & Confidentiality of Network Assets and Services from associated Threats and Vulnerabilities
Ver. 1.0
Cost of Security
Increased security increases cost of the system. Cost of security is a combination of many factors: Cost for decreased system performance Cost for increased system complexity Cost for decreased system usability Increased operation and maintenance cost
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
4
Security Vs Cost
Ver. 1.0
Security Vs Convenience
To make the decisions concerning security of computer networks involve a tradeoff between security and convenience. More security measures may lead to inconvenience and complaints from users.
Ver. 1.0
Securing network is g more difficult than a standalone computer because of its Connectivity y Complexity
Ver. 1.0
Difficulty in Securing Network Connectivity More people are connected. Sometimes outsiders through Internet or Extranet. One attacker in one computer may p y pose potential threat to all the connected computers. Difficult to enforce discipline among users.
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
Difficulty in Securing Network Complexity Difficult to keep track of changes. Multiple Operating Systems. Difficult to enforce technical security measures.
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
Threat
Threat is anything that could cause damage / harm / loss to assets. Threat would need to exploit vulnerability of the assets. Threat can be accidental or deliberate.
Ver. 1.0
11
Threat (Contd.)
Damage to communication lines/cables Deterioration of storage media Eavesdropping Hardware f il H d failure Maintenance error Mal c ous software Malicious so twa e Misuse of resources Unauthorized network access Administrator error User error Traffic overloading Transmission error --- etc.
Ver. 1.0
12
Vulnerability
Vulnerability is weakness associated with assets. Weakness may be exploited by threats causing loss / damage / harm to the assets assets. A vulnerability in itself does not cause harm until exploited.
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
13
Vulnerability (Contd.)
Insufficient security training Lack of security awareness Inadequate recruitment procedures Insufficient preventive maintenance Lack of identification and authentication mechanisms Transfer of passwords in clear Unprotected public network connections Poor password management etc
Ver. 1.0
14
Threat Theft Eavesdropping Eavesdropping repudiation Unauthorized access Unauthorized access Malicious code(virus, warm,trojans,spywares etc) Unauthorized network access Traffic overloading
Ver. 1.0 #Module 1: NSM - Overview
15
Security Risk
A security risk is the potential that a g given threat will exploit p vulnerabilities to cause loss/damage to asset and hence directly / indirectly to the organization It is a function of the impact of the undesirable event and the likelihood of the event occurring.
Ver. 1.0
16
Risk Assessment
The process of identifying security risks, and determining their magnitude. Sometimes referred to as risk analysis.
Ver. 1.0
17
Ver. 1.0
18
Ver. 1.0
19
Barriers to Security
30% 25% 20% 15% 10% 5% 0%
Certified Network Security Manager Ver. 1.0
Lack of training Pace of change Poorly defined policy Lack of management support Insufficient capital budget Complexity of technology
PwC IT Security Survey
20
Solution
Management concerns
Market reputation Business continuity Disaster recovery Business loss Loss of confidential data Loss of customer confidence Legal liability Cost of security
ISMS through Risk Assessment
Security measures
Technical Procedural Physical Logical Personnel Management
Ver. 1.0
21
ISMS Standards
ISO/IEC 27001 ISMS - Requirements A specification Used as a basis for certification ISO/IEC 27002 A code of practice (not a specification) Provides best practice guidance Use as required within your business Not for certification
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
22
Types of testing
Penetration Testing
Looking the network in an Attackers eye, from outside g y , the network. Application Security Testing.
Vulnerability assessment
Review of network architecture and segmentation Critically examine the network and its components for their weakness in configuration and deployment.
Ver. 1.0
23
Attack Types
External Attacks carried through the Internet
Company
Ver. 1.0
24
Maintaining access
Uploading / altering / downloading programs or data
Scanning
Maintaining Access
Covering tracks
Certified Network Security Manager Ver. 1.0
Gaining Access
25
Ver. 1.0
26
Penetration testing
Reveals a hackers view of the network or servers hacker s servers. Helps to understand the security preparedness against evolving threats. Unearths security vulnerabilities and configuration mistakes in the target system.
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
27
Vulnerability assessment
Detailed analysis of vulnerabilities present in the servers, operating systems and application, which can be exploited by external attackers or by an internal compromise.
Certified Network Security Manager Ver. 1.0 #Module 1: NSM - Overview
28
VA - Review of configuration
Default installations are focused more towards the convenience than security security. In general, many unnecessary services are present. New vulnerabilities are discovered almost everyday. everyday
Ver. 1.0
29
Sources of Information
CERT-IN (www.cert-in.org.in) CERT (www cert org) (www.cert.org)
CERT Advisories, Incident Notes, Vulnerability Notes
END of Session
Ver. 1.0
31