Module 2:Designing Network

Security

Module Overview

• Overview of Network Security Design

• Creating a Network Security Plan

• Identifying Threats to Network Security

• Analyzing Risks to Network Security

• Defense-in-Depth Model Overview

Lesson 1: Overview of Network Security Design

• Key Principles of Network Security

• Security Design and Implementation

• Components of Network Security

• Network Security Design Process

Key Principles of Network Security

Principle Definition

Defense-in-Depth • Provides multiple layers of protection

Least privilege • Grants the least amount of permission

necessary to perform required tasks

Minimized attack surface

• Reduces the number of vulnerable points on the network

Security Design and Implementation

• Ensures that a logical and carefully planned strategy is used for securing organization’s assets

• Ensures that security is applied throughout the organization in a controlled and logical manner

• Creates policies and procedures for security

• Applies the policies and procedures created during the design to the organization’s assets

• Ensures that policies and procedures are deployed consistently throughout the organization

Security Design

Security Implementation

Components of Network Security

• Physical security• Hosts• Accounts and services• Authentication

• Data• Data transmission• Perimeter networks

Network Security Design Process

• Detect occurrences of security violations and respond to them

Detecting and reacting

• Review the security policies and modify them as necessary

Managing and reviewing

• Analyze and prioritize risks based on likelihood of occurrence and cost

Performing risk management

• Create policies and procedures to mitigate the selected risks

Designing security measures

Task Phase

• Predict attacks to assetsPerforming threat modelling

• Include diverse membership to ensure success

Creating a security design team

Lesson 2: Creating a Network Security Plan

• Security Policies and Procedures

• Guidelines for Creating Policies and Procedures

• Guidelines for Creating a Security Design Team

Security Policies and Procedures

• Security procedures provide detailed steps that describe how to implement policies

• Administrative policies are enforced by management• Technical policies are enforced by operating systems

and applications• Physical policies are enforced by physical controls

such as locks

• Security policies describe what must be implemented to secure a network

Guidelines for Creating Policies and Procedures

Guidelines include:

Write clear and concise policies

Write simple procedures

Obtain management support

Make policies and procedures easily accessible

Ensure no disruption to business processes

Implement technology where possible

Ensure that consequences are consistent for policy violation

Guidelines for Creating a Security Design Team

Guidelines include:

Have a single executive sponsor

Involve an experienced project manager

Involve teams that deploy and manage security

Involve legal and human resources personnel

Involve managers and end-users

Provide clear roles and responsibilities for all members

Communicate regularly and clearly

Lesson 3: Identifying Threats to Network Security

• Reasons for Network Attacks

• Stages of Network Attacks

• Types of Network Attacks

• Common Network Vulnerabilities

• STRIDE Threat Model Overview

• Guidelines for Modeling Network Threats

• Countering Network Threats

Stages of Network Attacks

Deny Service

Survey and

Assess

Exploit and Penetrate

Maintain Access

Escalate Privileges

12

3

45

Types of Network Attacks

Types of attack Characteristics

Eavesdropping • An attacker intercepts your communications

Data modification • An attacker alters your data packets

Identity spoofing • An attacker falsifies a source IP address

Password based • An attacker uses a valid account

Denial of service • An attacker prevents access to your computer or network

Man in the middle • An attacker monitors, captures, and controls communication

Compromised key• An attacker obtains a key used for

securing communication

Application layer • An attacker targets an application by deliberately causing an error

Common Network Vulnerabilities

• User rights should be restricted to the minimum requirements to perform necessary tasks

User rights

• Any service or application may have flaws, making the computer vulnerable to attacks

Services

Description Vulnerability

• If auditing is not enabled, you cannot report an attack that has occurredAudit settings

• Password is either too simple or shared among users

Account passwords

STRIDE Threat Model Overview

• The process of making a system or application unavailable

Denial of service

• Attempts to gain access to a system by using a false identity

Spoofing

• Unauthorized modification of dataTampering

• Ability of users to deny that they performed specific actions or transactions

Repudiation

• Unwanted exposure of private data Information disclosure

• Users assume more privileges than the limited privileges granted to them

Elevation of privilege

Guidelines for Modeling Network Threats

Use the following guidelines when modeling threats to your network:

Manage discussions about the validity of a threat

Include specialized network penetration testers

Apply caution when it involves conflict of interests

Consider technology-specific threats

Ensure that you have all the information

Encourage creative thinking among team members

Countering Network Threats

● Use data hashing and signing

● Use digital signatures and strong authorization Tampering

● Use digital signaturesRepudiation

● Use strong authorization and encryptionInformation disclosure

● Use resource and bandwidth throttling techniquesDenial of service

● Follow the principle of least privilege for all resource requests

Elevation of privilege

● Use strong authentication

● Do not pass credentials in plain text over the wireSpoofing

Examples of counter measuresThreat category

Lesson 4: Analyzing Network Security Risks

• Risk Assessment

• Network Assets at Risk

• Calculating Risk Impact

• Microsoft Operations Framework (MOF) Risk Management Process Overview

Risk Assessment

Prioritize security risks

Determine the appropriate level of security

Justify costs

Create metrics

Document all potential security issues

Avoid overlooking critical network security issues

Network Assets at Risk

Asset Example

Hardware

• Desktop and portable computers

• Routers and switches

• Backup media

Software

• Software installation CDs

• Operating system images

• Custom software code

• Virtualized servers

Documentation • Security policies and procedures

• Network diagrams and building plans

Data

• Trade secrets

• Employee information

• Customer information

Impact of a risk is based on:

Calculating Risk Impact

• The probability of the occurrence of the risk • Direct costs such as lost orders during an outage• Indirect costs such as loss of goodwill and loss of

prospective customers

Example:

A Web server, which is vulnerable to one hour of denial-of-service attack, has 1% probability of the occurrence of the risk over the next year. The direct cost of lost orders in that hour is $50,000. The indirect cost involved in loss of customer confidence is $200,000.

Risk impact = .01 x ($50,000 + $200,000) = $2,500Risk impact = .01 x ($50,000 + $200,000) = $2,500

Microsoft Operations Framework (MOF) Risk Management Process

Stage Description

Identifying risks • Identify risks including the cause and consequence

Analyzing and prioritizing risks

• Determine the impact of a risk by using probability of occurrence and cost

Planning and scheduling risk actions

• Determine how risks can be mitigated based on the cost of mitigation and impact of the risks

Tracking and reporting risk

• Gather information about how risks are changing

Controlling risk • Implement appropriate risk actions as risks

change

Learning from risk • Use risk review meetings and a risk knowledge

base to capture information about successful and unsuccessful risk actions

Lesson 5: Defense-in-Depth Model Overview

• Layers of the Defense-in-Depth Model

• Using Defense-in-Depth to Identify Risks

• Using Defense-in-Depth to Mitigate Risks

Using Defense-in-Depth to Identify Risks

Layer Example Risks

Data • Unauthorized viewing, or changing of data

Application • Loss of application functionality

Host • Operating system weakness

Internal network • Packet sniffing and unauthorized use of wireless networks

Perimeter • Attacks from anonymous Internet users

Physical security • A user with direct physical access to a computer can modify it or access data

Polices, procedures, and awareness

• Users and IT staff not following policies due to lack of understanding

Using Defense-in-Depth to Mitigate Risks

Layer Mitigation Examples

Data • Access Control List (ACL) encryption,

Encrypting File System (EFS), and Digital Rights Management (DRM)

Application • Application hardening and antivirus software

Host • Operating system hardening,

authentication, update management, and Network Access Protection

Internal network • Network segmentation, IPsec, and intrusion detection

Perimeter • Firewalls and VPNs

Physical security • Locks and tracking devices

Polices, procedures, and awareness • User education