Upload
caitlin-montgomery
View
220
Download
0
Tags:
Embed Size (px)
Citation preview
Module 2:Designing Network
Security
Module Overview
• Overview of Network Security Design
• Creating a Network Security Plan
• Identifying Threats to Network Security
• Analyzing Risks to Network Security
• Defense-in-Depth Model Overview
Lesson 1: Overview of Network Security Design
• Key Principles of Network Security
• Security Design and Implementation
• Components of Network Security
• Network Security Design Process
Key Principles of Network Security
Principle Definition
Defense-in-Depth • Provides multiple layers of protection
Least privilege • Grants the least amount of permission
necessary to perform required tasks
Minimized attack surface
• Reduces the number of vulnerable points on the network
Security Design and Implementation
• Ensures that a logical and carefully planned strategy is used for securing organization’s assets
• Ensures that security is applied throughout the organization in a controlled and logical manner
• Creates policies and procedures for security
• Applies the policies and procedures created during the design to the organization’s assets
• Ensures that policies and procedures are deployed consistently throughout the organization
Security Design
Security Implementation
Components of Network Security
• Physical security• Hosts• Accounts and services• Authentication
• Data• Data transmission• Perimeter networks
Network Security Design Process
• Detect occurrences of security violations and respond to them
Detecting and reacting
• Review the security policies and modify them as necessary
Managing and reviewing
• Analyze and prioritize risks based on likelihood of occurrence and cost
Performing risk management
• Create policies and procedures to mitigate the selected risks
Designing security measures
Task Phase
• Predict attacks to assetsPerforming threat modelling
• Include diverse membership to ensure success
Creating a security design team
Lesson 2: Creating a Network Security Plan
• Security Policies and Procedures
• Guidelines for Creating Policies and Procedures
• Guidelines for Creating a Security Design Team
Security Policies and Procedures
• Security procedures provide detailed steps that describe how to implement policies
• Administrative policies are enforced by management• Technical policies are enforced by operating systems
and applications• Physical policies are enforced by physical controls
such as locks
• Security policies describe what must be implemented to secure a network
Guidelines for Creating Policies and Procedures
Guidelines include:
Write clear and concise policies
Write simple procedures
Obtain management support
Make policies and procedures easily accessible
Ensure no disruption to business processes
Implement technology where possible
Ensure that consequences are consistent for policy violation
Guidelines for Creating a Security Design Team
Guidelines include:
Have a single executive sponsor
Involve an experienced project manager
Involve teams that deploy and manage security
Involve legal and human resources personnel
Involve managers and end-users
Provide clear roles and responsibilities for all members
Communicate regularly and clearly
Lesson 3: Identifying Threats to Network Security
• Reasons for Network Attacks
• Stages of Network Attacks
• Types of Network Attacks
• Common Network Vulnerabilities
• STRIDE Threat Model Overview
• Guidelines for Modeling Network Threats
• Countering Network Threats
Stages of Network Attacks
Deny Service
Survey and
Assess
Exploit and Penetrate
Maintain Access
Escalate Privileges
12
3
45
Types of Network Attacks
Types of attack Characteristics
Eavesdropping • An attacker intercepts your communications
Data modification • An attacker alters your data packets
Identity spoofing • An attacker falsifies a source IP address
Password based • An attacker uses a valid account
Denial of service • An attacker prevents access to your computer or network
Man in the middle • An attacker monitors, captures, and controls communication
Compromised key• An attacker obtains a key used for
securing communication
Application layer • An attacker targets an application by deliberately causing an error
Common Network Vulnerabilities
• User rights should be restricted to the minimum requirements to perform necessary tasks
User rights
• Any service or application may have flaws, making the computer vulnerable to attacks
Services
Description Vulnerability
• If auditing is not enabled, you cannot report an attack that has occurredAudit settings
• Password is either too simple or shared among users
Account passwords
STRIDE Threat Model Overview
• The process of making a system or application unavailable
Denial of service
• Attempts to gain access to a system by using a false identity
Spoofing
• Unauthorized modification of dataTampering
• Ability of users to deny that they performed specific actions or transactions
Repudiation
• Unwanted exposure of private data Information disclosure
• Users assume more privileges than the limited privileges granted to them
Elevation of privilege
Guidelines for Modeling Network Threats
Use the following guidelines when modeling threats to your network:
Manage discussions about the validity of a threat
Include specialized network penetration testers
Apply caution when it involves conflict of interests
Consider technology-specific threats
Ensure that you have all the information
Encourage creative thinking among team members
Countering Network Threats
● Use data hashing and signing
● Use digital signatures and strong authorization Tampering
● Use digital signaturesRepudiation
● Use strong authorization and encryptionInformation disclosure
● Use resource and bandwidth throttling techniquesDenial of service
● Follow the principle of least privilege for all resource requests
Elevation of privilege
● Use strong authentication
● Do not pass credentials in plain text over the wireSpoofing
Examples of counter measuresThreat category
Lesson 4: Analyzing Network Security Risks
• Risk Assessment
• Network Assets at Risk
• Calculating Risk Impact
• Microsoft Operations Framework (MOF) Risk Management Process Overview
Risk Assessment
Prioritize security risks
Determine the appropriate level of security
Justify costs
Create metrics
Document all potential security issues
Avoid overlooking critical network security issues
Network Assets at Risk
Asset Example
Hardware
• Desktop and portable computers
• Routers and switches
• Backup media
Software
• Software installation CDs
• Operating system images
• Custom software code
• Virtualized servers
Documentation • Security policies and procedures
• Network diagrams and building plans
Data
• Trade secrets
• Employee information
• Customer information
Impact of a risk is based on:
Calculating Risk Impact
• The probability of the occurrence of the risk • Direct costs such as lost orders during an outage• Indirect costs such as loss of goodwill and loss of
prospective customers
Example:
A Web server, which is vulnerable to one hour of denial-of-service attack, has 1% probability of the occurrence of the risk over the next year. The direct cost of lost orders in that hour is $50,000. The indirect cost involved in loss of customer confidence is $200,000.
Risk impact = .01 x ($50,000 + $200,000) = $2,500Risk impact = .01 x ($50,000 + $200,000) = $2,500
Microsoft Operations Framework (MOF) Risk Management Process
Stage Description
Identifying risks • Identify risks including the cause and consequence
Analyzing and prioritizing risks
• Determine the impact of a risk by using probability of occurrence and cost
Planning and scheduling risk actions
• Determine how risks can be mitigated based on the cost of mitigation and impact of the risks
Tracking and reporting risk
• Gather information about how risks are changing
Controlling risk • Implement appropriate risk actions as risks
change
Learning from risk • Use risk review meetings and a risk knowledge
base to capture information about successful and unsuccessful risk actions
Lesson 5: Defense-in-Depth Model Overview
• Layers of the Defense-in-Depth Model
• Using Defense-in-Depth to Identify Risks
• Using Defense-in-Depth to Mitigate Risks
Using Defense-in-Depth to Identify Risks
Layer Example Risks
Data • Unauthorized viewing, or changing of data
Application • Loss of application functionality
Host • Operating system weakness
Internal network • Packet sniffing and unauthorized use of wireless networks
Perimeter • Attacks from anonymous Internet users
Physical security • A user with direct physical access to a computer can modify it or access data
Polices, procedures, and awareness
• Users and IT staff not following policies due to lack of understanding
Using Defense-in-Depth to Mitigate Risks
Layer Mitigation Examples
Data • Access Control List (ACL) encryption,
Encrypting File System (EFS), and Digital Rights Management (DRM)
Application • Application hardening and antivirus software
Host • Operating system hardening,
authentication, update management, and Network Access Protection
Internal network • Network segmentation, IPsec, and intrusion detection
Perimeter • Firewalls and VPNs
Physical security • Locks and tracking devices
Polices, procedures, and awareness • User education