Network Security Overview - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Network Security Overview

Description:

The Need for Security Then. Network designed and implemented in a corporate environment ... Securing data from prying eyes. Integrity. Authenticating the source ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 20
Provided by: markmc82
Category:

less

Transcript and Presenter's Notes

Title: Network Security Overview


1
Network Security Overview
  • By
  • Bob Larson

2
Security Concerns
Privacy
Pornography
Viruses
Hacktivism
Unauthorized Access
Public Confidence
Information Theft

Denial of Service
Industrial Espionage
3
The Need for Security Then
Network designed and implemented in a corporate
environment Providing connectivity only to known
parties and sites No connections to public
networks
4
The Need for Security Now
5
Securing Network Resources
  • Hardware threats
  • Environmental threats
  • Electrical threats
  • Maintenance threats

6
Trends Affecting Network Security
What motivates companies?
7
Security Expectations
  • Users can perform only authorized tasks
  • Users can obtain only authorized information
  • Users cant cause damage to
  • Data
  • Applications
  • Operating environment of a system

8
The Goals of Network Security
  • Confidentiality
  • Securing data from prying eyes
  • Integrity
  • Authenticating the source
  • Is the sender who they claim to be
  • Authenticating the data
  • Has the data been modified
  • Availability
  • Users need reasonable access to data they are
    authorized to use

9
Security Awareness
  • Security techniques and technologies
  • Methodologies for evaluating (not the same)
  • Threats
  • Vulnerabilities
  • Risk
  • Selection criteria and planning required to
    implement controls
  • What if security is not maintained
  • What is at risk
  • What is the cost if a breach occurs (all costs)
  • Financial
  • Reputation
  • Loss of the resource
  • Loss of competitive advantage

10
Threats, Vulnerabilities and Risk
  • Threats
  • Something bad
  • Something that can cause harm
  • Vulnerabilities
  • Susceptible to attack or harm
  • Without adequate protection
  • Risks
  • Chance of something happening
  • Statistical odds

11
Threats and Consequences
12
Network Security Weaknesses
  • Technology weaknesses
  • Configuration weaknesses
  • Security policy weaknesses

13
Technology Weaknesses
  • All computer and network technologies have
    inherent security weaknesses or vulnerabilities.
  • Dont overlook
  • Hardware issues
  • Operating System issues
  • Network protocol issues (even TCP/IP)
  • Application vulnerabilities

14
Configuration Weaknesses
  • Insecure default settings
  • If you left the defaults, you are dead.
  • Misconfigured network equipment
  • A little knowledge is a dangerous thing
  • Insecure user accounts/passwords
  • End-users cant be trusted to use strong pws.
  • Misconfigured Internet services
  • HTTP, Java, CGI, unneeded services.

15
What Is a Security Policy?
  • A security policy is a formal statement of the
    rules by which people who are given access to an
    organizations technology and information assets
    must abide.
  • RFC 2196, Site Security Handbook

Could be applied to a family with kids!
16
Security Policy Weaknesses
  • Lack of a written security policy
  • Internal politics
  • Lack of business continuity
  • Turnover in staff/management can be devastating
  • Logical access controls to network equipment not
    applied
  • Security administration is lax, including
    monitoring and auditing
  • Lack of awareness of having been attacked
  • Software or hardware installation and changes
    that dont follow the policy
  • Security incident and disaster recovery
    procedures not in place

17
Security Resources
  • SecurityFocus.comhttp//www.securityfocus.com
  • SANShttp//www.sans.org
  • Security Policy Project free templates
  • Masters Degrees in Security
  • CERThttp//www.cert.org
  • Center of Internet security expertise at Carnegie
    Mellon U
  • CIAChttp//www.ciac.org/ciac
  • US Dept of Energy
  • CVEhttp//cve.mitre.org
  • Common Vulnerabilities and Exposures Homeland
    Security
  • Computer Security Institutehttp//www.gocsi.com
  • Center for Internet Securityttp//www.cisecurity.
    org

18
National Security Agency (NSA) Guides
http//www.nsa.gov/snac/
19
Fin
Write a Comment
User Comments (0)
About PowerShow.com