network domain zach curry, nick tsamis, andrew arvay
TRANSCRIPT
Network DomainZach Curry, Nick Tsamis, Andrew Arvay
Network Administrator Levels Identifies Network Responsibilities Eliminates Excess Costs
Over Training
Training Consistency Divided Into:
Network Administrator Level 1 (NAL1) Network Administrator Level 2 (NAL2) Network Administrator Level 3 (NAL3)
Network Administrator Levels Network Administrator Level 1
End user devices Workstations Local Ethernet Cables VoIP Devices
User Account Management New Users User Groups Removal of Users
Setting File Sharing Permissions Group Based Permissions
Network Administrator Levels Network Administrator Level 2
Network Infrastructure Switches/Routers Cat5E/Cat6 Cabling
Network Backbone Servers Backups Firewall Administration
Network Administrator Levels Network Administrator Level 3
Network Device Certification and Accreditation
Network Documentation Network Topology Continuity Of Operations Plan (COOP)
Network Admin Certification Network Administrator Level 1 (NAL1)
Network+ Certification Used to measure skill as a network technician
Hardware Software Installation Troubleshooting Connections OSI Model LAN/WAN Protocols
Network Admin Certification Network Administrator Level 2 (NAL2)
Security+ Certification Computer Security
Cryptography Access Control Disaster Recovery Risk Management Network Security Compliance and Operational Security Threats and Vulnerabilities Application, Data, and Host Security Identity Management
Network Admin Certification Network Administrator Level 3 (NAL3)
CISSP Certification Certified Information Systems Security Professional
Access Control Systems & Methodology Applications & Systems Development Business Continuity & Disaster Recovery Planning Cryptography Law, Investigation & Ethics Operations Security (Computer) Physical Security Security Architecture, Models, & Management Practices Telecommunications & Network Security
Continuity Of Operations Plan (COOP) Backups
Frequency Type
Full Incremental Differential
Retention Offsite Location
Continuity Of Operations Plan (COOP) Redundancy
Services Primary Domain Controller (PDC/BDC) DHCP/DNS
Network Core Routers Switches
Power UPS Circuits
Continuity Of Operations Plan (COOP)
Natural Disasters Fire Flooding Tornadoes Hurricane Earthquake
Power Loss
Hot/Cold Alternate Backbone
Continuity Of Operations Plan (COOP)
Device Certification and Accreditation Due Diligence Network Devices Meet
Security Requirements Policy Requirements Clearance Requirements
Can affect security requirements
Continuous Process Cradle to Grave
Network Defense Testing Practice As You Play
Password Cracking Phishing Attempts Blue Team Red Team
Detailed Reports Action Requirements Resolution Deadlines
Personnel Decertification Procedures Notify Helpdesk/Security Manager
Leaving Decertification Relocation
Permissions Applied As Groups Group Y has write access to resource X
Removal From Group = Removed Access Much more efficient vs. User-based permissions
Network Topology Physical – The way devices are laid out in a network
Example: Ring, Star, Bus, etc
Logical – How signals behave on the network Example: Ethernet
Network Segmentation Keep traffic separate Network load
Load balancing
VLANs Traffic types
IPS/IDS Intrusion Prevention/Detection System Log and alert on suspicious activity Firewalls DMZ
Hardening and Patching Keep security software and operating systems up to date Properly configure network devices to close security holes Only expose needed services on the network
IP Addressing Create subnets to segment traffic Private IP subnets:
192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
Reserve IPs for critical devices IPv6 & IPv4
QoS Policy Quality of Service Deals with network contention Telephony Protocols
WAN Encryption Policy Depending on the sensitivity of the information, different
network requirements may exist for different hardware Classified information/hardware should always be encrypted and must stay on
classified networks Non-classified and classified networks should be physically separated
Sensitive information that traverses a public network should be encrypted BEFORE it leaves the private network
Have no idea who’s snooping it once it leaves
Classified and Non-classified networks must remain independent Classified information should never be accessible from a non-
classified network; The network should enforce that unauthorized hardware and software not run where prohibited
WAN Encryption - VPN Virtual Private Network
Allows the extension of a private network across a public network (internet) Encryption should always be used when passing data across public networks
A VPN creates an encrypted ‘tunnel’ through which a remote client can connect to an enterprise network for instance – Host to Gateway
image credit: wikipedia
– Employees may be required to use a server on the private network. A VPN can allow that employee to securely access private resources remotely
– Gateway to Gateway connections allow a regional office’s network to connect to the head office’s network
Incident Response For the purposes of IT, incidents are observed when
normal network operation is disturbed; some level of crisis may be observed. DOS (intentional or unintentional) Classified information leak Others (Power outage/flood/brownout/cable or router failure)
The purpose of Incident Response is to minimize the impact that the incident causes both immediately and may potentially create in the future.1.Identify the incident.2.Gather necessary resources for response.3.Execute applicable incident response plan.
Incident Response Requirements Need to have response teams and plans in place
Security team and plan should be updated to address specific incident concerns
Plan needs to be THOROUGH and COMPLETE. May have the need for several different kinds of plans.
‘Big red button’ plans Minimize number and severity of security incidents Contain damage; minimize additional/ongoing, risks What actions are to be taken against discovered
attackers/offenders; lawsuit/Employee reprimand/etc Specify the appropriate personnel
Avoid “Too many cooks in the kitchen”
Financial Responsibility Distribution
Insurance coverage may apply; must fulfill all insurance requirements
Federal implications, e.g. HIPAA/ICO/PCI-DSS Ensure compliance to auditing authorities:
Information privacy - ICO (UK) HIPAA – department of HHS
PlayStation Network data leak ended in ~$300k fines Credit card numbers remained encrypted
Other personal information was not, however Attack was found to be ‘preventable’
(pwned)
Financial Responsibility Distribution Who is responsible for paying for what resources in a given enterprise? Must have a plan in place to define who pays for what in order to avoid
finger pointing! Especially important to have this defined in critical situations (incident response)
Example: data storage in an academic environment Professor may utilize computing resources more than others for research outside
of the institution’s scope
Network Authentication Used to verify identity
User is who they say they are Multi-factor authentication: more than one factor Authentication factors:
1. Knowledge: something user knows e.g.: password2. Possession: something user has e.g.: token3. Inherence : something user is e.g.: retinal scan
Physical Security Policy Least Privilege - basic pillar of security
Access rights are set at the minimum required level in order to perform job duties
Principle of effectiveness: Must be using security controls properly in order for them to be effective
(e.g.: Locks do no good if the key is in the lock) Separation of duty
`
Network Infrastructure Security Two levels of security:1.Basic physical perimeter security on campus
Shared facilities can create cause for concern Workstations should remain locked and protected by the main physical perimeter at least
2.Controlled, monitored access around critical infrastructure devices (e.g.: sever room, building network switch)
All employees don’t need access to the server room Should employ a security mechanism independent of the campus security
All employee accessRestricted access
Server room
Building switch
Switch Switch
Switch Switch
Enterprise campus
Questions?
References http://technet.microsoft.com http://www.techsecuritytoday.com/index.php/entry/who-ultimately-pays-for-a-security-breach http://www.bu.edu/tech/files/2010/01/sc02_enterasys.pdf http://
www.abetterkeywaylocksmith.com/images/content/cabinet-key-services.jpg?nxg_versionuid=published
http://docs.oracle.com/cd/B10501_01/network.920/a96582/scn81082.gif http://www.confidenttechnologies.com/files/Post%20it%20note%20password.jpg http://img.tfd.com/cde/_SECURID.GIF http://webdesignlists.com/wp-content/uploads/2012/09/retinal-scan.jpg http://4.bp.blogspot.com/_2ZvV0BgOUE0/TGikpYJwKYI/AAAAAAAAA4Q/5RgEQ9TR1zg/s1600/
shrug.jpg http://commons.wikimedia.org/wiki/File:Finger-pointing-icon.png http://commons.wikimedia.org/wiki/File:DHS_Network_Topology.jpg http://en.wikipedia.org/wiki/CompTIA https://www.isc2.org/CISSP/Default.aspx