Network DomainZach Curry, Nick Tsamis, Andrew Arvay

Network Administrator Levels Identifies Network Responsibilities Eliminates Excess Costs

Over Training

Training Consistency Divided Into:

Network Administrator Level 1 (NAL1) Network Administrator Level 2 (NAL2) Network Administrator Level 3 (NAL3)

Network Administrator Levels Network Administrator Level 1

End user devices Workstations Local Ethernet Cables VoIP Devices

User Account Management New Users User Groups Removal of Users

Setting File Sharing Permissions Group Based Permissions

Network Administrator Levels Network Administrator Level 2

Network Infrastructure Switches/Routers Cat5E/Cat6 Cabling

Network Backbone Servers Backups Firewall Administration

Network Administrator Levels Network Administrator Level 3

Network Device Certification and Accreditation

Network Documentation Network Topology Continuity Of Operations Plan (COOP)

Network Admin Certification Network Administrator Level 1 (NAL1)

Network+ Certification Used to measure skill as a network technician

Hardware Software Installation Troubleshooting Connections OSI Model LAN/WAN Protocols

Network Admin Certification Network Administrator Level 2 (NAL2)

Security+ Certification Computer Security

Cryptography Access Control Disaster Recovery Risk Management Network Security Compliance and Operational Security Threats and Vulnerabilities Application, Data, and Host Security Identity Management

Network Admin Certification Network Administrator Level 3 (NAL3)

CISSP Certification Certified Information Systems Security Professional

Access Control Systems & Methodology Applications & Systems Development Business Continuity & Disaster Recovery Planning Cryptography Law, Investigation & Ethics Operations Security (Computer) Physical Security Security Architecture, Models, & Management Practices Telecommunications & Network Security

Continuity Of Operations Plan (COOP) Backups

Frequency Type

Full Incremental Differential

Retention Offsite Location

Continuity Of Operations Plan (COOP) Redundancy

Services Primary Domain Controller (PDC/BDC) DHCP/DNS

Network Core Routers Switches

Power UPS Circuits

Continuity Of Operations Plan (COOP)

Natural Disasters Fire Flooding Tornadoes Hurricane Earthquake

Power Loss

Hot/Cold Alternate Backbone

Continuity Of Operations Plan (COOP)

Device Certification and Accreditation Due Diligence Network Devices Meet

Security Requirements Policy Requirements Clearance Requirements

Can affect security requirements

Continuous Process Cradle to Grave

Network Defense Testing Practice As You Play

Password Cracking Phishing Attempts Blue Team Red Team

Detailed Reports Action Requirements Resolution Deadlines

Personnel Decertification Procedures Notify Helpdesk/Security Manager

Leaving Decertification Relocation

Permissions Applied As Groups Group Y has write access to resource X

Removal From Group = Removed Access Much more efficient vs. User-based permissions

Network Topology Physical – The way devices are laid out in a network

Example: Ring, Star, Bus, etc

Logical – How signals behave on the network Example: Ethernet

Network Segmentation Keep traffic separate Network load

Load balancing

VLANs Traffic types

IPS/IDS Intrusion Prevention/Detection System Log and alert on suspicious activity Firewalls DMZ

Hardening and Patching Keep security software and operating systems up to date Properly configure network devices to close security holes Only expose needed services on the network

IP Addressing Create subnets to segment traffic Private IP subnets:

192.168.0.0/16 172.16.0.0/12 10.0.0.0/8

Reserve IPs for critical devices IPv6 & IPv4

QoS Policy Quality of Service Deals with network contention Telephony Protocols

WAN Encryption Policy Depending on the sensitivity of the information, different

network requirements may exist for different hardware Classified information/hardware should always be encrypted and must stay on

classified networks Non-classified and classified networks should be physically separated

Sensitive information that traverses a public network should be encrypted BEFORE it leaves the private network

Have no idea who’s snooping it once it leaves

Classified and Non-classified networks must remain independent Classified information should never be accessible from a non-

classified network; The network should enforce that unauthorized hardware and software not run where prohibited

WAN Encryption - VPN Virtual Private Network

Allows the extension of a private network across a public network (internet) Encryption should always be used when passing data across public networks

A VPN creates an encrypted ‘tunnel’ through which a remote client can connect to an enterprise network for instance – Host to Gateway

image credit: wikipedia

– Employees may be required to use a server on the private network. A VPN can allow that employee to securely access private resources remotely

– Gateway to Gateway connections allow a regional office’s network to connect to the head office’s network

Incident Response For the purposes of IT, incidents are observed when

normal network operation is disturbed; some level of crisis may be observed. DOS (intentional or unintentional) Classified information leak Others (Power outage/flood/brownout/cable or router failure)

The purpose of Incident Response is to minimize the impact that the incident causes both immediately and may potentially create in the future.1.Identify the incident.2.Gather necessary resources for response.3.Execute applicable incident response plan.

Incident Response Requirements Need to have response teams and plans in place

Security team and plan should be updated to address specific incident concerns

Plan needs to be THOROUGH and COMPLETE. May have the need for several different kinds of plans.

‘Big red button’ plans Minimize number and severity of security incidents Contain damage; minimize additional/ongoing, risks What actions are to be taken against discovered

attackers/offenders; lawsuit/Employee reprimand/etc Specify the appropriate personnel

Avoid “Too many cooks in the kitchen”

Financial Responsibility Distribution

Insurance coverage may apply; must fulfill all insurance requirements

Federal implications, e.g. HIPAA/ICO/PCI-DSS Ensure compliance to auditing authorities:

Information privacy - ICO (UK) HIPAA – department of HHS

PlayStation Network data leak ended in ~$300k fines Credit card numbers remained encrypted

Other personal information was not, however Attack was found to be ‘preventable’

(pwned)

Financial Responsibility Distribution Who is responsible for paying for what resources in a given enterprise? Must have a plan in place to define who pays for what in order to avoid

finger pointing! Especially important to have this defined in critical situations (incident response)

Example: data storage in an academic environment Professor may utilize computing resources more than others for research outside

of the institution’s scope

Network Authentication Used to verify identity

User is who they say they are Multi-factor authentication: more than one factor Authentication factors:

1. Knowledge: something user knows e.g.: password2. Possession: something user has e.g.: token3. Inherence : something user is e.g.: retinal scan

Physical Security Policy Least Privilege - basic pillar of security

Access rights are set at the minimum required level in order to perform job duties

Principle of effectiveness: Must be using security controls properly in order for them to be effective

(e.g.: Locks do no good if the key is in the lock) Separation of duty

`

Network Infrastructure Security Two levels of security:1.Basic physical perimeter security on campus

Shared facilities can create cause for concern Workstations should remain locked and protected by the main physical perimeter at least

2.Controlled, monitored access around critical infrastructure devices (e.g.: sever room, building network switch)

All employees don’t need access to the server room Should employ a security mechanism independent of the campus security

All employee accessRestricted access

Server room

Building switch

Switch Switch

Switch Switch

Enterprise campus

Questions?

References http://technet.microsoft.com http://www.techsecuritytoday.com/index.php/entry/who-ultimately-pays-for-a-security-breach http://www.bu.edu/tech/files/2010/01/sc02_enterasys.pdf http://

www.abetterkeywaylocksmith.com/images/content/cabinet-key-services.jpg?nxg_versionuid=published

http://docs.oracle.com/cd/B10501_01/network.920/a96582/scn81082.gif http://www.confidenttechnologies.com/files/Post%20it%20note%20password.jpg http://img.tfd.com/cde/_SECURID.GIF http://webdesignlists.com/wp-content/uploads/2012/09/retinal-scan.jpg http://4.bp.blogspot.com/_2ZvV0BgOUE0/TGikpYJwKYI/AAAAAAAAA4Q/5RgEQ9TR1zg/s1600/

shrug.jpg http://commons.wikimedia.org/wiki/File:Finger-pointing-icon.png http://commons.wikimedia.org/wiki/File:DHS_Network_Topology.jpg  http://en.wikipedia.org/wiki/CompTIA https://www.isc2.org/CISSP/Default.aspx