Describle the principles of secure network design.
• Describle threat identificaion and risk analysis.
• Describle risk managenment and risk avoidance.
• Describle the Cisco SecureX architecture.
• Describle operation security.
• Describle network security testing tools and techniques.
• Describle business continuity and disaster recovery.
• Describle the system development life cycle concept and its
application to a secure network life cycle.
• Describle the purpose and function of a network security policy
82 trang |
Chia sẻ: phuongt97 | Lượt xem: 523 | Lượt tải: 1
Bạn đang xem trước 20 trang nội dung tài liệu Bài giảng CCNA Security - Chapter 9: Managing a Secure Network, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
tructure of a Security Policy
Governing Policy
Refer to 9.7.2.1
Technical
Policies
End-User
Policies
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Governing Policy
Important components:
• A statement of the issue that the
policy addresses.
• How the policy applies in the
environment.
• The roles and responsibilities of
those affected by the policy.
• The actions, activities, and
processes that are allowed and
those that are not.
• The consequences of
noncompliance.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Refer to 9.7.2.2
Technical Policies
• General policies
• E-mail policies
• Remote -access policies
• Telephony policy
• Application policies
• Network policies
• Wireless communication policy
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Refer to 9.7.2.3
End User Policy
• Cover all rules pertaining
to information security that
end users should know
about, comply with, and
implement.
• May overlap with technical
policies.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Refer to 9.7.2.4
Standards, Guidelines, and Procedures
• The security policy
documents are high-level
overview documents
• Standards, guidelines, and
procedures contain the
actual details defined in
the policies
• Each document serves a
different function, covers
different specifications and
targets a different
audience
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Standards Documents
Refer to 9.7.3.2
Standards documents include the technologies that are required for
specific uses, hardware and software versioning requirements,
program requirements, and any other organizational criteria
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Guideline Documents
• Provide a list of suggestions
• Provide flexibility
• Not usually mandatory
• Sources:
Refer to 9.7.3.3
– National Institute of Standards
and Technology (NIST)
Computer Security Resource Center
– National Security Agency (NSA) Security Configuration Guides
– The Common Criteria standard
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Procedure Documents
Refer to 9.7.3.4
Procedure documents include the details of implementation,
usually with step-by-step instructions and graphics
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Roles and Responsibilities
Executive-level management must always be consulted
during security policy creation in order to ensure the policy
is comprehensive, cohesive, and legally binding.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Roles and Responsibilities
• Chief Executive Officer (CEO)
• Chief Technology Officer (CTO)
• Chief Information Officer (CIO)
• Chief Security Officer (CSO)
Refer to 9.7.4.2
• Chief Information Security Officer (CISO)
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Security Awareness Program
• Reflects the business needs of an organization
• Informs users of their IT security responsibilities
• Explains all IT security policy and procedures
• Explains proper rules of behavior for the use of the IT
Refer to 9.7.5
systems and data
• Details sanctions for noncompliance
• Components
– Awareness campaigns
– Training and education
Security
Awareness
Program
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Awareness Campaigns
Methods for increasing
awareness:
• Lectures, videos
• Posters, newsletter
articles, and bulletins
• Awards for good security
practices
• Reminders such as login
banners, mouse pads,
coffee cups, and notepads
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Training and Education
From: IT department
To: all Employees
Subject: Course Offerings
We are currently offering several training opportunities. Please see
the list below and contact your manager if interested.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Success
A successfully implemented security awareness program measurably
reduces unauthorized actions by insiders, increases the effectiveness
of existing controls, and helps fight waste, fraud, and abuse of
information systems resources.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Laws and Ethics
• Types of Laws
– Criminal
– Civil
– Administrative
• Ethics
– Computer Ethics Institute
– Internet Activities Board (IAB)
– Generally Accepted System Security
Principles (GASSP)
– International Information Systems
Security Certification Consortium, Inc
(ISC)2 Code of Ethics
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Refer to 9.7.6
The ISC2 Code of Ethics
• Code of Ethics Preamble
Safety of the commonwealth, duty to our
principals, and to each other requires that
we adhere, and be seen to adhere, to the
highest ethical standards of behavior.
Therefore, strict adherence to this Code is
a condition of certification.
• Code of Ethics Canons
– Protect society, the commonwealth, and the infrastructure.
– Act honorably, honestly, justly, responsibly, and legally.
– Provide diligent and competent service to principals.
– Advance and protect the profession.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Responding to a Security Breach
• Motive answers the question
of why a person (or persons)
committed the illegal act.
• Opportunity answers the
question of when and where
the person committed the
crime.
• Means answers the question
of how the person committed
the crime.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Forensics Procedures
• Proper data collection
• Data chain of custody
• Data storage
• Data backups
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Summary
• Mitigating network attacks requires a comprehensive end-to-end approach.
• Threat identification and risk analysis are the firt steps in creating the
protection strategy.
• Risk management and risk avoidance are tow distinct approaches to
addressing risks.
• Ciso Self-Defending Network provides a comprehensive, end-to-end solution
for network security.
• CSDN solutions include threat control and containment, secure
communications, and operational control and policy management.
• Cisco Security Manager and Cisco MARS provide management solutions for
CSDN.
• The Cisco integrated Security Portfolio of security products designed to meet
the requirements and diverse deploument models of any network
environment.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Summary
• Operations security is an important part of managing a secure network.
• Separation of duties states that no single individual has control over tow
more phases of a transaction or opration.
• Rotation of duties is a security measure in which individuals are given a
specific assignment for a certain amount of time before moving to a new
assignment.
• Trusted recovery is an important principle of operations security.
• Network security testing is a critical process in maintaining a secure
network.
• Nmap and SuperScan are two useful tools for network security testing.
• Tests include network scanning, vulnerability scanning, password cracking,
log review, integrity checking, virus detection, war driving , and penetration
testing.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Summary
• The security policy is an integral component of an
organization’s network security design and
implementation. It answers questions about what assets
are to be protected and how to protect them.
• A security policy typically consists of a goverming policy, a
technical policy, and an end-user policy.
• Standards, guidelines, and procedures contain the details
degined in the policies.
• The policy should set out the various roles and
responsibilities among the IT professionals.
• A securiy awareness program is necessary to ensure all
employees within an organization are aware of and adhere
to the security policies.
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
Các file đính kèm theo tài liệu này:
- bai_giang_ccna_security_chapter_9_managing_a_secure_network.pdf