Secure
Secure
Securing the network involves the intelligent placement of
security devices such as firewalls, IDS, and other systems. Before doing so,
however, the security team should have a detailed knowledge of the network in
which they work. This involves gathering and understanding attributes such as
overall network size and topology, ingress and egress points, service locations,
and general application flow parameters. Understanding the traffic and how it
flows across the network is an essential step in security implementations.
Securing the network also involves the security policy established
in the first step of the methodology. Each network and organization differs in
their needs, which is why a tuned security policy is necessary. Security
administrators will find that the following security solutions are required:
-
Access Control
-
Encryption
-
Authentication
-
Vulnerability Patching
Access Control
Access control mechanisms can take many forms. Perimeter
barrier devices are often first considered when securing a network. Firewalls in
the form of packet filters, proxies, and stateful inspection devices are all
helpful agents in permitting or denying specific traffic through the network.
Access controls also exist on end systems in the form of a privilege level for
access to resources, configuration files, or data.
|
Note |
Securing the enterprise requires intimate knowledge of your
infrastructure including network design, services locations, and data traffic
flow attri-butes, among others. Knowing these details allows you to place IDS
and perimeter security devices such as firewalls in the most effective locations
to prevent unwanted intrusions. Without this knowledge, administrators will
waste corporate resources by over-deploying security infrastructure, or worse,
missing unseen attack avenues into the enterprise. |
Encryption
Encryption in the form of IPSec, PPTP, or other protocols
can help ensure confidentiality of data transport within networks and between
networks. Virtual Private Networks (VPNs) are often cost-effective measures to
facilitate private communication across a shared network infrastructure.
Authentication
After thorough planning, security support infrastructure
such as authentication, authorization, and accounting (AAA) systems can be
implemented to provide verification for access and privilege control through
firewalls and VPNs to services. Cisco offers Secure Access Control (ACS) as a
means of implementing AAA. Several varying degrees of authentication can be
integrated with AAA such as clear-text passwords, Microsoft CHAP, S/Key and
SecurID. Administrators should set up logging capabilities for historical and
forensic data analysis and monitoring.
Vulnerability Patching
Securing the network also means securing the systems on
which services reside. Staying current with patches, operating systems, and
application software revisions can mitigate commonly used attack vectors. Policy
should dictate regular and systematic upgrades to organizations' software-based
systems.
Administrators should regularly check for security patch updates
on vendor web sites and newsgroups. Some examples of vendor patch and security
advisory web sites are:
Finally, securing the network includes the implementation of
physical security measures. The best network security methods can prove
meaningless without solid security to protect against physical access to
servers, firewalls, and other network equipment. Cipher systems, and identity
cards and verification systems are all examples of ways to improve physical
security.
145 times read
|
|
|
Did you enjoy this article?
(total 0 votes)
|
Sections
Comments (0 posted)
Syndication
