IDS MC and Security Policy

IDS MC and Security Policy

Designing & Planning: Cisco Security Wheel

Network security methodology has become increasingly important in driving the overall security of a network. The "old-world" enterprise network security philosophy calls for the development of a security policy first and only then are security products deployed. Once the network is secured, it may be inspected once in a while to identify any potential issues. Any security incidents are then handled on a case-by-case basis.

The Security Wheel is a concept whereby the corporate security policy forms the hub around which all network security practices are based. This methodology evolved as an alternative to the traditional approach to network security. As in the "old-world" approach, the security policy is developed first and then the network is secured according to the policy documents. Also, as in the "old-world" approach, the network is monitored for events and any incidents are handled appropriately. However, where the Security Wheel goes further than the traditional "old-world" approach is that the Security Wheel calls for the testing of network security and the results of that testing are then fed back into the security process to manage and improve the state of the network's security posture. (This concept is shown in Figure 10.2.)

Figure 10.2: The Cisco Security Wheel

The security policy must clearly state the organization's stance and objectives with regards to security issues. Typically, a security policy is not a single document but a group of documents that provide a high-level overview of security implementation in the network. The policy should document resources to protect and identify the network infrastructure and architecture in general. Finally, the security policy should clearly identify any critical resources that require additional protection. Intrusion detection can be seen as an extension of the network security policy. In many respects, IDS can be considered the enforcement of that policy because it provides a continual audit of the network traffic. An in-depth discussion of the development of a security policy is beyond the scope of this chapter as well as this book. For a more detailed discussion of security policies and how to develop them, please refer to the bibliography at the end of the chapter.