1 / 32

Network Domain

Network Domain. Zach Curry, Nick Tsamis, Andrew Arvay. Network Administrator Levels. Identifies Network Responsibilities Eliminates Excess Costs Over Training Training Consistency Divided Into: Network Administrator Level 1 (NAL1) Network Administrator Level 2 (NAL2)

kasi
Download Presentation

Network Domain

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Domain Zach Curry, Nick Tsamis, Andrew Arvay

  2. Network Administrator Levels • Identifies Network Responsibilities • Eliminates Excess Costs • Over Training • Training Consistency • Divided Into: • Network Administrator Level 1 (NAL1) • Network Administrator Level 2 (NAL2) • Network Administrator Level 3 (NAL3)

  3. Network Administrator Levels • Network Administrator Level 1 • End user devices • Workstations • Local Ethernet Cables • VoIP Devices • User Account Management • New Users • User Groups • Removal of Users • Setting File Sharing Permissions • Group Based Permissions

  4. Network Administrator Levels • Network Administrator Level 2 • Network Infrastructure • Switches/Routers • Cat5E/Cat6 Cabling • Network Backbone • Servers • Backups • Firewall Administration

  5. Network Administrator Levels • Network Administrator Level 3 • Network Device Certification and Accreditation • Network Documentation • Network Topology • Continuity Of Operations Plan (COOP)

  6. Network Admin Certification • Network Administrator Level 1 (NAL1) • Network+ Certification • Used to measure skill as a network technician • Hardware • Software • Installation • Troubleshooting • Connections • OSI Model • LAN/WAN Protocols

  7. Network Admin Certification • Network Administrator Level 2 (NAL2) • Security+ Certification • Computer Security • Cryptography • Access Control • Disaster Recovery • Risk Management • Network Security • Compliance and Operational Security • Threats and Vulnerabilities • Application, Data, and Host Security • Identity Management

  8. Network Admin Certification • Network Administrator Level 3 (NAL3) • CISSP Certification • Certified Information Systems Security Professional • Access Control Systems & Methodology • Applications & Systems Development • Business Continuity & Disaster Recovery Planning • Cryptography • Law, Investigation & Ethics • Operations Security (Computer) • Physical Security • Security Architecture, Models, & Management Practices • Telecommunications & Network Security

  9. Continuity Of Operations Plan (COOP) • Backups • Frequency • Type • Full • Incremental • Differential • Retention • Offsite Location

  10. Continuity Of Operations Plan (COOP) • Redundancy • Services • Primary Domain Controller (PDC/BDC) • DHCP/DNS • Network • Core Routers • Switches • Power • UPS • Circuits

  11. Continuity Of Operations Plan (COOP) • Natural Disasters • Fire • Flooding • Tornadoes • Hurricane • Earthquake • Power Loss • Hot/Cold Alternate Backbone

  12. Continuity Of Operations Plan (COOP)

  13. Device Certification and Accreditation • Due Diligence • Network Devices Meet • Security Requirements • Policy Requirements • Clearance Requirements • Can affect security requirements • Continuous Process • Cradle to Grave

  14. Network Defense Testing • Practice As You Play • Password Cracking • Phishing Attempts • Blue Team • Red Team • Detailed Reports • Action Requirements • Resolution Deadlines

  15. Personnel Decertification Procedures • Notify Helpdesk/Security Manager • Leaving • Decertification • Relocation • Permissions Applied As Groups • Group Y has write access to resource X • Removal From Group = Removed Access • Much more efficient vs. User-based permissions

  16. Network Topology • Physical – The way devices are laid out in a network • Example: Ring, Star, Bus, etc • Logical – How signals behave on the network • Example: Ethernet

  17. Network Segmentation • Keep traffic separate • Network load • Load balancing • VLANs • Traffic types

  18. IPS/IDS • Intrusion Prevention/Detection System • Log and alert on suspicious activity • Firewalls • DMZ

  19. Hardening and Patching • Keep security software and operating systems up to date • Properly configure network devices to close security holes • Only expose needed services on the network

  20. IP Addressing • Create subnets to segment traffic • Private IP subnets: • 192.168.0.0/16 • 172.16.0.0/12 • 10.0.0.0/8 • Reserve IPs for critical devices • IPv6 & IPv4

  21. QoS Policy • Quality of Service • Deals with network contention • Telephony • Protocols

  22. WAN Encryption Policy • Depending on the sensitivity of the information, different network requirements may exist for different hardware • Classified information/hardware should always be encrypted and must stay on classified networks • Non-classified and classified networks should be physically separated • Sensitive information that traverses a public network should be encrypted BEFORE it leaves the private network • Have no idea who’s snooping it once it leaves • Classified and Non-classified networks must remain independent • Classified information should never be accessible from a non-classified network; The network should enforce that unauthorized hardware and software not run where prohibited

  23. WAN Encryption - VPN • Virtual Private Network • Allows the extension of a private network across a public network (internet) • Encryption should always be used when passing data across public networks • A VPN creates an encrypted ‘tunnel’ through which a remote client can connect to an enterprise network for instance – Host to Gateway • Employees may be required to use a server on the private network. A VPN can allow that employee to securely access private resources remotely • Gateway to Gateway connections allow a regional office’s network to connect to the head office’s network image credit: wikipedia

  24. Incident Response • For the purposes of IT, incidents are observed when normal network operation is disturbed; some level of crisis may be observed. • DOS (intentional or unintentional) • Classified information leak • Others (Power outage/flood/brownout/cable or router failure) • The purpose of Incident Response is to minimize the impact that the incident causes both immediately and may potentially create in the future. • Identify the incident. • Gather necessary resources for response. • Execute applicable incident response plan.

  25. Incident Response Requirements • Need to have response teams and plans in place • Security team and plan should be updated to address specific incident concerns • Plan needs to be THOROUGH and COMPLETE. May have the need for several different kinds of plans. • ‘Big red button’ plans • Minimize number and severity of security incidents • Contain damage; minimize additional/ongoing, risks • What actions are to be taken against discovered attackers/offenders; lawsuit/Employee reprimand/etc • Specify the appropriate personnel • Avoid “Too many cooks in the kitchen”

  26. Financial Responsibility Distribution • Insurance coverage may apply; must fulfill all insurance requirements • Federal implications, e.g. HIPAA/ICO/PCI-DSS • Ensure compliance to auditing authorities: • Information privacy - ICO (UK) • HIPAA – department of HHS • PlayStation Network data leak ended in ~$300k fines • Credit card numbers remained encrypted • Other personal information was not, however • Attack was found to be ‘preventable’ (pwned)

  27. Financial Responsibility Distribution • Who is responsible for paying for what resources in a given enterprise? • Must have a plan in place to define who pays for what in order to avoid finger pointing! • Especially important to have this defined in critical situations (incident response) • Example: data storage in an academic environment • Professor may utilize computing resources more than others for research outside of the institution’s scope

  28. Network Authentication • Used to verify identity • User is who they say they are • Multi-factor authentication: more than one factor • Authentication factors: • Knowledge: something user knows e.g.: password • Possession: something user has e.g.: token • Inherence : something user is e.g.: retinal scan

  29. Physical Security Policy • Least Privilege - basic pillar of security • Access rights are set at the minimum required level in order to perform job duties • Principle of effectiveness: • Must be using security controls properly in order for them to be effective (e.g.: Locks do no good if the key is in the lock) • Separation of duty `

  30. Network Infrastructure Security • Two levels of security: • Basic physical perimeter security on campus • Shared facilities can create cause for concern • Workstations should remain locked and protected by the main physical perimeter at least • Controlled, monitored access around critical infrastructure devices (e.g.: sever room, building network switch) • All employees don’t need access to the server room • Should employ a security mechanism independent of the campus security All employee access Restricted access Server room Building switch Enterprise campus Switch Switch Switch Switch

  31. Questions?

  32. References • http://technet.microsoft.com • http://www.techsecuritytoday.com/index.php/entry/who-ultimately-pays-for-a-security-breach • http://www.bu.edu/tech/files/2010/01/sc02_enterasys.pdf • http://www.abetterkeywaylocksmith.com/images/content/cabinet-key-services.jpg?nxg_versionuid=published • http://docs.oracle.com/cd/B10501_01/network.920/a96582/scn81082.gif • http://www.confidenttechnologies.com/files/Post%20it%20note%20password.jpg • http://img.tfd.com/cde/_SECURID.GIF • http://webdesignlists.com/wp-content/uploads/2012/09/retinal-scan.jpg • http://4.bp.blogspot.com/_2ZvV0BgOUE0/TGikpYJwKYI/AAAAAAAAA4Q/5RgEQ9TR1zg/s1600/shrug.jpg • http://commons.wikimedia.org/wiki/File:Finger-pointing-icon.png • http://commons.wikimedia.org/wiki/File:DHS_Network_Topology.jpg • http://en.wikipedia.org/wiki/CompTIA • https://www.isc2.org/CISSP/Default.aspx

More Related