The Network Security Wheel

Most security incidents occur because system administrators do not implement available countermeasures, and attackers or disgruntled employees exploit the oversight. Therefore, the issue is not just one of confirming that a technical vulnerability exists and finding a countermeasure that works, it is also critical to verify that the countermeasure is in place and working properly.
To assist with the compliance of a security policy, the Security Wheel, a continuous process, has proven to be an effective approach. The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis.

To begin the Security Wheel process, first develop a security policy that enables the application of security measures. A security policy includes the following:
Identifies the security objectives of the organization.
Documents the resources to be protected.
Identifies the network infrastructure with current maps and inventories.
Identifies the critical resources that need to be protected, such as research and development, finance, and human resources. This is called a risk analysis.
The security policy is the hub upon which the four steps of the Security Wheel are based. The steps are secure, monitor, test, and improve.
Step 1: Secure
Secure the network by applying the security policy and implementing the following security solutions:
Threat defense
Stateful inspection and packet filtering-Filter network traffic to allow only valid traffic and services.
Note: Stateful inspection refers to a firewall keeping information on the state of a connection in a state table so that it can recognize changes in the connection that could mean an attacker is attempting to hijack a session or otherwise manipulate a connection.
Intrusion prevention systems-Deploy at the network and host level to actively stop malicious traffic.
Vulnerability patching-Apply fixes or measures to stop the exploitation of known vulnerabilities.
Disable unnecessary services-The fewer services that are enabled, the harder it is for attackers to gain access.
Secure connectivity
VPNs-Encrypt network traffic to prevent unwanted disclosure to unauthorized or malicious individuals.
Trust and identity-Implement tight constraints on trust levels within a network. For example, systems on the outside of a firewall should never be absolutely trusted by systems on the inside of a firewall.
Authentication-Give access to authorized users only. One example of this is using one-time passwords.
Policy enforcement-Ensure that users and end devices are in compliance with the corporate policy.
Step 2: Monitor
Monitoring security involves both active and passive methods of detecting security violations. The most commonly used active method is to audit host-level log files. Most operating systems include auditing functionality. System administrators must enable the audit system for every host on the network and take the time to check and interpret the log file entries.
Passive methods include using IDS devices to automatically detect intrusion. This method requires less attention from network security administrators than active methods. These systems can detect security violations in real time and can be configured to automatically respond before an intruder does any damage.
An added benefit of network monitoring is the verification that the security measures implemented in step 1 of the Security Wheel have been configured and are working properly.
Step 3: Test
In the testing phase of the Security Wheel, the security measures are proactively tested. Specifically, the functionality of the security solutions implemented in step 1 and the system auditing and intrusion detection methods implemented in step 2 are verified. Vulnerability assessment tools such as SATAN, Nessus, or Nmap are useful for periodically testing the network security measures at the network and host level.
Step 4: Improve
The improvement phase of the Security Wheel involves analyzing the data collected during the monitoring and testing phases. This analysis contributes to developing and implementing improvement mechanisms that augment the security policy and results in adding items to step 1. To keep a network as secure as possible, the cycle of the Security Wheel must be continually repeated, because new network vulnerabilities and risks are emerging every day.
With the information collected from the monitoring and testing phases, IDSs can be used to implement improvements to the security. The security policy should be adjusted as new security vulnerabilities and risks are discovered.


Post a Comment


NBA Live Streaming. Copyright 2008 All Rights Reserved Revolution Two Church theme by Brian Gardner Converted into Blogger Template by Bloganol dot com | Distributed by Blogger Templates Blog