Network Domain Zach Curry, Nick Tsamis, Andrew Arvay Network Administrator Levels Identifies Network Responsibilities Eliminates Excess Costs Over Training Training Consistency Divided Into: Network Administrator Level 1 (NAL1) Network Administrator Level 2 (NAL2) Network Administrator Level 3 (NAL3) Network Administrator Levels Network Administrator Level 1 End user devices Workstations Local Ethernet Cables VoIP Devices User Account Management New Users User Groups Removal of Users Setting File Sharing Permissions Group Based Permissions Network Administrator Levels Network Administrator Level 2 Network Infrastructure Switches/Routers Cat5E/Cat6 Cabling Network Backbone Servers Backups Firewall Administration Network Administrator Levels Network Administrator Level 3 Network Device Certification and Accreditation Network Documentation Network Topology Continuity Of Operations Plan (COOP) Network Admin Certification Network Administrator Level 1 (NAL1) Network+ Certification Used to measure skill as a network technician Hardware Software Installation Troubleshooting Connections OSI Model LAN/WAN Protocols Network Admin Certification Network Administrator Level 2 (NAL2) Security+ Certification Computer Security Cryptography Access Control Disaster Recovery Risk Management Network Security Compliance and Operational Security Threats and Vulnerabilities Application, Data, and Host Security Identity Management Network Admin Certification Network Administrator Level 3 (NAL3) CISSP Certification Certified Information Systems Security Professional Access Control Systems & Methodology Applications & Systems Development Business Continuity & Disaster Recovery Planning Cryptography Law, Investigation & Ethics Operations Security (Computer) Physical Security Security Architecture, Models, & Management Practices Telecommunications & Network Security Continuity Of Operations Plan (COOP) Backups Frequency Type Full Incremental Differential Retention Offsite Location Continuity Of Operations Plan (COOP) Redundancy Services Primary Domain Controller (PDC/BDC) DHCP/DNS Network Core Routers Switches Power UPS Circuits Continuity Of Operations Plan (COOP) Natural Disasters Fire Flooding Tornadoes Hurricane Earthquake Power Loss Hot/Cold Alternate Backbone Continuity Of Operations Plan (COOP) Device Certification and Accreditation Due Diligence Network Devices Meet Security Requirements Policy Requirements Clearance Requirements Can affect security requirements Continuous Process Cradle to Grave Network Defense Testing Practice As You Play Password Cracking Phishing Attempts Blue Team Red Team Detailed Reports Action Requirements Resolution Deadlines Personnel Decertification Procedures Notify Helpdesk/Security Manager Leaving Decertification Relocation Permissions Applied As Groups Group Y has write access to resource X Removal From Group = Removed Access Much more efficient vs. User-based permissions Network Topology Physical – The way devices are laid out in a network Example: Ring, Star, Bus, etc Logical – How signals behave on the network Example: Ethernet Network Segmentation Keep traffic separate Network load Load balancing VLANs Traffic types IPS/IDS Intrusion Prevention/Detection System Log and alert on suspicious activity Firewalls DMZ Hardening and Patching Keep security software and operating systems up to date Properly configure network devices to close security holes Only expose needed services on the network IP Addressing Create subnets to segment traffic Private IP subnets: 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 Reserve IPs for critical devices IPv6 & IPv4 QoS Policy Quality of Service Deals with network contention Telephony Protocols WAN Encryption Policy Depending on the sensitivity of the information, different network requirements may exist for different hardware Classified information/hardware should always be encrypted and must stay on classified networks Non-classified and classified networks should be physically separated Sensitive information that traverses a public network should be encrypted BEFORE it leaves the private network Have no idea who’s snooping it once it leaves Classified and Non-classified networks must remain independent Classified information should never be accessible from a nonclassified network; The network should enforce that unauthorized hardware and software not run where prohibited WAN Encryption - VPN Virtual Private Network Allows the extension of a private network across a public network (internet) Encryption should always be used when passing data across public networks A VPN creates an encrypted ‘tunnel’ through which a remote client can connect to an enterprise network for instance – Host to Gateway – Employees may be required to use a server on the private network. A VPN can allow that employee to securely access private resources remotely – Gateway to Gateway connections allow a regional office’s network to connect to the head office’s network image credit: wikipedia Incident Response For the purposes of IT, incidents are observed when normal network operation is disturbed; some level of crisis may be observed. DOS (intentional or unintentional) Classified information leak Others (Power outage/flood/brownout/cable or router failure) The purpose of Incident Response is to minimize the impact that the incident causes both immediately and may potentially create in the future. 1. 2. 3. Identify the incident. Gather necessary resources for response. Execute applicable incident response plan. Incident Response Requirements Need to have response teams and plans in place Security team and plan should be updated to address specific incident concerns Plan needs to be THOROUGH and COMPLETE. May have the need for several different kinds of plans. ‘Big red button’ plans Minimize number and severity of security incidents Contain damage; minimize additional/ongoing, risks What actions are to be taken against discovered attackers/offenders; lawsuit/Employee reprimand/etc Specify the appropriate personnel Avoid “Too many cooks in the kitchen” Financial Responsibility Distribution Insurance coverage may apply; must fulfill all insurance requirements Federal implications, e.g. HIPAA/ICO/PCI-DSS Ensure compliance to auditing authorities: Information privacy - ICO (UK) HIPAA – department of HHS PlayStation Network data leak ended in ~$300k fines Credit card numbers remained encrypted Other personal information was not, however Attack was found to be ‘preventable’ (pwned) Financial Responsibility Distribution Who is responsible for paying for what resources in a given enterprise? Must have a plan in place to define who pays for what in order to avoid finger pointing! Especially important to have this defined in critical situations (incident response) Example: data storage in an academic environment Professor may utilize computing resources more than others for research outside of the institution’s scope Network Authentication Used to verify identity User is who they say they are Multi-factor authentication: more than one factor Authentication factors: 1. Knowledge: something user knows 2. Possession: something user has 3. Inherence : something user is e.g.: password e.g.: token e.g.: retinal scan Physical Security Policy Least Privilege - basic pillar of security Access rights are set at the minimum required level in order to perform job duties Principle of effectiveness: Must be using security controls properly in order for them to be effective (e.g.: Locks do no good if the key is in the lock) Separation of duty ` Network Infrastructure Security Two levels of security: 1. Basic physical perimeter security on campus Shared facilities can create cause for concern Workstations should remain locked and protected by the main physical perimeter at least 2. Controlled, monitored access around critical infrastructure devices (e.g.: sever room, building network switch) All employees don’t need access to the server room Should employ a security mechanism independent of the campus security All employee access Restricted access Building switch Enterprise campus Server room Switch Switch Switch Switch Questions? References http://technet.microsoft.com http://www.techsecuritytoday.com/index.php/entry/who-ultimately-pays-for-a-security-breach http://www.bu.edu/tech/files/2010/01/sc02_enterasys.pdf http://www.abetterkeywaylocksmith.com/images/content/cabinet-keyservices.jpg?nxg_versionuid=published http://docs.oracle.com/cd/B10501_01/network.920/a96582/scn81082.gif http://www.confidenttechnologies.com/files/Post%20it%20note%20password.jpg http://img.tfd.com/cde/_SECURID.GIF http://webdesignlists.com/wp-content/uploads/2012/09/retinal-scan.jpg http://4.bp.blogspot.com/_2ZvV0BgOUE0/TGikpYJwKYI/AAAAAAAAA4Q/5RgEQ9TR1zg/s1600/shrug .jpg http://commons.wikimedia.org/wiki/File:Finger-pointing-icon.png http://commons.wikimedia.org/wiki/File:DHS_Network_Topology.jpg http://en.wikipedia.org/wiki/CompTIA https://www.isc2.org/CISSP/Default.aspx