Module 2: Designing Network Security

Module Overview
Overview of Network Security Design Creating a Network Security Plan

Identifying Threats to Network Security

Analyzing Risks to Network Security Defense-in-Depth Model Overview

Lesson 1: Overview of Network Security Design

Reasons for Investing in Network Security Key Principles of Network Security

Security Design and Implementation

Components of Network Security Network Security Design Process

Reasons for Investing in Network Security

Invest in network security to protect assets from threats

Assets

Data including software and hardware

Threats

Danger or vulnerability to assets

Risk Response to threats management

Key Principles of Network Security

Principle Defense-in-Depth

Definition
Provides multiple layers of protection

Least privilege

Grants the least amount of permission necessary to perform required tasks

Minimized attack surface

Reduces the number of vulnerable points on the network

Security Design and Implementation

Security Design Ensures that a logical and carefully planned strategy is used for securing organizations assets Ensures that security is applied throughout the organization in a controlled and logical manner Creates policies and procedures for security

Security Implementation Applies the policies and procedures created during the design to the organizations assets Ensures that policies and procedures are deployed consistently throughout the organization

Components of Network Security

Physical security Hosts Accounts and services Authentication

Data Data transmission Perimeter networks

Network Security Design Process

Phase
Creating a security design team Performing threat modelling Performing risk management Designing security measures

Task
Include diverse membership to ensure success Predict attacks to assets Analyze and prioritize risks based on likelihood of occurrence and cost Create policies and procedures to mitigate the selected risks

Detecting and reacting Managing and reviewing

Detect occurrences of security violations and respond to them Review the security policies and modify them as necessary

Lesson 2: Creating a Network Security Plan

Security Policies and Procedures Reasons for Security Policy Failures

Guidelines for Creating Policies and Procedures

Roles of a Security Design Team Guidelines for Creating a Security Design Team

Security Policies and Procedures

Security policies describe what must be implemented to secure a network

Administrative policies are enforced by management Technical policies are enforced by operating systems and applications Physical policies are enforced by physical controls such as locks

Security procedures provide detailed steps that describe how to implement policies

Reasons for Security Policy Failure

Security policies often fail because they are:

Not enforced
Difficult to read Difficult to find Outdated

Too vague
Too strict Not supported by management

Guidelines for Creating Policies and Procedures

Guidelines include:

Write clear and concise policies Write simple procedures Obtain management support Make policies and procedures easily accessible Ensure no disruption to business processes Implement technology where possible Ensure that consequences are consistent for policy violation

Roles for a Security Design Team

Role
Sponsor

Responsibility
Advocating for the team with top

management

Approving team recommendations Ensuring that business unit interests are

Product management Project management

represented

Acting as team advocate with business units Driving the overall project including goals,

budget, schedules, and resources measures

Development
Testing User experience

Designing, building, and testing security

Developing a test strategy and plans

including metrics for quality control

Obtaining feedback for the team regarding

usability and end-user training requirements

Guidelines for Creating a Security Design Team

Guidelines include:

Have a single executive sponsor

Involve an experienced project manager Involve teams that deploy and manage security Involve legal and human resources personnel

Involve managers and end-users

Provide clear roles and responsibilities for all members Communicate regularly and clearly

Lesson 3: Identifying Threats to Network Security

Reasons for Network Attacks Stages of Network Attacks

Types of Network Attacks

Common Network Vulnerabilities STRIDE Threat Model Overview

Guidelines for Modeling Network Threats

Countering Network Threats

Reasons for Network Attacks

Reason
Profit

Description
An individual who wants to hack valuable information for resale or obtain a ransom to stop an attack A discontented employee who feels offended by an organization A person or team that performs a high profile attack to obtain notoriety A person who spies on government or organizations to obtain network information A person or team that may attack networks as a hobby or to boost their egos A person or group that may impair societal infrastructure and apply pressure on groups or governments

Revenge Publicity

Espionage
Personal satisfaction Terrorism

Stages of Network Attacks

1
Survey and Assess

2
Exploit and Penetrate

3 5
Deny Service

4
Maintain Access

Escalate Privileges

Types of Network Attacks

Types of attack Eavesdropping Data modification Characteristics An attacker intercepts your communications An attacker alters your data packets

Identity spoofing Password based

Denial of service Man in the middle

An attacker falsifies a source IP address An attacker uses a valid account

An attacker prevents access to your computer or network An attacker monitors, captures, and controls communication

Compromised key Application layer

An attacker obtains a key used for securing communication

An attacker targets an application by deliberately causing an error

Common Network Vulnerabilities

Vulnerability
Account passwords Audit settings

Description
Password is either too simple or shared among users If auditing is not enabled, you cannot report an attack that has occurred

User rights

User rights should be restricted to the minimum requirements to perform necessary tasks
Any service or application may have flaws, making the computer vulnerable to attacks

Services

STRIDE Threat Model Overview

Spoofing Attempts to gain access to a system by using a false identity Unauthorized modification of data Ability of users to deny that they performed specific actions or transactions Unwanted exposure of private data

Tampering

Repudiation Information disclosure

Denial of service
Elevation of privilege

The process of making a system or application unavailable

Users assume more privileges than the limited privileges granted to them

Guidelines for Modeling Network Threats

Use the following guidelines when modeling threats to your network:

Encourage creative thinking among team members Ensure that you have all the information Manage discussions about the validity of a threat

Include specialized network penetration testers Apply caution when it involves conflict of interests
Consider technology-specific threats

Countering Network Threats

Threat category
Spoofing

Examples of counter measures

Use strong authentication Do not pass credentials in plain text over the wire Use data hashing and signing Use digital signatures and strong authorization Use digital signatures Use strong authorization and encryption Use resource and bandwidth throttling techniques

Tampering
Repudiation Information disclosure Denial of service

Elevation of privilege

Follow the principle of least privilege for all resource requests

Lesson 4: Analyzing Network Security Risks

Risk Assessment Network Assets at Risk

Calculating Risk Impact

Microsoft Operations Framework (MOF) Risk Management

Process Overview

Guidelines for Creating a Risk Management Plan

Risk Assessment
Prioritize security risks

Determine the appropriate level of security

Justify costs

Document all potential security issues

Avoid overlooking critical network security issues

Create metrics

Network Assets at Risk

Asset
Hardware

Example
Desktop and portable computers Routers and switches

Backup media
Software installation CDs

Software

Operating system images Custom software code Virtualized servers

Documentation

Security policies and procedures

Network diagrams and building plans

Trade secrets

Data

Employee information
Customer information

Calculating Risk Impact

Impact of a risk is based on:
The probability of the occurrence of the risk Direct costs such as lost orders during an outage Indirect costs such as loss of goodwill and loss of prospective customers

Example: A Web server, which is vulnerable to one hour of denial-of-service attack, has 1% probability of the occurrence of the risk over the next year. The direct cost of lost orders in that hour is $50,000. The indirect cost involved in loss of customer confidence is $200,000.

Risk impact = .01 x ($50,000 + $200,000) = $2,500

Microsoft Operations Framework (MOF) Risk Management Process

Stage
Identifying risks Analyzing and prioritizing risks Planning and scheduling risk actions Tracking and reporting risk Controlling risk Learning from risk

Description
Identify risks including the cause and consequence Determine the impact of a risk by using probability of occurrence and cost Determine how risks can be mitigated based on the cost of mitigation and impact of the risks

Gather information about how risks are changing

Implement appropriate risk actions as risks change

Use risk review meetings and a risk knowledge base to capture information about successful and unsuccessful risk actions

Guidelines for Creating a Risk Management Plan

For a successful risk management plan, consider the following:

Obtain approval and support from top management Determine the scope of the risk management plan Implement actions at appropriate time Update the risk management plan as changes occur

Use the risk management plan to assign ownership and allocate resources

Lesson 5: Defense-in-Depth Model Overview

Layers of the Defense-in-Depth Model Using Defense-in-Depth to Identify Risks

Using Defense-in-Depth to Mitigate Risks

Discussion: Security Implementation

Layers of the Defense-in-Depth Model

Layer
Data Application Host Internal network Perimeter Physical security Policies, procedures, and awareness

Description
Includes files and databases Includes client applications and server applications Contains individual computers, including the operating system Contains LAN, WAN, and wireless Ensures connectivity to the Internet and business partners Prevents unauthorized personnel from accessing the network assets Creates awareness among users and staff accessing with computers in a network

Using Defense-in-Depth to Identify Risks

Layer
Data

Example Risks
Unauthorized viewing, or changing of data

Application
Host Internal network Perimeter Physical security Polices, procedures, and awareness

Loss of application functionality

Operating system weakness Packet sniffing and unauthorized use of wireless networks Attacks from anonymous Internet users A user with direct physical access to a computer can modify it or access data Users and IT staff not following policies due to lack of understanding

Using Defense-in-Depth to Mitigate Risks

Layer
Data Application Host Internal network Perimeter Physical security

Mitigation Examples
Access Control List (ACL) encryption, Encrypting File System (EFS), and Digital Rights Management (DRM) Application hardening and antivirus software Operating system hardening, authentication, update management, and Network Access Protection
Network segmentation, IPsec, and intrusion detection Firewalls and VPNs Locks and tracking devices

Polices, procedures, User education and awareness

Discussion: Security Implementation

What security measures do you use in your organization?

Lab: Designing a Network Security Plan

Exercise 1: Identifying a Team for the Security Plan

Scenario

Exercise 2: Identifying Threats Exercise 3: Analyzing Risks Exercise 4: Discussion of Designing a Network Security

Plan

Logon information

Virtual machine User name Password

NYC-DC1 Administrator

Pa$$w0rd

Estimated time: 55 minutes