Basics

Network Security: The Basics

New to network security? Before you get lost in the bits and bytes, Stephen Northcutt of SANS provides a look at the essential concepts.

By Stephen Northcutt

April 29, 2008 — There are exactly two keys to information security or information assurance: first, configure the system and network correctly and keep it that way. Because this is impossible to do perfectly, the second key to information assurance is to know the traffic coming into and out of your network.[1] That way, if something terrible is happening you can detect it. Therefore, all the tasks that have to be done in network security break down into three phases or classes:

  • Protection, where we configure our systems and networks as correctly as possible
  • Detection, where we identify the configuration has changed or that some network traffic indicates a problem
  • Reaction, after identifying quickly, we respond to any problem and return to a safe state as rapidly as possible

Defense in Depth
Because we cannot achieve perfect security we have to accept a certain level of risk. Risk is defined as the probability a threat will cross vulnerability. Risk is hard to calculate, but we get a rough idea by considering our attack surface, the exposure, and the reachable and exploitable vulnerabilities that we have. A vulnerability scanner or penetration test helps us measure or define our attack surface. One thing we do to lower our risk and improve our odds of survival is to use multiple defenses. There are five basic architectures to develop defense in depth.[2]

  • The uniform method of protection for defense-in-depth generally involves a firewall separating the internal trusted zone from the Internet, most implementations have anti-virus in the mail store and forward on the servers and desktops. It generally means that all internal hosts receive the same level of protection from attack by the computer network infrastructure. It is the most commonly and easily implemented architecture and least effective in terms of achieving a high degree of information assurance unless all IT contained information assets are of equal importance to the organization.
  • Protected enclaves simply means subdividing the internal network so that it is not one large zone without internal protections. This can be done with firewalls, VPNs, VLANS and Network Access Control.
  • Information Centric. Adm. Grace Hopper, a famous early researcher in computing said, "Some day, on the corporate balance sheet, there will be an entry which reads, 'Information'; for in most cases, the information is more valuable than the hardware which processes it."[3] it is critical to understand and to be able to help others understand the value of information. In addition to richly valuable information such as intellectual property (patents, trademarks, copyrights, know how, data schema), there is also data including the increasingly important business record. To build an information centric defense-in-depth architecture, we must locate our critical and valuable information and ensure the proper protections are in place. This used to be very costly and was avoided, but due to changes in the Federal Rules of Discovery, many organizations have to build process to locate all information and tag it, so this becomes much easier.
  • Threat Vector Analysis defense-in-depth is similar to information centric; it requires us to identify the assets we want to protect in order of priority, perform an analysis to determine the paths the threat could use to reach the vulnerability and figure out how to place controls on the vectors to prevent the threat from crossing the vulnerability.
  • Role-based access control (RBAC) is an access control method that organizations implement to ensure that access to data is performed by authorized users. Unlike other access control methods, role-based access control assigns users to specific roles, and permissions are granted to each role based on the user's job requirements. Users can be assigned any number of roles in order to conduct day-to-day tasks. For example, a user may need to have a developer role, as well as an analyst role. Each role would define the permissions that are needed to access different objects.[4] With Network Access Control we can extend this from groups on systems to the entire enterprise. It requires more configuration than protected enclaves, but it yields more protection.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WEBCAST
The Surest Path to Effective and Efficient Compliance

VeriSignIn this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.

» View the webcast

Featured Sponsors
Sponsored Links

Ponemon Study: How Much Does a Data Breach "Cost"?

Data Protection: Challenges for the Traveling User

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

Think your data is safe? Think again. It's time to Outthink the Threat. Get eBook now

Prepare for (ISC)2® Certification With Villanova - Online

Key strategies for C-level executives and security staff

Configuration Assessment: Choosing the Right Solution

ITCi White Paper: Challenges and Opportunities of PCI

Effective Security with a Continuous Approach to ISO 27001 Compliance

Rolling the dice with your security? Take the Self-Assessment Test now

Digital Identity Protection and Data Security Get Personal

Solving Online Credit Fraud Using Device Reputation

Take our CSO role survey and receive a copy of the results

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Revolutionizing Endpoint Security with a Single Agent

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

The Case for Business Software Assurance ~ Securing Your Applications

Learn how the new Quad-Core AMD Opteron™ processor improves performance

Envision Identity-Based Access Control for the Datacenter

IT Service Management: Metrics That Matter

Configuration Audit and Control for Virtualized Environments

The PCI Data Security Standard

Configuration Audit and Control for Virtualized Environments

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Diebold: Frost & Sullivan Global Physical Security Systems Integrator of the Year

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage