intTypePromotion=1
zunia.vn Tuyển sinh 2024 dành cho Gen-Z zunia.vn zunia.vn
ADSENSE

Lecture CCNA Security - Chapter 9: Managing a Secure Network

Chia sẻ: You Can | Ngày: | Loại File: PDF | Số trang:82

75
lượt xem
4
download
 
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

This chapter include objectives: Describle the principles of secure network design, describle threat identificaion and risk analysis, describle risk managenment and risk avoidance, describle the Cisco SecureX architecture, describle operation security,...

Chủ đề:
Lưu

Nội dung Text: Lecture CCNA Security - Chapter 9: Managing a Secure Network

  1. Chapter 9- Managing a Secure Network CCNA Security
  2. Objectives • Describle the principles of secure network design. • Describle threat identificaion and risk analysis. • Describle risk managenment and risk avoidance. • Describle the Cisco SecureX architecture. • Describle operation security. • Describle network security testing tools and techniques. • Describle business continuity and disaster recovery. • Describle the system development life cycle concept and its application to a secure network life cycle. • Describle the purpose and function of a network security policy Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  3. Introduction • To help simplify network design, it is recommended that all security mechanisms come from a single vendor. • The Cisco SecureX architecture is a comprehensive, end-to-end solution for network security that includes solutions to secure the network, email, web, access, mobile users and data center resources.
  4. Ensuring a Network is Secure • Mitigating network attacks requires a comprehensive, end-to-end approach: • Secure network devices with AAA, SSH, role- based CLI, syslog, SNMP, and NTP. • Secure services using AutoSecure and CCP one-step lockdown. • Protect network endpoints (such as workstations and servers) against viruses, Trojan Horses, and worms, with Cisco NAC and Cisco IronPort.
  5. Ensuring a Network is Secure • Use Cisco IOS Firewall and accompanying ACLs to secure resources internally while protecting those resources from outside attacks. • Supplement Cisco IOS Firewall with Cisco IPS technology to evaluate traffic using an attack signature database. • Protect the LAN by following Layer 2 and VLAN recommended practices and by using a variety of technologies, including BPDU guard, root guard, PortFast, and SPAN.
  6. Ensuring a Network is Secure • When developing security policies, several questions must be answered: Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  7. Ensuring a Network is Secure Refer to 9.1.1.1 1. Business needs 2. Threat identification 3. Risk analysis 4. Security needs 5. Industry-recommended practices 6. Security operations Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  8. Ensuring a Network is Secure • Many security assumptions are made when designing and implementing a secure network. • There are guidelines to help you avoid making wrong assumptions: Refer to 9.1.1.2 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  9. Ensuring a Network is Secure 1. Expect that any aspect of a security system might fail. 2. Identify any elements that fail-open. 3. Try to identify all attack possibilities. 4. Evaluate the probability of exploitation. 5. Assume that people will make mistakes. 6. Attackers will not use common and well-established techniques to compromise a system. 7. Check all assumptions with other people. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  10. Threat Identification and Risk Analysis When identifying threats, it is important to ask two questions: 1. What are the possible vulnerabilities of a system? 2. What are the consequences if system vulnerabilities are exploited?
  11. Threat Identification – Bank Scenario Refer to 9.1.2.1 Identified Threats Insider attack on the system Internal system compromise Data Center Destruction Stolen customer data Phony transactions Data Input errors Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  12. Risk Analysis • Evaluate each threat to determine its severity and probability • Quantitative Risk Analysis uses a mathematical model • Qualitative Risk Analysis uses a scenario-based model Refer to 9.1.2.2 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  13. Risk Analysis The first step in developing a risk analysis is to evaluate each threat to determine its severity and probability Refer to 9.1.2.2 1. Internal system compromise 2. Stolen customer data 3. Phony transactions if external server is breached 4. Phony transactions using a stolen customer PIN or smart card 5. Insider attack on the system 6. Data input errors 7. Data center destruction Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  14. Quantitative Risk Analysis Refer to 9.1.2.3 • Asset Value (AV) is the cost of an individual asset. • Exposure Factor (EF) is the loss, represented as a percentage, that a realized threat could have on an asset. • Single Loss Expectancy (SLE) is the result of AV * EF, or the cost of a single instance of a threat. Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  15. Annualized Rate of Occurrence Refer to 9.1.2.4 • Annualized Rate of Occurrence (ARO) - estimated frequency that a threat is expected to occur. • Single Loss Expectancy (SLE) • Annualized Loss Expectancy (ALE) - expected financial loss that an individual threat will cause an organization. ALE = SLE *ARO Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  16. Threat Identification and Risk Analysis Refer to 9.1.2.5
  17. Ways to Handle Risk Refer to 9.1.3.1 1. Risk management 2. Risk avoidance Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  18. Risk Management Scenario Keep in mind that not all mitigation techniques are implemented based on the risk versus cost formula used in the quantitative risk analysis: Refer to 9.1.3.2 1. Internal system compromise 2. Stolen customer data 3. Phony transactions if external server is broken into 4. Phony transactions if customer PIN or smart card is stolen 5. Insider attack on the system 6. Data input error 7. Data Center destruction Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  19. Risk Avoidance Scenario Using the risk avoidance approach, a company would decide not to offer e-banking service at all because it would be deemed too risky. Refer to 9.1.3.3 Học viện công nghệ thông tin Bach Khoa - Website: www.bkacad.com
  20. Introducing the Cisco SecureX Architecture Refer to 9.2.1.1 • Traditional network security ? • Today’s network ?
ADSENSE

CÓ THỂ BẠN MUỐN DOWNLOAD

 

Đồng bộ tài khoản
11=>2