Corporate Security Policies, Trends and Approaches
Certification: Cisco CCNA Cyber Ops - Cisco Certified Network Associate Cyber Ops
By Sherry G. Holland
The Role of Network Security Analyst
The fundamental concepts including the identification of common threats and vulnerabilities along with the mitigation strategies are considered as the fundamental concepts of network security. The security architecture using a lifecycle approach is the implementation that includes the phases of the process, their dependencies, and the importance of a sound security policy.
Businesses should pay attention to the security of their networks because of the open nature of the Internet. Precautions should also be taken to ensure the data cannot become compromised by someone that is not authorized to see it as these companies continue to move more of their functions to a public network infrastructure.
Damage or destruction to proprietary data can negatively impact the company and hinder their capability to grow as a business because of unauthorized network access by disgruntled employees or outside hackers. These types of incidents can also harm relationships with other business partners and / customers making this a crucial requirement to impede these types of incidents. It is imperative to know the need for security so you will know what to protect and will be able to examine different trends for protection and attacks and what the principles are for maintaining a security network design. These concepts are fundamental to all security endeavors that a security professional will embark on.
Information Security Building Blocks
Maintaining and establishing an environment consisting of secure computing is more difficult as these networks become interconnected as the data flows freely. This connectivity is no longer optional as it is now a requirement and does not outweigh the benefits. These security services will provide protection to businesses in an open environment. There are new assumptions that should be made about these networks and how they have evolved over the years. Because modern networks are very large and interconnected, they are often open to access and the potential for an attacker to hack. The application and computer systems attached to these networks are becoming more complex making it difficult to analyze and scope and properly test the security of these systems.
Providing adequate protection of network resources, technologies and procedures are part of the CIA triad. This triad includes confidentiality, integrity and availability of systems and data. As these networks are being developed the designer should be aware of:
- Threats that could compromise security
- The associated risk of the threats
- The cost to implement the appropriate security measures for a threat
- The cost versus the benefit to determine if it is worthwhile to implement the security countermeasures
Data, Vulnerabilities and Countermeasures
The news headlines are monopolized by information security and risk management topics regarding hackers, viruses and worms but the security architecture for administrators is managed through risk management based on specific concepts and principles related to the security and protection management process. Anything of value to the business is considered to be an asset. Because of knowing what these assets are then the security professionals will know what they should be protecting. A weakness in a system or in the design that a hacker could exploit by a threat is the vulnerability. Anything that is a potential danger to the asset is the threat and is realized when something or someone identifies a specific vulnerability and then exploits it. The likelihood that a particular threat using an attack will exploit a particular vulnerability of the system resulting in an undesirable consequence is the risk. When a computer code is developed that will develop to take advantage of the vulnerability has been exploited. The safeguards that will mitigate the potential risk is the counter measure.
It is essential to have some form of data classification so that resources can be allocated and the assets secured. Administrators will put forth the greatest resources based on identifying the assets that are worth the most. The labels and methods for data classification differ but the common ways to classify the data that many organizations including the military will use:
- Unclassified – the data has little or no confidentiality, integrity or availability requirements so no effort is needed to ensure it is secure.
- Restricted – if leaked this could have undesirable effects.
- Confidential – must comply with confidentiality requirements
- Secret – needs significant effort to ensure it is kept secure
- Top secret – data that requires great effort and could incur considerable cost to guarantee it remains secure.
- Sensitive but unclassified – designates data that could prove embarrassing if revealed
There is no actual standard for private-sector classification and different countries have different approaches and labels. Generally common private sector classification will include public, sensitive, private and confidential classifications. The factors that aid in the decision of these classifications include the value, age, usefulness and personal association with the data. The different roles that are needed to classify the data include the owner, custodian and the user.
Understanding the weaknesses in the security countermeasures and operational procedures is important in order to effectively secure the architectures. Categorizing these vulnerabilities will aid in better understanding why they have emerged. Categories include:
- Policy flaws
- Design errors
- Protocol weaknesses
- Software vulnerabilities
- Hostile code
- Human factor
Threats are the most important component to understand after vulnerabilities and assets. Threat classification is part of the risk management architecture and organizations rely on in-depth defenses to protect from these threats. Security controls are used and classified as:
Administrative – includes policies and procedures
- Security awareness training
- Security policies and procedures
- Change controls and configuration controls
- Security audits and tests
- Good hiring practices
- Background checks
Technical – the electronic, hardware and software controls
- Intrusion prevention systems
- Virtual private network concentrators and clients
- One time password solutions
- Smart cards
- Biometric authentication devices
- Network admission control systems
- Routers with ACLs
Physical – the mechanical controls; life safety is the most important
- Intruder detection systems
- Security guards
- Uninterruptible power supplies
- Fire-suppression systems
- Positive air-flow systems
The convergence of physical and technical security is also important to categorize.
Preventative – control that prevents access
- Locks on doors
Deterrent – control deters access
- Video surveillance
Detective – control detects access
- Motion sensor
There are four ways in which to choose when dealing with risk. They are:
- Limitation / avoidance – creating a secure environment by not allowing actions that could cause a risk to occur.
- Assurance – ensuring policies, standards and practices are followed.
- Detection – detecting intrusion attempts and taking the appropriate action that will terminate the intrusion.
- Recover – restoring the system to operational state.
The Role of Network Security Analyst
A company will employ a network security analyst to manage the security of the network and information systems. This includes auditing the network for vulnerabilities, investigating security breaches and developing solutions for security issues. They may also be responsible for security training and education for the company. Some of the tools used include firewalls, data encryption, server monitoring equipment and applications, and antivirus software.
Security analysts are responsible for implementing the proper controls to prevent attacks. Avoiding issues by taking the best approach to prevention is imperative to protecting the company assets. When breaches do occur the analyst will investigate and isolate the problem and will then work toward applying the necessary steps to prevent it from re-occurring.
Some other important functions they can be a part of include:
- Participating in the design and recommendation of security solutions
- Evaluate potential security equipment software and components
- Responding to system and network security incidents
- Perform network and system security scans
- Analyze the results of network and system security scans
- Perform basic forensic preservation of hard drives
- Assist in developing effective processes and procedures
- Demonstrate fundamental understanding of network and system security principles and technology
- Assist in presentation of security awareness sessions to diverse audiences
In conclusion, network security is imperative in protecting the most important assets of the company. Security analyst should stay abreast of leading practices, approaches and trends in relation to network security so these analysts can apply the appropriate controls to protect the information security. The network security analyst position is responsible for ensuring the proper controls are in place as well. The damage or destruction including the damage to the reputation of the business could become so damaged that they may never overcome the problems that a breach could bring.