The document outlines a 12-step program for developing network security strategies. It discusses identifying network assets and security risks, analyzing security requirements and tradeoffs, developing a security plan and policy, implementing technical security strategies, and maintaining security. It also covers securing different parts of the network like internet connections, servers, remote access, services, and wireless networks using mechanisms like firewalls, authentication, encryption, and wireless security protocols.
2. Network Security Design
The 12 Step Program
1. Identify network assets
2. Analyze security risks
3. Analyze security requirements and
tradeoffs
4. Develop a security plan
5. Define a security policy
6. Develop procedures for applying security
policies
3. The 12 Step Program (continued)
7. Develop a technical implementation
strategy
8. Achieve buy-in from users, managers, and
technical staff
9. Train users, managers, and technical staff
10. Implement the technical strategy and
security procedures
11. Test the security and update it if any
problems are found
12. Maintain security
5. Security Risks
• Hacked network devices
– Data can be intercepted, analyzed, altered, or
deleted
– User passwords can be compromised
– Device configurations can be changed
• Reconnaissance attacks
• Denial-of-service attacks
6. Security Tradeoffs
• Tradeoffs must be made between security
goals and other goals:
– Affordability
– Usability
– Performance
– Availability
– Manageability
7. A Security Plan
• High-level document that
proposes what an organization
is going to do to meet security
requirements
• Specifies time, people, and
other resources that will be
required to develop a security
policy and achieve
implementation of the policy
8. A Security Policy
• Per RFC 2196, “The Site Security
Handbook,” a security policy is a
– “Formal statement of the rules by which people
who are given access to an organization’s
technology and information assets must abide.”
• The policy should address
– Access, accountability, authentication, privacy,
and computer technology purchasing guidelines
10. Encryption for Confidentiality
and Integrity
Figure 8-1. Public/Private Key System for Ensuring Data Confidentiality
Figure 8-2. Public/Private Key System for Sending a Digital Signature
11. Modularizing Security Design
• Security defense in depth
– Network security should be multilayered with
many different techniques used to protect the
network
• Belt-and-suspenders approach
– Don’t get caught with your pants down
12. Modularizing Security Design
• Secure all components of a modular design:
– Internet connections
– Public servers and e-commerce servers
– Remote access networks and VPNs
– Network services and network management
– Server farms
– User services
– Wireless networks
13. Cisco SAFE
• Cisco SAFE Security Reference Model addresses
security in every module of a modular network
architecture.
14. Securing Internet Connections
• Physical security
• Firewalls and packet filters
• Audit logs, authentication, authorization
• Well-defined exit and entry points
• Routing protocols that support
authentication
15. Securing Public Servers
• Place servers in a DMZ that is protected via
firewalls
• Run a firewall on the server itself
• Enable DoS protection
– Limit the number of connections per timeframe
• Use reliable operating systems with the
latest security patches
• Maintain modularity
– Front-end Web server doesn’t also run other
services
19. Securing Network Services
• Treat each network device (routers,
switches, and so on) as a high-value host
and harden it against possible intrusions
• Require login IDs and passwords for
accessing devices
– Require extra authorization for risky
configuration commands
• Use SSH rather than Telnet
• Change the welcome banner to be less
welcoming
20. Securing Server Farms
• Deploy network and host IDSs to monitor
server subnets and individual servers
• Configure filters that limit connectivity from
the server in case the server is compromised
• Fix known security bugs in server operating
systems
• Require authentication and authorization for
server access and management
• Limit root password to a few people
• Avoid guest accounts
21. Securing User Services
• Specify which applications are allowed to
run on networked PCs in the security policy
• Require personal firewalls and antivirus
software on networked PCs
– Implement written procedures that specify how
the software is installed and kept current
• Encourage users to log out when leaving
their desks
• Consider using 802.1X port-based security
on switches
22. Securing Wireless Networks
• Place wireless LANs (WLANs) in their own
subnet or VLAN
– Simplifies addressing and makes it easier to
configure packet filters
• Require all wireless (and wired) laptops to run
personal firewall and antivirus software
• Disable beacons that broadcast the SSID, and
require MAC address authentication
– Except in cases where the WLAN is used by
visitors
23. WLAN Security Options
• Wired Equivalent Privacy (WEP)
• IEEE 802.11i
• Wi-Fi Protected Access (WPA)
• IEEE 802.1X Extensible Authentication
Protocol (EAP)
– Lightweight EAP or LEAP (Cisco)
– Protected EAP (PEAP)
• Virtual Private Networks (VPNs)
• Any other acronyms we can think of? :-)
24. Wired Equivalent Privacy (WEP)
• Defined by IEEE 802.11
• Users must possess the appropriate WEP
key that is also configured on the access
point
– 64 or 128-bit key (or passphrase)
• WEP encrypts the data using the RC4
stream cipher method
• Infamous for being crackable
25. WEP Alternatives
• Vendor enhancements to WEP
• Temporal Key Integrity Protocol (TKIP)
– Every frame has a new and unique WEP key
• Advanced Encryption Standard (AES)
• IEEE 802.11i
• Wi-Fi Protected Access (WPA) from the
Wi-Fi Alliance
26. Extensible Authentication
Protocol (EAP)
• With 802.1X and EAP, devices take on one
of three roles:
– The supplicant resides on the wireless LAN
client
– The authenticator resides on the access point
– An authentication server resides on a RADIUS
server
27. EAP (Continued)
• An EAP supplicant on the client obtains
credentials from the user, which could be a
user ID and password
• The credentials are passed by the authenticator
to the server and a session key is developed
• Periodically the client must reauthenticate to
maintain network connectivity
• Reauthentication generates a new, dynamic
WEP key
28. Cisco’s Lightweight EAP
(LEAP)
• Standard EAP plus mutual authentication
– The user and the access point must authenticate
• Used on Cisco and other vendors’ products
29. Other EAPs
• EAP-Transport Layer Security (EAP-TLS) was
developed by Microsoft
– Requires certificates for clients and servers.
• Protected EAP (PEAP) is supported by Cisco,
Microsoft, and RSA Security
– Uses a certificate for the client to authenticate the RADIUS
server
– The server uses a username and password to authenticate
the client
• EAP-MD5 has no key management features or
dynamic key generation
– Uses challenge text like basic WEP authentication
– Authentication is handled by RADIUS server
30. VPN Software on Wireless Clients
• Safest way to do wireless networking for
corporations
• Wireless client requires VPN software
• Connects to VPN concentrator at HQ
• Creates a tunnel for sending all traffic
• VPN security provides:
– User authentication
– Strong encryption of data
– Data integrity
31. Summary
• Use a top-down approach
– Chapter 2 talks about identifying assets and risks
and developing security requirements
– Chapter 5 talks about logical design for security
(secure topologies)
– Chapter 8 talks about the security plan, policy,
and procedures
– Chapter 8 also covers security mechanisms and
selecting the right mechanisms for the different
components of a modular network design
32. Review Questions
• How does a security plan differ from a
security policy?
• Why is it important to achieve buy-in from
users, managers, and technical staff for the
security policy?
• What are some methods for keeping hackers
from viewing and changing router and switch
configuration information?
• How can a network manager secure a wireless
network?
Editor's Notes
The first three steps were covered more in Chapter 2. Chapter 8 picks up that discussion and focuses on selecting the right security mechanisms for the different components of a modular network design.
Maintain security by scheduling periodic independent audits, reading audit logs, responding to incidents, reading current literature and agency alerts, installing patches and security fixes, continuing to test and train, and updating the security plan and policy.
An example of a tradeoff is that security can reduce network redundancy. If all traffic must go through an encryption device, for example, the device becomes a single point of failure. This makes it hard to meet availability goals.
This page was added on 9/01/10 to address the fact that early printings of the book had the wrong graphic for Figure 8-2.
Security experts recommend that FTP services not run on the same server as Web services. FTP users have more opportunities for reading and possibly changing files than Web users do. A hacker could use FTP to damage a company’s Web pages, thus damaging the company’s image and possibly compromising Web-based electronic-commerce and other applications. In addition, any e-commerce database server that holds sensitive customer financial information should be separate from the front-end Web server that users see.