Fluent Essays

Read chapter 13 of your textbook (lecture slides under week 5), and review online library and reputable      articles/journals/online resources and write 3/4 page paper and discuss: Q). How do you design a secure network. Discuss latest technologies to keep your network secure. 1 INST569: Data and System Security Lecture 5 Copyright © 2013 University of North America. All rights reserved. Copyright © 2013 University of North America. All rights reserved. Key Terms and Concepts: Application & Systems Development Life Cycle Development Methodologies Security Engineering Processes Change Management/control Build Management/control Release Management/control Capability Maturity Model (CMM) Application Controls Application Control Types Security Control Architecture Implementation/Operation Controls Distributed Computing Environment (DCE) Distributed Environment Security Mechanisms Development languages Database systems – types Object-oriented databases Relational Databases Data Dictionaries Data Warehouses Artificial Intelligence Expert Systems Neural Networks Application-related Threats Attacks Methods Copyright © 2013 University of North America. All rights reserved. Application & Systems Development Domain Development Life Cycle/Process Change Control/Configuration Management Application Controls Application environments/languages Applications – Databases, Data Warehouse, AI Systems, Threats and Attacks Copyright © 2013 University of North America. All rights reserved. Applications and System Development Security - Overview Addresses security as it relates to The development process The software/system being developed The type of software/system being deployed Provides the fundamentals required for an organization to be Proactive rather than Reactive when addressing Application Security Reduces the risk of loss due to security vulnerabilities of applications deployed by an organization - that can actually be controlled by the organization Many of the concepts presented in this domain are similar to those touted by TQM – Total Quality Management and have been adopted in many organizations at some level. Very few, however, have used those same concepts to explicitly address security to the level discussed in this domain (Until recently, the business drivers that now make it a priority did not exist for most industries). Copyright © 2013 University of North America. All rights reserved. The world according to (ISC)2 Application & Systems Development Security refers to the controls included within systems and applications and the steps used in their development. The term application applies to agents, applets, software, databases, data warehouses, and knowledge-based systems. Copyright © 2013 University of North America. All rights reserved. Software Development Life Cycle Primary objective of any SW Development process is to develop a quality product that meets customer requirements within budget and schedule Early models were simplistic and assumed each process step was complete before moving onto the next. System Requirements Analysis Program Design Coding Testing Operations & Maintenance Copyright © 2013 University of North America. All rights reserved. SW Development Life Cycle Subsequent models recognized the need for iterating between steps or for iterating through the process several times. Waterfall model, modified Waterfall, Spiral Model Verification - evaluate product in development against the specification. Validation - Evaluate against real-world requirements and concepts. Information Security should be handled like any other business requirement and be addressed at every step of the development process. Copyright © 2013 University of North America. All rights reserved. Relevance to Security Architecture and Models and Operations Security Separation of duties (Development, QA, Installation/Roll-out) Configuration/Change Management (applies to documentation and hardware as well as software) Security Classification B2 and B3 requires configuration management be enforced during development and maintenance Security Classification A1 requires configuration management be enforced during the entire life cycle Certification – comprehensive evaluation of the technical and non-technical security features of an information system Accreditation – formal declaration by a Designated Approving Authority where an information system is approved for production Copyright © 2013 University of North America. All rights reserved. Security Life Cycle Components – System Feasibility Information Security Policy Standards Legal Issues ‘Traditional or Waterfall Methodology’ Copyright © 2013 University of North America. All rights reserved. Security Life Cycle Components – SW Plans & Requirements Threats & Vulnerabilities Security Requirements Reasonable Care, Due Diligence Legal Liabilities Desired Level of Protection Test Plans ‘Traditional or Waterfall Methodology’ Copyright © 2013 University of North America. All rights reserved. Security Life Cycle Components – Product Design Incorporate Security Specifications Determine Access Control Evaluate Encryption Options Refine Test Plans Define Product Documentation ‘Traditional or Waterfall Methodology’ Copyright © 2013 University of North America. All rights reserved. Security Life Cycle Components – Detailed Design Detailed Design Design Security Controls per legal requirements Design Access Controls Employ Encryption Consider Business Continuity Issues Detailed Test Plans/Scripts Detailed Documentation Design ‘Traditional or Waterfall Methodology’ Copyright © 2013 University of North America. All rights reserved. Security Life Cycle Components - Coding Develop Security-related Code Support Business Continuity Plan Unit Testing Develop Documentation ‘Traditional or Waterfall Methodology’ Copyright © 2013 University of North America. All rights reserved. Security Life Cycle Components - Integration Integrate Security Components Integration Testing Conduct Security-related product verification Refine Documentation ‘Traditional or Waterfall Methodology’ Copyright © 2013 University of North America. All rights reserved. Security Life Cycle Components – Implementation Install Security Software Test Security Software Complete Documentation, Certification, Accreditation ‘Traditional or Waterfall Methodology’ Copyright © 2013 University of North America. All rights reserved. Security Life Cycle Components – Operations & Maintenance Revalidate Security Controls Conduct Penetration Testing and Vulnerability Analysis Implement Change Management/Control Process Evaluate/Monitor SLA Conformance Maintain Documentation Re-certification ‘Traditional or Waterfall Methodology’ Copyright © 2013 University of North America. All rights reserved. Contemporary Development Methodologies Rapid Application Development (RAD) Evolutionary Software Development Prototyping Spiral: This model of development combines the features of the prototyping model and the waterfall model. Incremental Concurrent Development Model Fourth Generation Development Copyright © 2013 University of North America. All rights reserved. RAD Key Phases Business Modeling Data Modeling Process Modeling Application generation Testing and Turnover Implications for Security Requirements? Challenges and Barriers? Source: Software Engineering: A Practitioner’s Approach; Fourth Edition, Roger S. Pressman; ISBN 0-07-052182-4 Copyright © 2013 University of North America. All rights reserved. Evolutionary Software Development Implications for Security Requirements? Challenges and Barriers? Planning Risk Analysis Engineering Design Construction Release Customer Evaluation Customer Communication Entry Point Copyright © 2013 University of North America. All rights reserved. Relevance to Security Architecture and Models and Operations Security Separation of duties (Development, QA, Installation/Roll-out) Configuration/Change Management (applies to documentation and hardware as well as software) Security Classification B2 and B3 requires configuration management be enforced during development and maintenance Security Classification A1 requires configuration management be enforced during the entire life cycle Certification – comprehensive evaluation of the technical and non-technical security features of an information system Accreditation – formal declaration by a Designated Approving Authority where an information system is approved for production Copyright © 2013 University of North America. All rights reserved. Capability Maturity Model Quality of a software product is directly related to the quality of the development and maintenance process from which it is produced. Five Maturity Levels Initiating Repeatable Defined Managed Optimizing Copyright © 2013 University of North America. All rights reserved. Application Controls Enforce an organizations security policy and procedures to maintain Confidentiality, Integrity and Availability Data input Data processing Data output Copyright © 2013 University of North America. All rights reserved. Application Controls Confidentiality & Integrity Input Controls Data checks (range checking, validity checks) Date stamping during data create/edit Processing Controls Ensure accuracy of transaction processing – roll-backs, timely and accurate re-processing invalid transactions Output Controls Input/Output comparison checks for data integrity Secured printer access, printer headings/banners, signed receipts for printed material for confidentiality Copyright © 2013 University of North America. All rights reserved. Application Controls Availability Service Level Agreement (SLA) Turn-around times Ave. response times # of on-line users System utilization rates System up-time Volume of transactions Production problems Two-phase commit – distributed databases Copyright © 2013 University of North America. All rights reserved. Application Control Types   Application control type Accuracy Security Consistency Preventive Data checks, forms, custom screens, validity checks Firewalls, sensitivity labels, encryption, passwords, test environments Data dictionary, programming standards Detective Hash controls, cyclic redundancy checks IDS and audit trails Comparison controls, relationship tests Corrective Backups, checkpoint restarts Emergency response and reference monitor Program comments and database controls   Copyright © 2013 University of North America. All rights reserved. Security Control Architecture (Covered in Domain 5) Defined Subset of Subjects and Objects Trusted Computing Base Security Perimeter Reference Monitor and Security Kernel Domains Resource Isolation Security Policy Least Privilege Layering, Data Hiding and Abstraction Copyright © 2013 University of North America. All rights reserved. Implementation/Operation Controls All support personnel should be authorized Code Reviews (also part of Change Management) – prior to implementation Separation of Duties Development staff should not review, implement systems Development staff should not support production data Development staff should not manage security function Accountability No access should be permitted directly to database Production data should be managed by users, not support staff All access to production data should be logged Least Privilege Access Control Access given to necessary data fields only Layered Defense – Access controls should be used in addition to system access Copyright © 2013 University of North America. All rights reserved. Distributed Environment Geographically distributed components interconnected through one or more network Client/Server Intranet/Internet - mobile code Applet – usually written in Java Distributed as an attachment in www document Navigator restricts applet file and network access to prevent security violations Full Java applications running outside of browser are not restricts Active X – MS answer to Java, COM-based technology that provides the fundamental building blocks used in most Windows applications Agent/Proxy Used in client-server model, performs information preparation or exchange for client or server Copyright © 2013 University of North America. All rights reserved. Distributed Computing Environment (DCE) An industry-standard software technology for setting up and managing computing and data exchange in a system of distributed computers. Copyright © 2013 University of North America. All rights reserved. Distributed Environment Security Mechanisms Access Control Identification Authentication Intrusion Detection Emergency Response Plans Logs/Audit Trails Firewall/Browser configurations that restrict or prevent downloading of applets Copyright © 2013 University of North America. All rights reserved. SW Development Languages Interpreted languages Executes each instruction in real-time Also known as run-time binding Java Compiled languages Translates into machine code, which is executed by the computer Binding occurs at compile time C++ Higher security risk than interpreted because malicious code can be embedded in the compiled code, making it difficult to detect Copyright © 2013 University of North America. All rights reserved. JAVA Programming language designed specifically for the Internet Security Levels Untrusted – applets are not permitted to run High Security – applets are not permitted to read, write or delete files. They cannot access WebView Settings. They may only connect to and accept connections from their server of origin. Medium Security – applets can be granted permission to read, write or delete files and access WebView Settings (after a warning is displayed). Access to clipboard is not permitted. Low Security – applets run with minimal constraints. No warning are generated for potentially unsafe actions. WebView generates a warning if local applications are launched. Copyright © 2013 University of North America. All rights reserved. Malicious Code Viruses – program code inserted into other program code with the intent of causing an unexpected and undesirable event. File Infectors – attaches to program files, usually COM or EXE files and are loaded when the program file is loaded. System/Boot Record Infectors – infects executable code found in certain system areas or master boot records on the disk or to the DOS boot sector on diskettes. Macro Viruses – infects applications, such as MS Word. Trojan Horses – a program or virus in which malicious or harmful code is contained inside “apparently” harmless programs, data or messages. Logic Bombs – code inserted into an application or OS that executes when a specified condition is met. Worm - a program that uses communications methods to propagate itself between systems Copyright © 2013 University of North America. All rights reserved. Object-Oriented Development Methodology Provides the capability to model the “real-world” Has the potential of reducing propagation of program errors Objects are encapsulated Messages are sent to request performance of defined operations Provides a level of independence from other objects Over the long-term, increases code re-usability, reducing development costs Requires disciplined process with upfront analysis and design to reap the benefits Copyright © 2013 University of North America. All rights reserved. Object Oriented Systems – Fundamentals Subject – active entity, generally in the form of a person, process, or device that causes information to flow among objects or to change the system state Object – passive entity that contains or receives information Message – tells an object to perform an operation Method – defines actions performed in response to a message Behavior – results exhibited by an object upon receipt of a message Class – a set of objects that share common structure and behavior Instance – objects are instances of classes that contain their methods Copyright © 2013 University of North America. All rights reserved. Object Oriented Systems – Fundamentals Inheritance (Multiple Inheritance) – Methods from one class are inherited by a subclass Multiple inheritance – a class inherits behavioral characteristics from more than one parent class Delegation – forwarding of a request by one object to another Polymorphism – different objects may respond to a common set of operations in different ways Copyright © 2013 University of North America. All rights reserved. Object Oriented Systems – Fundamentals Polyinstantiation – the development of a detailed version of an object from another object using different values in the new object. ORB (CORBA) – Object Request Broker – locator/distributor of objects across a network. CORBA is Common Object Request Broker, which defines an industry standard allowing heterogeneous systems to interface and communicate. COM (formerly OLE), DCOM – standard that supports the exchange of common objects among programs. Copyright © 2013 University of North America. All rights reserved. Database Systems - Types Hierarchical Mesh (Network) Object-oriented Relational Copyright © 2013 University of North America. All rights reserved. Object-Oriented Databases “Subjects” “Objects” “Methods” Controls using encapsulation, inheritance, information hiding Permits classification of an object’s sensitivity through the use of class and instance Copyright © 2013 University of North America. All rights reserved. Relational Databases Relations - tables Tuples – rows or records Security can be provided via views – “virtual” relations Normalization – helps organize data and eliminate redundancy First Normal Form – no repeating groups or multiple column values Second Normal Form – Non-key field must depend on primary key Third Normal Form – Non-key field cannot depend on primary key Referential Integrity – a system of rules used to ensure that relationships between records in related tables are valid and cannot be accidentally changed or deleted Copyright © 2013 University of North America. All rights reserved. Relational DB Security Issues Aggregation The act of obtaining information of a higher sensitivity level by combining information of lower sensitivity levels. Inference The ability of a user to infer or deduce information about data at sensitivity levels for which they do not have access. Multi-level Security Enforces mandatory access controls in additional discretionary access control to address confidentiality May create conflict between integrity and confidentiality when integrity rules are enforced Copyright © 2013 University of North America. All rights reserved. Relational DB Security Issues (continued) Polyinstantiation – also describes a situation where the same primary key is used for different relations to store information at different classification levels. Just by the act of attempting to create an entry at the lower classification level with the same primary key that exists at the higher classification level and having that transaction fail, the user could INFER the classified data. Copyright © 2013 University of North America. All rights reserved. Data Dictionary Database for developers Records the data structures used by an application Data elements Data element characteristics X-reference to programs/applications that use the data element and associated files Serves as a control when programmers are required to use the variable names from the Data Dictionary Copyright © 2013 University of North America. All rights reserved. Data Warehousing/Data Mining Data Warehouse – repository of information from heterogeneous databases made available to users for reporting/queries Data Mining – analysis of data for relationships not previously discovered. Results include Associations Sequences Classification Clustering Forecasting Copyright © 2013 University of North America. All rights reserved. Additional Data Store - Memory Covered in detail in Security Architecture and Security Model Domain Primary (Real) Usually Random Access Memory Directly addressable by CPU Used for storage of instructions or data Secondary Slower, usually magnetic disc Non-volatile storage Virtual Uses secondary memory in conjunction with primary Provides a CPU with larger, apparent address space Copyright © 2013 University of North America. All rights reserved. Additional Data Store – Memory (continued) Random RAM – Random Access Memory Memory locations are directly addressed and data that is stored can be altered Volatile Stored data is lost if power is removed from the system RAM is volatile Sequential Data is retrieved by sequentially searching the memory store from the beginning rather than directly accessing the location Magnetic Tape Copyright © 2013 University of North America. All rights reserved. Artificial Intelligence Systems (Knowledge-based Systems) Exhibits reasoning similar to that of a human being to solve problems Expert System Neural Networks Copyright © 2013 University of North America. All rights reserved. Expert System Knowledge base – in the form of rules about a particular domain – based on human experiences Inference Engine – determines if the rules are satisfied by the input Copyright © 2013 University of North America. All rights reserved. Neural Networks Based on the functioning of biological neurons Network of very simple processors, called neurons or units – each with a small about of local memory Neurons are connected by unidirectional communications channels Neuron operate on local data and inputs received via connectors Training rule enables learning from examples and ability to do generalizations Copyright © 2013 University of North America. All rights reserved. Application-related Threats Trap Door Hidden Mechanism To Bypass Protection Measures Letter bomb - email attachment with malicious code Back door - unapproved method of accessing the system Covert channel – Communication channel violating information transfer policies Covert storage channel - Writing to storage through one process, and reading by another (lower security level) Covert timing channel - Processes signal to one another by modulating system use Copyright © 2013 University of North America. All rights reserved. Methods of Attack Brute force – Trying all possible words and character combinations to find the correct password, pass phrase or PIN Denial of Service – An incident in which a user or organization is deprived of the service of a resource they would normally expect to have Dictionary Attacks – Attacker uses a pre-defined list of dictionary words and tries each entry to see if it matches a user’s password Spoofing – The user appears to be someone else or manipulates packets so they appear to come from a another system or network Copyright © 2013 University of North America. All rights reserved. Methods of Attack (continued) Pseudo Flaw – An apparent loophole deliberately implanted in an operating system program as a trap for intruders Alteration of authorized code Interrupts – An external signal interrupts normal program flow to request service Remote Maintenance – Ability to access a system for maintenance from a remote location, by-passing a system’s normal security protections Browsing – The act of searching through storage to locate or acquire information without necessarily knowing of the existence or the format of the information being sought Copyright © 2013 University of North America. All rights reserved. Methods of Attack (continued) Traffic analysis – Involves analyzing data characteristics (message length, message frequency, etc…) and patterns of transmissions to infer information Flooding – Forwarding by a router of a packet from any node to every other node connected to the router Time of check/Time of use (TOC/TOU) – Exploits the difference in the time that security controls were applied and the time the authorized service was used Copyright © 2013 University of North America. All rights reserved. Glossary Acceptance inspection – Final inspection to determine whether or not a system meets the specified technical and performance standards Assurance – A measure of confidence that the security features and architecture of system accurately mediate and enforce the security policy Configuration Control – The process of controlling modifications to the system’s hardware, firmware, software, and documentation that provides sufficient assurance that the system is protected against the introduction of improper modifications prior to, during, and after system implementation. Copyright © 2013 University of North America. All rights reserved. Glossary Configuration Management – The management of security features and assurances through control of changes made to system hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the development and operational life of the system. Due Care – Minimum and customary practice of responsible protection of assets that reflects a community of social norm. Due Diligence – Prudent management and execution of due care. Copyright © 2013 University of North America. All rights reserved. Glossary Formal Development Methodology – A collection of languages and tools that enforces a rigorous method of verification. Formal Verification – The process of using formal proofs to demonstrate the consistency between a formal specification of a system and a formal security policy model (design verification) or between the formal specification and its high-level program implementation (implementation verification) Functional Testing – The segment of security testing in which the advertised security mechanisms of the system are tested, under operational conditions, for correct operation. Copyright © 2013 University of North America. All rights reserved. Glossary Granularity – An expression of the relative size of a data object; for example, protection at the file level is considered coarse granularity, whereas protection at the field level is considered to be of a finer granularity. Secure Configuration Management – The set of procedures that are appropriate for controlling changes to a system’s hardware and software structure for the purpose of ensuring that changes will lead to violations of the system’s security policy. Security Requirements – The types and level of protection that are necessary for equipment, data, information, applications, and facilities to meet security policy. Copyright © 2013 University of North America. All rights reserved. Glossary Security Specifications – A detailed description of the safeguards required to protect a system. Security Testing – A process that is used to determine that the security features of a system are implemented as designed. This process includes hands-on functional testing, penetration testing, and verification. Top-level Specification – A nonprocedural description of system behavior at the most abstract level; typically, a functional specification that omits all implementation details. Work Factor – The effort or time needed to overcome protective measures. Copyright © 2013 University of North America. All rights reserved. Operations/ Maintenance SW Rqmts/Plans Product Design Coding Detailed Design Integration Implementation System Feasibility Operations/ Maintenance System Feasibility Product Design Coding Detailed Design Integration Implementation SW Plans & Requirements Operations/ Maintenance System Feasibility SW Plans & Requirements Coding Detailed Design Integration Implementation Product Design Operations/ Maintenance System Feasibility SW Plans & Requirements Coding Product Design Integration Implementation Detailed Design Operations/ Maintenance System Feasibility SW Plans & Requirements Detailed Design Product Design Integration Implementation Coding Operations/ Maintenance System Feasibility SW Plans & Requirements Detailed Design Product Design Coding Implementation Integration Operations/ Maintenance System Feasibility SW Plans & Requirements Detailed Design Product Design Coding Integration Implementation System Feaibility SW Rqmts/Plans Product Design Coding Detailed Design Operations/ Maintenance Integration Implementation Chapter 13 Secure Network Design Copyright © 2014 by McGraw-Hill Education. Introduction In this chapter, we review some high-level security concepts that should be kept in mind during network design. This chapter introduces the basic concepts of network architecture and the best practices for security that should be considered when designing a network. Copyright © 2014 by McGraw-Hill Education. Electronic Security Perimeter (ESP) The boundary between an organization’s network and the Internet or a peered network is known as an electronic security perimeter (ESP). The network perimeter lies wholly within the ESP and is often confined to a particular physical location or set of locations, while the ESP has other elements such as corporate smartphones and smartphones, tablets, and other mobile devices. These devices may be outside of the network(s) physically, but they are still within the ESP. Within this perimeter you will find all owned computing assets and potential storage locations for organization data, sometimes including third-party systems. Copyright © 2014 by McGraw-Hill Education. Acceptable Risk Management’s risk tolerance is expressed through the policies, procedures, and guidelines issued to the staff. A complete set of policies outlining management’s preferences and its tolerance of information security risks enables employees to make appropriate infrastructure decisions when designing and securing new systems and networks. Thus, the design and configuration of the infrastructure becomes the enforcement of those documents. Copyright © 2014 by McGraw-Hill Education. Designing Security into a Network Separating assets of differing trust and security requirements should be an integral goal during the design phase of any new project. Aggregating assets that have similar security requirements in dedicated zones allows an organization to use small numbers of network security devices, such as firewalls and intrusion-detection systems, to secure and monitor multiple application systems. Copyright © 2014 by McGraw-Hill Education. Network Design Models The three-tier Cisco Hierarchical Internetworking model is derived from the Public Switched Telephone Network (PSTN) model, which is in use for much of the world’s telephone infrastructure. Copyright © 2014 by McGraw-Hill Education. The Three-Tier Cisco Hierarchical Internetworking Model Copyright © 2014 by McGraw-Hill Education. Newer Models Although the Cisco three-tier model is perhaps the most commonly known and referenced model for designing LAN environments, it has its limitations and is rapidly being supplanted by newer models aimed at addressing the specific needs of highly virtualized data centers, different industry verticals, and cloud computing and multitenancy environments. Many modern data center architectures and “cloud” designs favor a clustered switching, class fabric, or collapsed two-tier approach that offers higher performance and lower cost but also brings special security considerations into play. A few of the more well-known and published models are Cisco’s FlexPod model (data center in a box), Arista’s two-tier CloudVision model, Brocade’s Brocade One model, and Juniper’s Stratus model. Copyright © 2014 by McGraw-Hill Education. Two-Tier vs. Three-Tier Models Core: The core of the two-tier network is a highly available, horizontally scalable element used for transit and moving data between different areas or zones in the network, much like the core in the three-tier model. Distribution: The distribution layer in some collapsed networks either is eliminated completely or is combined with the access layer as part of the fabric. Access: The access layer is collapsed into the distribution layer, so although physically separate devices may provide the aggregation and access function, both can be part of the same layer two domain employing trill or 802.1aq for bridging. These combined layers offer active/active connectivity across multiple switches via clustering for high availability and performance. This “fabric” introduces a new dimension for security, as server-to-server, server-to-storage, and virtual host communication can now be fused together in ways not previously possible. Copyright © 2014 by McGraw-Hill Education. Security Components Security components (firewalls, filtering devices, etc.) “plug in” to the fabric in a fashion that maintains the integrity of data communications between intended hosts but does not compromise the performance of the data center platform. Techniques such as VM fencing, virtual appliance firewalls, hypervisor protection, and segregation of security zones by service type are common approaches to ensuring adequate controls are in place to enforce the security plan. Copyright © 2014 by McGraw-Hill Education. Availability Avoid single points of failure within the architecture. This can require redundant and/or failover capabilities at the hardware, network, and application functions. Copyright © 2014 by McGraw-Hill Education. A Full High-Availability Network Design A true high-availability design will incorporate redundant hardware components at the switch, network, firewall, and application levels. Copyright © 2014 by McGraw-Hill Education. Layered Network Security Flaws, such as a buffer overflows, can allow an attacker to turn a vulnerable server into a conduit through the firewall. Once through the firewall, the attacker can mount attacks against infrastructure behind the protection of the firewall. If the server is on the internal network, the entire network could be attacked without the protection provided by the firewall. If the server is on a separate firewalled segment instead of the internal network, only the hosts on the same subnet could be directly attacked. Each connection to another network, whether to the Internet or to any external third party (business partner, data provider, and so on), creates an entry point in the perimeter that must be secured. Copyright © 2014 by McGraw-Hill Education. Wireless Impact on the Perimeter Organizations that deploy wireless solutions must recognize and mitigate risks associated with an unauthorized individual gaining connectivity to the corporate LAN via wireless signal leakage outside of the corporate-controlled premises. Copyright © 2014 by McGraw-Hill Education. Wireless Deployment Through a VPN Server Copyright © 2014 by McGraw-Hill Education. Remote Access Considerations When VPN peers consist of remote users accessing the corporate network over the Internet, the overall security of the corporate network becomes dependent on the security of that employee’s remote PC. Should a hacker gain access to an unprotected PC, the VPN may be used to tunnel traffic past the corporate firewalls and the protection they provide. To protect the corporate network when VPNs are used for remote user access, security administrators should ensure that adequate protection is implemented over the endpoints. Copyright © 2014 by McGraw-Hill Education. Internal Security Practices Internal controls, such as firewalls and early detection systems (IDS, IPS, and SIEM), should be located at strategic points within the internal network to provide additional security for particularly sensitive resources such as research networks, repositories containing intellectual property, and human resource and payroll databases. Copyright © 2014 by McGraw-Hill Education. Internal Firewalls Copyright © 2014 by McGraw-Hill Education. Intranets The main purpose of an intranet is to provide internal users with access to applications and information. To achieve a higher level of security, intranet systems are aggregated into one or more dedicated subnets and are firewalled. Copyright © 2014 by McGraw-Hill Education. Extranets Extranets are application networks that are controlled by an organization and made available to trusted external parties, such as suppliers, vendors, partners, and customers. Copyright © 2014 by McGraw-Hill Education. Extranet Design Copyright © 2014 by McGraw-Hill Education. DMZ Networks and Screened Subnets Deploy public Internet access to systems on a dedicated subnet, commonly referred to as a demilitarized zone (DMZ) or screened subnet, separate from internal systems. A successful attack against these systems still leaves a firewall between the successful attacker and more sensitive internal resources. The term DMZ was originally a military term used to describe a buffer area between a trusted zone and an untrusted zone, in which no military hardware was permitted. Copyright © 2014 by McGraw-Hill Education. Sample DMZ Configuration Copyright © 2014 by McGraw-Hill Education. Terminology Although the terms DMZ and screened subnet have been used interchangeably, there is a small difference between the two terms: A DMZ is technically the small subnet between your Internet router and the external interface of your firewall. A screened subnet is really an isolated network available only through a firewall interface and is not directly connected to the internal network. Copyright © 2014 by McGraw-Hill Education. Multiple DMZs Multiple DMZs limit the breadth of a single security breach. Application systems can consist of three separate tiers, referred to as the presentation, application, and database tiers. The presentation layer consists of a web server that interacts with end users, accepting input, sending that input to the application layer for processing, and returning the output back to the end user. The application layer contains the logic necessary for processing those queries and extracting data from the database. The data that is stored in a database housed on a separate database server on its own DMZ. Other services that aren’t directly supporting the application but provide other functions can be further segregated into a fourth DMZ subnet. Copyright © 2014 by McGraw-Hill Education. Example of a Multitier Application Infrastructure Copyright © 2014 by McGraw-Hill Education. Outbound Filtering Failure to restrict outbound access creates a number of significant risks to the corporation and its infrastructure, such as users accessing services that do not comply with corporate security policies or that do not have legitimate business purposes. Additionally, failure to filter traffic leaving the corporate network may allow an attacker to use the network to launch attacks on other networks. Copyright © 2014 by McGraw-Hill Education. Web Access Considerations Proxy servers can be configured to block connections to URLs that are considered likely to be malicious or unnecessary for normal operation, such as those containing certain scripts or other executable files. Proxy services are hardened processes that can run internally on a firewall or be provided separately by a dedicated server. Web filtering today can be handled via a variety of specialized products and appliances, including some cloud-based offerings. Copyright © 2014 by McGraw-Hill Education. Summary The ultimate goal of network security is to enable authorized communications while mitigating information risk to acceptable levels. Design elements such as segregating and isolating high risk or other sensitive assets as well as defining and maintaining a strong network perimeter go a long way toward achieving those goals. As networks become ever more interconnected, a thorough and strongly typed network architecture/design will be required to achieve and maintain a well-secured network. Copyright © 2014 by McGraw-Hill Education.