Transcript Security Management - University of Wollongong

Security Management
IACT 418/918 Autumn 2005
Gene Awyzio
SITACS University of Wollongong
Note:
• Textbook now available in bookstore
• Essay due next week in tutorials
• Seminars one and two due next week in
tutorials
• Lecture note powerpoint files can be
accessed from
– http://www.uow.edu.au/~gene/2005/iact418/lectures/
2
Overview Security Management
• Security management is the process of
protecting sensitive information
• Sensitive information is any data an
organisations wants to secure
• It may include
– Payroll data
– Customer accounts
– Research and development schedules
3
Overview Security Management
• Security management enables network
engineers to protect sensitive data by
– Limiting access to hosts and network
devices
– Notifying the engineer of actual breaches
4
Overview Security Management
• It consists of
– Identifying the sensitive information to be protected
– Finding the access points
• software services
• Hardware components
• Network media
– Securing the access points
– Maintaining the secure access points
5
Overview Security Management
• Should NOT be confused with
– Application security
– Operating system security
– Physical security
6
Benefits of the Security
Management Process
• Primary concern of users
– Lack of security for sensitive information located on HOST
• One solution
– Remove network access to host
• Whilst secure this method is not efficient and removes
need for data network altogether
• Drawbacks of NOT having security management
– All users have access to ALL information
– What happen if network connects to a public network
– Virus and worm attacks
7
Accomplishing Security
Management
• Balance required between
– Need to secure sensitive information
– Needs of users to access information to do their job
• Security Management involves the following four
steps
– Identify the sensitive information
– Find the access points
– Secure the access points
– Maintain the secure access points
8
Identify the Sensitive Information
• Determine which hosts on the network have sensitive
information
– Organisation may have polices on what is considered
sensitive
• Information may relate to
– Accounting
– Financial
– Customer
– Market
– Engineering
– Employees
9
Identify the Sensitive Information
• What is defined as sensitive may vary
depending on the specific environment
• Most difficult part may be identifying
WHERE the information resides
10
Find the Access Points
• Once you know
– What data is considered sensitive
– Where the data is located
• Need to find out how network users access
the information
• Access methods and points may be
– Physical
– Software
11
Find the Access Points
• Software that accesses the network can
potentially access any data on the network
• Most networks allow for remote login
– If remote login doesn’t
• Identify users uniquely and
• Limit their movements to authorised areas
– This access point needs to be examined
12
Find the Access Points
• File transfer programs
– If users cannot be uniquely identified
• Use needs to be examined or limited
• Restrict access to onsite
• DMZs
• Firewall anonymous FTP
13
Find the Access Points
• Other programs to examine may include
– Email
– Remote process execution
– File and directory servers
– Name servers
– Web servers
14
Find the Access Points
• Security management can be accomplished
by
– Hiding information from client systems
– Segmenting network into regions
• Apple zones
• DMZ
15
Find the Access Points
• Leaks may come from
– Network analysers
– Network management protocols
– Network management system
• Policies may include
– Hosts with sensitive information may not also allow
anonymous FTP
– Personal computer software packages MUST meet
security standards before installation
16
Secure the Access Points
• Access points can be secured by
– Using encryption at the data link layer
– Secure traffic flow by using packet filters at the
network layer
– On every host use one or more of
• Host authentication
• User authentication
• Key authentication
17
Maintain the Secure Access Points
• Key to maintaining security is the location of actual or
potential security breaches
– May be done as part of the security audit
– Hard to keep current with volume of networking software
• May use a program itself to check for known security
problems
• May offer a cash prize to first to breach security
– Generally offered by company who designed
software/hardware
18
Attaching to a Public Network
• Three types of access from a public data
network to an organisations network
– No access
• Send and receive email
• Modem used
– Full access
– Limited access
• Small subset of hosts authorised to provide public access
service
• These hosts should be separated with firewall from
private zone
19
Security Management on a
Network Management System
• Simple
– Show where security measures have been
set up
– Show all security measures applicable to
device or host
– Query configuration database
20
Security Management on a
Network Management System
• More Complex
– Include real time application to monitor access points
– Query number of breaches using network management tool
– Produce reports on breaches
– Automatic notification
• Advanced
– Use data to guide network engineers
– Examine types of security required
– Alerts for repercussions
21
Reporting Security Events
• Audit trails that summarise and report on
security
• Example
– Key personnel leaving to go to competition
• Remove physical access to network
• Remove accounts, change passwords etc
• Set up, or confirm, audit trails on device former employee
had access to
• Look for files application employee may have altered to
gain future access
22
Note:
• Textbook now available in bookstore
• Essay due next week in tutorials
• Seminars one and two due next week in
tutorials
• Lecture note powerpoint files can be
accessed from
– http://www.uow.edu.au/~gene/2005/iact418/lectures/
23