08-network - Andrew.cmu.edu
Download
Report
Transcript 08-network - Andrew.cmu.edu
Network Policy
95-841 Information Assurance Policy
Tony Lalli ◊ March 5, 2007
Basic Network Policy for Event
The network will be available 24 x 7 from 1 week
prior until 2 days subsequent to the event
All devices will use TCP/IP to connect
Internet access will be available from the network
while on the premises
Internal email service will be provided
The network will be remotely accessible for Event
participants
All event-related activity is to be performed using
the Event Network
Etc.
What’s Missing?
Three Most Important
Network Policy Considerations
Security
Security
Security!
Network Security Policy
95-841 Information Assurance Policy
Tony Lalli ◊ March 5, 2007
Event Network – “Version 1”
Operations (8-9
Servers, ~200
PCs)
Organization (10+
Servers, ~400 PCs)
Financial
Human Resources
Contracting
Communications
Public Relations
Network Operations
Podium
Scheduling
Voting
Communications
Sponsor Access
Participant Access
Venue
Internet
Media
Event Network Considerations
Understand specific network security requirements
for The Event
Organization (Corporate Network)
Event Operations (Sponsor Access, Event Activities)
Media Access
Venue Connectivity
Identify threats and vulnerabilities to network
security, and assign a level of risk to each
Technical
Human
Mother Nature
Event Network Considerations
Specify permissible devices to be attached to the network
Determine secure methods to connect to the network
Servers
Workstations
Laptops
PDA’s
Printers
Kiosks
Ethernet drops
Wireless with RADIUS or VPN
Internet VPN or Dial-Up from hotels
Client/Server or Remote Desktop?
Identify applicable regulatory/governmental requirements
Event Network Considerations
Physical Security
Physical access to connect to servers, switches,
routers, hubs, network access points
Insiders and Event attendees
Access Control
Network authentication mechanisms
Two-factor security required?
Device authorization
Virus
scanning
Rogue network bridge scanning
Encryption Requirements for Sensitive Data
Event Network Considerations
Server Security
Active Monitoring
More restrictive access than workstations
Certification of each component as it is attached to
the network
Identification of particularly susceptible databases
or systems requiring individual review for network
security
Scanning of emails and file exchanges at egress
points for confidential data
Usual and unusual network activity
Specify Change Control Processes
Where to Start?
Network Security Policy is fundamental to the
success of The Event as it touches all aspects
of the infrastructure and the devices expected
to use it
Require prerequisite background checks of all
Network Operations staff, both
of permanent Organization staff
and temporary Event staff
Explicitly define ownership
of the Network Security Policy
Seek Professional Advice
Hire This Guy!
Sources of Assistance
Carnegie Mellon CERT OCTAVE Assessment
Operationally
Critical
Threat,
Asset and
Vulnerability
Evaluation
Self-Directed Assessment
Flexible
Focuses on Organizational Risk,
not Technology
Suited for Large Organizations
Sources of Assistance
Cisco Network Security Policy Best Practices
White Paper 13601
Preparation
Prevention
Create Usage Policy Statements
Conduct a Risk Analysis
Establish a Security Team Structure
Approving Security Changes
Monitoring Security of Your Network
Response
Security Violations
Restoration
Review
Network Policy Preparation
Define User Policy (last week)
Tightly coupled with and highly dependent upon
the Network Security Policy
Different classes of User Policies based on type
of user at The Event
Conduct our Risk Analysis
Classify each risk as Low, Medium, or High
Document the type of user of each system or
component identified
OCTAVE guidance
Allow for further refinement with time
Physical Network Risk Analysis
System Description
User Types
Low
Med
LAN Workstations
Users, Administrators
Portable Laptops
Users, Administrators
Locked Network Routers/Switches
Users, Administrators
X
Event Floor Network Drops
Users
X
Secured Wireless 802.11 Network
with VPN or RADIUS Access to
Event Network
Users, Administrators
Infrastructure Servers
(DNS/DHCP/Email)
Administrators
Organization SQL Database on
Corporate Network
Users, Data Entry, Data
Miners, Administrators
Inbound VPN Connectivity
Users
Internet Connectivity from Network
Users
Untrusted Network to Internet
Users, Sponsors, Media
High
X
X
X
X
X
X
X
X
Do we even allow wireless?
Network Security Team Structure
Establish Network Security Czar
Overall responsibility for Network Security
Owns the Network Security Policy, and quite
possibly all of the other computer policies
Authority to invoke Human Resources to dismiss
Network staff for policy violations or disconnect
Event attendees for improper activity
Network Security Staff
Charged with actual build-out of the network
Assign small teams to focus on each the Corporate,
Event Operations, and Media networks
Responsible for visually identifying infractions and
enforcing policy
Network Security Team Structure
Network Operations
Responsible for network availability,
confidentiality, and integrity, including
troubleshooting, both internally and externally
Monitoring activities on the network and
enforcing policy
Server Operations staff
Ensure
Operating System and Application
compliance to network security policy
Client Operations staff
Scan
workstations and laptops for compliant
antivirus/anti-spam/wireless configurations
Prevention
Approving Security Changes
Ongoing Organization or Event activities may
justify a change to the network
A Network Security risk is realized and requires
action to counteract
Security Czar has full responsibility to approve
or deny changes
Staff required to pass all Medium and High risk
changes to Czar for approval
Document
low risk changes not requiring approval
Prevention
Monitoring Event Network Security
Real-time 24 x 7 with appropriate tools in place
Network
traffic analysis tools such as packet sniffers
Intrusion-detection systems
Suspicious activity
Usual and unusual network traffic
Confidential data-in-transit
Approved/Unapproved changes to network
devices (routers/switches/firewalls) including
configuration, password changes, reboots
Redundant monitoring for high-risk devices
Response
Security Violations
Communication channel from Network Operations to
Security Czar to report medium or high infractions
Mechanisms built-in to immediately cut off or isolate
individual access to noncompliant users or devices
For external attacks, capture as much knowledge of the
remote device as possible before disconnecting
Remote-wipe ability of PDA’s accessing network
Crisis mode action items to combat an active attack
Restoration of service after violation
Restore configuration or servers as required
Ensure change control processes continue to be
adhered to
Response
Review Network Policy each week of the
Event
Review Network Security Posture by hiring
an outside firm to audit the network prior to
go-live date
Practice security activities prior to event golive date
Educate personnel as required if any gaps
are identified
Event Network – “Version 2”
Operations (8-9
Servers, ~200
PCs)
Organization (10+
Servers, ~400 PCs)
Financial
Human Resources
Contracting
Communications
Public Relations
Network Operations
Podium
Scheduling
Voting
Communications
Sponsor Access
Participant Access
Internet
Venue
VPN Access
Media
Wireless
Access
Proposed Network Security Policy
All devices attached to the Event Operations
network must be preauthorized and scanned for
current antivirus definitions and security patches
Administrative Access to critical devices outside the
Organization Network will be performed locally
device and not via the Event Network
Event users on the Operations network will have no
direct access to the Corporate Organization network
All communication across networks will be restricted
to authorized secure servers.
Sponsor data will be replicated securely using
IP/SEC between servers on the Organization
network and the Operations Network
Provisions will be made for all applicable laws
Proposed Network Security Policy
Email messages will be scanned for virus and spam
content. Any message deemed damaging will be
deleted without quarantine.
All network and email traffic will be analyzed for
confidential data with questionable content quarantined
for analysis by Network Operations
Public data only will be exposed to Media participants
through approved firewall access and limited
application/database access
Only Organization-owned and supplied devices will
connect to the Organization network
All Sneaker-net devices (removable disks) will be
prohibited on the Organization network
All mission critical data will be securely replicated to a
second physical location for disaster recovery purposes
Proposed Network Security Policy
All external access to the network via the Internet
will require preapproved two-factor VPN connectivity
with a signed User Policy statement
Wireless access to the network will be treated as
external access and will require the same VPN
connectivity as from the Internet
Bridging networks with a personal device will be
strictly prohibited and monitored for enforcement
All data communications will be encrypted or
transmitted via IP/SEC from server to server
All Internet connectivity will be via the Event
Network and not the Venue Network
Staff will be pre-screened prior to being allowed
administrator access on the Event Network
What else?
Summary
Network Policy implies Security Policy
The Network Policy will dictate the Event
Network design
The limitations of the Event Network design
will dictate what must be documented in the
Network Policy, with regular change
approvals necessary throughout the design
Network Policy has been done before,
review references at CERT or vendor sites
for what to consider