Transcript Network and Systems Security

Network and Systems
Security
Security Awareness, Risk
Management, Policies and Network
Architecture
Why is network and systems
security important?
Classic view is to ensure the Integrity,
confidentiality and availability of data
However Security Incidents present other
problems. e.g.



Legal threats – Copyright infringements, DoS
attacks, hacking attempts, Unacceptable content
Wastes valuable resources – Staff time, bandwidth
Bad PR
How should we address Network
and Systems security problems?
The proposed strategy is as follows;





Produce and maintain Risk register and associated Risk
reduction measures
Agree set of Policies and Guidelines that would address
specific areas of concern
Agree a Network Architecture that would reduce the
exposure of Networked systems and provide Inherent
containment measures
Establish a Computer Incident Response Team to handle
incidents in a structured and coordinated way
Raise awareness of Security issues. Security is not
someone else’s problem it affects everyone and everyone
has a role to play
Risk Register
Information Security working group has
produced a draft Risk register and is
working on costing the Risk reduction
measures
Security Policies and
Guidelines
The Universal Access and Information
Security working groups have produced a set
of draft Policies and Guidelines for
consultation
These are not meant to place unnecessary
barriers in the way of users doing their
legitimate work
The general aim is to define the University’s
security requirements with respect to the
following areas of concern;
Policies and Guidelines
Network Connection Policy

Campus Network
 Who
can connect
 What can and can’t be connected
 How do systems connect
 What address and name space can be used
 What services can be run
 What services can be accessed
 What security measures should be
implemented
Policies and Guidelines
Monitoring Policy

Network and Systems Monitoring






Informs users of the extent that network activities may be
monitored
Identifies what personnel may be authorised to perform
monitoring functions
Highlights the ethics, procedures and safeguards
employed
Identifies what information may be gathered
Identifies how long information is stored
Outlines the purpose information may be used for
Policies and Guidelines
Wireless LAN Policy

Wireless LANs




Establish the rules and support requirements for WLAN
deployments
Prevent (or arbitrate) interference issues between WLAN
deployments
Help safeguard the integrity of the University’s
information technology resources
Ensure that WLAN security and performance issues are
understood
Policies and Guidelines
Bastion Host Policy

Bastion Host





Ensure that critical University servers are managed with
appropriate levels of security
Define the overheads wrt management, operation and
security functions associated with deploying a network
server
Identify all network servers and establish their purpose,
security requirements, user base and support staff
Limit the exposure of network servers to those apps that
are critical for their primary purpose
Establish ACLs for specific IP applications. ACLs would
restrict access to specific IP apps to those servers that
have been registered to provide them
Policies and Guidelines
Password Policy & Guidelines for Sys
and Net Admins

Password Policy – Establishes a standard for




The creation of strong passwords
The protection of those passwords
The recommended frequency of change for those
passwords
Guidelines for Systems and Network
Administrators

Defines the roles of system and network administrators
from a network and systems security perspective
Proposed Network
Architecture
General Network Architecture Goals


Reduce Network systems exposure
Provide inherent containment measures
How?



Implement server registration process (Bastion
host policy)
Implement client and server nets
Implement security Access Control Lists (ACLs) to
protect client and server nets
Proposed Network
Architecture
(Existing)
Client
Probes
Server
Client
All traffic in/out
Full exposure no containment
Router
probes
Campus Network
Proposed Network
Architecture
(Intermediate)
Server-1
probes
probes
Client
Client
Server-1 traffic in/out – limited exposure Server-1 ACLs
Client traffic in/out – some containment
Router
Campus Network
Proposed Network
Architecture
(Final)
Bastion
Host
Server-1
Client
Client
probes
ACLs
ACLs
Server-1 Traffic in/out
Targeted exposure and Router
containment
Client Traffic in/out
Containment and limited
exposure
Campus Network
Establish Computer Incident
Response Team (CIRT)
The purpose of the CIRT would be twofold;


Firstly to work with all relevant University
constituents to implement proactive measures
aimed at reducing the risk and or impact of a
computer or network security incident
Secondly to manage, direct and assist University
constituencies in responding to such incidents
when they occur
Raise Awareness of
security Issues
How?


Message is that security affects everyone and
everyone has a role to play
Security events


Role of security coordinator




Like this one
Manage UGCirt
Cirt web site
Security training courses/seminars
Security awareness built into other courses