Module 15. Developing a Security Plan
Download
Report
Transcript Module 15. Developing a Security Plan
Module 15: Developing a
Security Plan
Overview
Designing a Security Plan
Defining Security Requirements
Maintaining the Security Plan
A security plan is a design document that consists of
policies, procedures, implementation strategies, and
verification methods that are needed to meet your
organization's security requirements.
At the end of this module, you will be able to:
Design a security plan that will meet the security
requirements of an organization.
Define the security requirements for local and remote
networks, public and private networks, and trusted
business partners.
Develop strategies to maintain the network security
plan.
Designing a Security Plan
Defining a Security Policy
Defining the Scope of the Security Plan
Creating the Project Team
Developing the Security Plan
Deploying the Security Plan
You must establish a security plan when you determine
that your organization's current level of security no
longer meets the security requirements. A well-designed
security plan will assist your organization in
consistently addressing security issues.
To design a security plan, you must:
Define the organization's security policy.
Define the scope of the security plan.
Create a project team to design and implement the
security plan.
Develop a security plan that supports the organization's
security policy.
Deploy and test the security plan.
Designing a Security Plan
Defining a Security Policy
Providing a Security Framework
Identifying the Security Requirements
Reasons for implementing security
Resources requiring protection
Threats or risks to resources
Probability of attacks or accidental damage
Before you develop your security plan, your organization must define
its security policy. A security policy represents the guiding principle
for the organization's security plan. The security policy defines an
organization's requirements for correct computer and network usage,
and includes procedures to detect, prevent, and respond to security
incidents. An organization's security policy provides the framework
for implementing security plans and procedures.
To develop a security policy, start by identifying the security needs of
the organization. A well-conceived security policy incorporates the
requirement that employees need to perform their jobs with as little
inconvenience as possible. For example, when defining password
requirements, setting minimum password lengths to be too long can
result in users keeping a written copy of their passwords. A written
copy can pose a more significant security threat than the use of short
passwords that can be more easily memorized.
To identify the security needs for your organization, you
must identify:
The reasons for implementing security.
The resources that require protection.
The threats or risks to resources.
The probability of attacks or accidental damage
occurring to the resources.
Defining the Scope of the Security Plan
Local
Network
Remote
User
Internet
Scope
Remote
Office
Select the Risks
Select the Network Areas
Security Plan
Security plans cannot address all possible risks, so an
organization must define the scope of the plan to
specify which risks will be addressed. The scope of the
plan will determine exactly which areas of the
organization or network the security plan will address.
For example, you may be developing a security plan for a
department within your organization, or you may be developing a
plan to address the security needs of the entire organization. In the
first scenario, the scope of the plan will include security issues at a
detailed level; for example, specifying mandatory user profiles
required to prevent users from changing the pre-defined
configuration. In the second scenario, the scope of the plan will
address security issues at an organizational level; for example, the
decision to support particular protocols and authentication
methods, but not specify individual user profiles.
Defining the scope of the plan before proceeding to the planning
stage ensures that the scope does not increase beyond its intended
areas. Including the scope definition in the plan will justify the
selections of specific components in the plan.
Creating the Project Team
Project
Team
Planning
Team
Installation
Team
Training
Team
Support
Team
After you have defined the scope of the security plan,
you will need to create a project team to develop the
security plan. The project manager assembles the
necessary teams of system administrators and other
internal Information Technology (IT) professionals.
These teams will plan, test, and implement security
configurations; train users; and provide continuing
support to the security plan. If required, you can
supplement your internal teams with members from
external resources.
The project team must have upper-level management approval for
all decisions. Members of the project team can include:
Planning teams that determine the security requirements, develop
deployment strategies, and write the security plan.
Installation teams that set up the test labs to test the security
designs.
Training teams that develop the training plan and training
documentation. These teams will train the users on the best use of
any new technologies introduced by the security plan.
Support teams that develop the support plan. The support teams will
assist users during and after the security plan is deployed.
Developing the Security Plan
Security Requirements
Project Timeline
Roles and Responsibilities
Implementation Technologies
Security Configurations
When the scope of a security plan has been defined and
the security planning team has been created, you can
develop the actual security plan. Security plans are the
working components of the security policy. The security
plan documents sets of procedures. You implement
these sets of procedures to support the goal of the
security policy within the defined scope of the security
plan.
A security plan includes:
Security requirements to ensure that the security policy is met.
A project timeline that will define any relationships between tasks in
the project. Relationships will include any dependencies that exist
between the tasks that make up a project. The timeline identifies a
critical path for any tasks that must be completed before
subsequent tasks can start.
Roles and responsibilities assigned appropriately to each
participant in the project.
Implementation technologies that will be used to deploy the plan.
Security configurations for all services and components that the
security plan requires.
Upper-level management must approve your completed
security plan. You must then review the plan to ensure
that all security requirements are met. Security baseline
levels must be defined for key areas, to ensure that the
deployed plan meets or exceeds objectives.
Deploying the Security Plan
Project Timeline
Release Date
Feedback on Plan
Record Required Modifications
When the security plan has been designed and approved, the
deployment of the plan can occur. You accomplish the deployment by
establishing a project timeline. In your timeline, include all tasks
involved in accomplishing the security plan, including the release
date. A fixed release date will help the team prioritize tasks and plan
activities to accomplish the tasks accordingly. The key to project
success is finding the right balance between available resources, the
deployment date, and components of the plan.
When the deployment is complete, obtain feedback from all
participants-including users, trainers, and support technicians-and
document the information obtained during the deployment. Based on
this feedback, identify changes that will increase the effectiveness of
the security plan.
Defining Security Requirements
Local Network
Remote Network
Public Network
Partner Access
A key step in developing your security plan is the
definition of security requirements. When defining
security requirements, remember that any proposed
solutions must provide security while minimizing any
disruption to user performance. Security requirements
for a network can be partitioned to allow easier
definition of the required security levels. For example,
you can partition network security into:
Local Network
Remote network
Public network
Partner access
Planning Local Network Security
Administrative Groups
Active Directory
Computer Configurations
Local File Security
Network Topology
Non-Microsoft Clients
You must secure local network resources before
expanding the network to include access for remote
networks, public networks, and partners. Local network
security must ensure that security applied to data
stored and transmitted on the local network meets your
organization's required security standards.
When planning security for the local network, consider:
Administrative group design.
Review your administrative group design for:
Membership in administrative groups.
User rights to ensure that no groups or users have been assigned
excess privileges.
The policies in place for administrative account usage.
The Active Directory™ directory service design.
Examine your Active Directory design to determine:
Whether you have single or multiple forests.
The number of domains in the forest.
Whether your organizational unit (OU) structure allows for delegation
of administration and deployment of Group Policy as required.
When planning security for the local network, also consider:
Microsoft® Windows® 2000-based computer configurations.
When defining security templates for computer security configurations,
confirm that you have:
Defined all classes of computers for the network.
Defined all baseline security configurations for each classification.
Tested the security templates to ensure that they meet security goals.
Designed a plan to deploy all security templates.
Local file security.
For the security of local files, make sure that you have:
Reviewed and refined all of the NTFS file system permissions.
Based NTFS permission on groups rather than users.
Defined scenarios in which Encrypting File System (EFS) must be deployed.
Defined a centralized EFS recovery agent to ensure that encrypted files are
recovered.
When planning security for the local network, also consider:
Network topology.
When designing your network topology, ensure that the following
security considerations are addressed:
Verify that any applications that require secure transmissions
support application-level security.
Determine whether any areas of the network cross insecure
boundaries.
Make sure that your OU structure is designed to facilitate Internet
Protocol Security (IPSec) policy assignments.
Make sure that network hubs and routers are in secured areas.
Non-Microsoft clients.
For any non-Microsoft clients, determine:
Which network resources non-Microsoft clients need to
access.
Whether requirements exist for clients to authenticate
with Active Directory.
How to configure gateway services for non-Microsoft
operating systems so that baseline security
requirements are maintained.
Planning Remote Network Security
Remote Access Users
Connectivity to Remote
Offices
Your security plan must address the risks associated
with providing access to your network by remote users
and remote offices. Your plan must provide for secure
access for authorized remote users, while keeping your
network secure from unauthorized remote users.
Remote users may connect to your network by using
dial-up connections or dedicated connections between
offices, or they may use tunnels over established
Internet connections. The risks associated with these
remote connections will depend on the level of
accessibility allowed when the user connects to your
network.
When designing a security plan for the remote network,
consider:
Remote access users.
For remote user access, you must determine:
Which users will require remote access.
Which protocols will be used to support remote access
authentication.
Whether you will need to support dial-up or virtual
private network (VPN) access, or both.
Whether you will use the Internet Authentication Service
(IAS) to centrally manage remote access policy.
When designing a security plan for the remote network, also consider:
Connectivity to remote offices.
For connectivity to remote offices, you must determine:
The type of information that will be transferred.
Whether to use a dedicated network link, or a tunnel over a public
network.
Whether the network infrastructure uses network address translation
(NAT).
Whether Routing and Remote Access in Windows 2000 is required
to connect third-party products.
The security configuration that meets the security policy for the type
of connection deployed to the remote office.
Planning Public Network Interaction
Partners
Securing the Local Network
from the Public Network
Providing Secure Access to
the Public Network
Having access to public networks, such as the Internet,
is critical to many business functions. Your security
plan must provide access to public networks that is
adequate for business requirements, while protecting
your local network from security threats.
When designing a security plan for interacting with a
public network, consider:
Securing the local network from the public network.
To secure you local network, you must determine:
Which resources will be exposed to Internet users.
What type of screened subnet you will deploy.
The firewall rules required to restrict network traffic at the
external and internal firewalls.
What type of access to the screened subnet will be
required from the internal network.
When designing a security plan for interacting with a public
network, also consider:
Providing secure access to the public network.
To provide secure access to the public network, your must
determine:
Which internal network users will require access to the Internet.
Whether to impose restrictions on specific content or Web sites.
Whether you can use Windows 2000 security groups to manage
Internet access.
Whether centralized management of Microsoft Internet Explorer
settings will be required
Planning Partner Access to the Network
Connecting Partners to
the Network
Designing a Public Key
Infrastructure
Securing access for trusted business partners includes
designing authentication methods and configuring
security so that only the required access is granted to
partners.
When your security plan must include access for
business partners, you must determine the level of
access that your partners require and develop a
solution to meet those requirements. Your security plan
must provide both the method for partner access to
your network and the means to secure the partner
access.
When designing a security plan for partner access to your network,
consider:
Connecting your partners to your network.
When providing network access to partners, you must determine:
Which connection methods partners will use.
The applications to which partners will have access.
Whether an extranet will be used for partner resources.
Which partners will require user accounts in Active Directory.
Whether trust relationships must be established between domains in
your forest and partners' domains.
When designing a security plan for partner access to your network,
also consider:
Designing a Public Key Infrastructure (PKI). When designing a PKI,
you must establish:
Which applications or services will require certificates for
authentication.
Who will manage certificates issued by an internal certification
authority (CA).
Which applications will require an external CA.
Whether you must deploy a stand-alone or enterprise CA.
What structure you will require for a CA hierarchy.
Whether partners will require certificates to be mapped to user
accounts in Active Directory.
Methods for your organization to recover from a failed or
compromised CA.
Maintaining the Security Plan
Modifying the Security Plan
Monitoring Security Issues
When you have implemented your security plan, you must make
sure that your network security continues to meet your
organization's security requirements. In developing a security plan
maintenance strategy, you need to identify the functional areas
within your organization that may be affected by changes to your
organization. Organizational changes may necessitate changing the
existing security configuration to meet new security requirements.
The goal of designing a maintenance strategy for the security plan
is to develop an effective strategy that does not require change as
the organization and the security plan change.
As part of your maintenance strategy, you must identify security
updates that are made to products used within your organization,
and you must then update your security plan accordingly.
In this lesson you will learn about the following topics:
Modifying the security plan
Monitoring the security plan
Modifying the Security Plan
Organizational Change May Result In:
Modifying security requirements
Expanding the scope of the plan
Developing a new plan
Organizations undergo changes from time to time, and
these changes are likely to affect the security plan and
the underlying security requirements. Organizational
change can include corporate reorganization,
expansion, downsizing, change of location,
partnerships with other organizations, and mergers with
other organizations.
Organizational changes and reorganization may result
in changes to your organization's security requirements
and the need for you to modify your security plan. For
example, a bank may merge with another financial
institution, and bring with it additional locations,
products, and services.
When there are changes in your organization, you must
identify and analyze the effects of any change by
asking:
Will the organizational changes result in the need to
modify security requirements?
Do the organizational changes require that the scope of
the existing security plan be increased?
Will the new security requirements be handled by
expanding the existing security plan, or by developing a
new one?
As part of ongoing security maintenance, you must
remain up-to-date on security issues for your
organization's software and hardware. Security issues
can arise when attackers find vulnerabilities in software
and hardware deployed in your organization.
Sources of Security Information
Sources available to you for information about security
issues include:
Web-based security bulletins.
Security newsgroups.
E-mail list servers.
Subscription-based e-mail services.
Paper-based security bulletins.
Because not all sources of information are reliable, you
must verify the authenticity of any sources that you use.
Deploying Security Updates
When Microsoft updates critical security issues with
Windows 2000, these issues are posted on the Windows
Update site (windowsupdate.microsoft.com), and are
available for you to download. Alternatively, you can
receive notification of security updates by subscribing
to Microsoft Security Notification Service at
www.microsoft.com/security.
After you have downloaded a security update, you must
then deploy it to the required computers. To deploy the
update, you can use software deployment in Group
Policy or in Microsoft Systems Management Server.
Computers running non-Microsoft operating systems
will need alternative methods of deploying security
updates.
Caution: You must test any suggested security changes
to software before deploying the changes to your
organization, because the security update may
inadvertently introduce a security weakness or
otherwise change security settings.
Monitoring Security Issues
Sources of Security Information
Deploying Security Updates
Lab A: Developing a Security Plan
Objectives
After completing this lab, you will be able to:
Design a security plan that will meet the security
requirements of an organization.
Define the security requirements for local and remote
networks, public and private networks, and trusted
business partners.
Develop strategies to maintain network security.
Prerequisites
Before working on this lab, you must have:
Knowledge of security policies and how to configure
them.
Knowledge of security risks and how to prioritize them.
Knowledge of the strategies used to implement
solutions to meet security requirements.
Goal
In this exercise, you are presented with the task of
designing a security plan for Contoso, Ltd., a largesized organization where you are responsible for IT
operations in the Human Resources (HR) department.
You will develop a solution to meet the organization's
security requirements.
To design your solution, review the scenario and design
criteria, and then complete the scope of the plan and the
design worksheets.
Scenario
Your company, Contoso, Ltd., is a bank with over 500 branches
across the United States and 20 branches internationally. Contoso,
Ltd. employs a total of 40,000 people. You are responsible for IT
security in the HR department, which has staff in the main office
and in several of the larger branch offices throughout the United
States.
Contoso, Ltd. has a large IT department, with many groups within
that department solely responsible for the systems that they
maintain. Your responsibilities are limited to the HR department.
Other groups within the IT department have responsibility for areas,
such as Internet access, remote access, e-mail, and network
infrastructure. The HR department is responsible for managing the
recruitment of new staff, conducting interviews, setting salary
levels, participating in performance reviews, and managing contract
staff.
Exercise 1: Developing a Security Plan for a Large
Organization
The HR department has experienced numerous security breaches
in the last few months. One of those breaches involved a virus
spreading through the e-mail system, and another was due to
someone from your department posting confidential information on
an a company Web site that is accessible from the Internet.
Currently, Contoso, Ltd. has connections to the Internet for Web
browsing, and in the HR department, permission to browse the Web
is granted on an as-needed basis. The internal HR systems are not
on the Web, but HR receives resumes from job applicants through
Internet e-mail.
The department is currently recruiting a large number of staff, and
uses several external agencies to aid the recruitment process.
These external agencies need limited access to HR information
from the internal HR database and file servers. A VPN server
enables external agencies to access the HR department's
information. The VPN server allows limited access to only specific
servers in the HR network. User accounts for external agency users
are created within a partner OU and granted remote access as
necessary.
In the current network configuration:
The HR database contains all salary, review, and employee benefit
information. This information is confidential, and access to it is
restricted to certain HR personnel and managers.
HR has several file servers used for storing confidential documents
and forms.
HR uses e-mail extensively for both internal communication and
communication with prospective employees. Authenticity of
internal communication through e-mail is currently verified by the
use of certificates.
The IT department has more than 1,500 staff members.
HR has a VPN server with a connection to the Internet that allows
external agency users access to certain resources. This VPN server
is in a screened subnet, and is only allowed access to specific HR
servers.
Design Criteria
Your solution must meet the following criteria:
All HR information must be secure from internal hackers
and accidental internal break-ins.
Only select HR staff can make changes to the database.
Access to confidential employee information is confined
to HR staff.
The accounting department must have access to salary
data
Planning Worksheet Instructions
The following table lists existing policies and solutions
for risks that have been identified.
Risks
Policy
Virus infection All incoming files
through e-mail must be scanned by a
virus scanner.
Loss of
Must not allow
access to HR internal users to
file servers
perform attacks
due to an
oninternal file
internal DoS
servers.
attack
Printing
Confidential
confidential
information shall only
HR data to
be printed on secure
public or
printers.
insecure
printers
Designs
Use Group Policy to deploy a desktop virus
scanner and configure scanning preferences.
Virus scanner must scan e-mail.
Monitor audit logs to identify attacks before
they happen to minimize the chance of a
successful attack. Make sure that all file
server security issues are implemented on all
internal servers.
Train staff on which printers to use for each
form of data. Use permissions to restrict
access to printers for staff members who
work with confidential data. Use scripts to
configure printer connections for staff with
access to confidential information.
Review
Designing a Security Plan
Defining Security Requirements
Maintaining the Security Plan