Security Management

IACT 418/918 Autumn 2005

Gene Awyzio

SITACS University of Wollongong

2

Note:

• Textbook now available in bookstore

• Essay due next week in tutorials

• Seminars one and two due next week in tutorials

• Lecture note powerpoint files can be accessed from – http://www.uow.edu.au/~gene/2005/iact418/lectures/

3

Overview Security Management

• Security management is the process of protecting sensitive information

• Sensitive information is any data an organisations wants to secure

• It may include

– Payroll data

– Customer accounts

– Research and development schedules

4

Overview Security Management

• Security management enables network engineers to protect sensitive data by

– Limiting access to hosts and network devices

– Notifying the engineer of actual breaches

5

Overview Security Management

• It consists of

– Identifying the sensitive information to be protected

– Finding the access points

• software services

• Hardware components

• Network media

– Securing the access points

– Maintaining the secure access points

6

Overview Security Management

• Should NOT be confused with

– Application security

– Operating system security

– Physical security

7

Benefits of the Security Management Process• Primary concern of users

– Lack of security for sensitive information located on HOST

• One solution

– Remove network access to host

• Whilst secure this method is not efficient and removes need for data network altogether

• Drawbacks of NOT having security management

– All users have access to ALL information

– What happen if network connects to a public network

– Virus and worm attacks

8

Accomplishing Security Management• Balance required between

– Need to secure sensitive information

– Needs of users to access information to do their job

• Security Management involves the following four steps

– Identify the sensitive information

– Find the access points

– Secure the access points

– Maintain the secure access points

9

Identify the Sensitive Information

• Determine which hosts on the network have sensitive information

– Organisation may have polices on what is considered sensitive

• Information may relate to

– Accounting

– Financial

– Customer

– Market

– Engineering

– Employees

10

Identify the Sensitive Information

• What is defined as sensitive may vary depending on the specific environment

• Most difficult part may be identifying WHERE the information resides

11

Find the Access Points

• Once you know

– What data is considered sensitive

– Where the data is located

• Need to find out how network users access the information

• Access methods and points may be

– Physical

– Software

12

Find the Access Points

• Software that accesses the network can potentially access any data on the network

• Most networks allow for remote login

– If remote login doesn’t

• Identify users uniquely and

• Limit their movements to authorised areas

– This access point needs to be examined

13

Find the Access Points

• File transfer programs

– If users cannot be uniquely identified

• Use needs to be examined or limited

• Restrict access to onsite

• DMZs

• Firewall anonymous FTP

14

Find the Access Points

• Other programs to examine may include

– Email

– Remote process execution

– File and directory servers

– Name servers

– Web servers

15

Find the Access Points

• Security management can be accomplished by

– Hiding information from client systems

– Segmenting network into regions

• Apple zones

• DMZ

16

Find the Access Points

• Leaks may come from

– Network analysers

– Network management protocols

– Network management system

• Policies may include

– Hosts with sensitive information may not also allow anonymous FTP

– Personal computer software packages MUST meet security standards before installation

17

Secure the Access Points

• Access points can be secured by

– Using encryption at the data link layer

– Secure traffic flow by using packet filters at the network layer

– On every host use one or more of

• Host authentication

• User authentication

• Key authentication

18

Maintain the Secure Access Points

• Key to maintaining security is the location of actual or potential security breaches

– May be done as part of the security audit

– Hard to keep current with volume of networking software

• May use a program itself to check for known security problems

• May offer a cash prize to first to breach security

– Generally offered by company who designed software/hardware

19

Attaching to a Public Network

• Three types of access from a public data network to an organisations network– No access

• Send and receive email

• Modem used

– Full access

– Limited access• Small subset of hosts authorised to provide public access

service

• These hosts should be separated with firewall from private zone

20

Security Management on a Network Management System• Simple

– Show where security measures have been set up

– Show all security measures applicable to device or host

– Query configuration database

21

Security Management on a Network Management System• More Complex

– Include real time application to monitor access points

– Query number of breaches using network management tool

– Produce reports on breaches

– Automatic notification

• Advanced

– Use data to guide network engineers

– Examine types of security required

– Alerts for repercussions

22

Reporting Security Events

• Audit trails that summarise and report on security

• Example

– Key personnel leaving to go to competition

• Remove physical access to network

• Remove accounts, change passwords etc

• Set up, or confirm, audit trails on device former employee had access to

• Look for files application employee may have altered to gain future access

23

Note:

• Textbook now available in bookstore

• Essay due next week in tutorials

• Seminars one and two due next week in tutorials

• Lecture note powerpoint files can be accessed from – http://www.uow.edu.au/~gene/2005/iact418/lectures/