Introduction to Network Security
johnelymasc
8,495 views
28 slides
Nov 22, 2011
Slide 1 of 28
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
About This Presentation
No description available for this slideshow.
Slide Content
Introduction to NETWORK Security
What is Network Security? consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources.
Security Challenges Computer Security Institute (CSI) Survey: over 70% networks have experienced security breach From the 70%, 60% have undergone internal breaches and only 40% are external or perimeter breaches.
2 Main reasons why security has became more important as an issue over time The hacking and attack tools have become more and more dangerous, where an attack can cause serious financial damage to a company The hacking and attack tools have become easier to use- in most cases, they are automated, allowing even a novice to use them.
Security Roles Have changed over the years In the past networks were closed to the outside world, thus attack didn’t cause much damage Mid 1990s, Internet has exploded which increases the possibility of security breach
Security Issues Security is a business problem not just a technology problem The concept of security is an illusion Managing security means managing the perception of others There are many different security technologies to choose from You must create a comprehensive security policy
Security Goals Create and implement a single, cohesive, company-wide security policy Don’t allow products to dictate security policies – policies should drive the products that you choose Centralize security management
Security Components Security is a relative or subjective problem Authentication Authorization Privacy Integrity Availability Nonrepudiation Accounting
Authentication Verifying a person’s identity (who they are)
Authorization Controlling access to resources (what they are trying to do)
Privacy Protecting confidentiality of information (what the content of the information is)
Integrity Validating that information was not changed (verifying that the information that was received has not been modified or tampered with)
Availability Providing redundancy for security (ensuring that you have a fallback solution in the event of failure or security compromise)
Nonrepudiation Proving that a transaction took place between two entities (when using online transactions, having verifiable proof that the transaction took place between 2 entities)
Accounting Recording information about an employee’s actions when interacting with data and systems as well as information about the operation (including security events) of your networking devices
Data Classification for Public/Government Agencies Unclassified data - data has few or no confidentiality requirements. Sensitive but unclassified (SBU) data - data could prove embarrassing if revealed, but no serious security breach would occur. Confidential data - Lowest level of classified data, where data protection must meet confidentiality requirements
Data Classification for Public/Government Agencies Secret data - A significant effort must be made to secure data, limiting access to a small number of people Top Secret data - Great effort and cost is used to secure data, limiting access to a very small number of people (need to know access)
Data Classification for private companies or nongovernment Public data - data is publicly available, as on a website Sensitive data - similar to SBU Private data – data is important to a company; an effort must be made to secure it and verify that it is accurate Confidential data – data is very important to a company, like trade secrets and employee records
Classification Criteria Value Personal Association Age Useful Life
Classification Procedures Who is responsible for the data? How should the information be classified, with any exceptions? How are the controls used for classification policies? When and how does declassification of data occur?
Classification Roles Role Description Performed By Owner Is ultimately responsible for the data Typically a member of the management staff Custodian Is responsible for the security of the data on a day-to-day basis Typically a member of the IT staff User Is responsible for using the data according to defined policies and operating procedures Your typical user, who can “see the trees, but not the forest” in the company and who has a ground-level view of certain data
Security Controls Preventive – used to prevent a data compromise Deterrent – used to scare away a certain number of ill-doers Detective – used to detect access to data
3 Categories that control the implementation of the security control Administrative – policy and procedural controls Technical – electronics, hardware, and software controls Physical – mechanical controls
Security Breaches: Prosecuting attackers and hackers Motive Why did they do it? Opportunity Were they available to commit the crime? Means Did they have the capability to commit the crime?
Liability: Legal and Governmental Issues A company should practice due diligence and due care when protecting sensitive data and resources. A company can be sued by its customers or employees if a breach on sensitive data happens Deal with government laws that requiring a minimal security level when protecting certain resources.
On the Job Examine security in your network from endpoint to endpoint, from where traffic enters your network, to where your users connect (switches, access points, and remote access VPN gateways) Select a product solution that focuses on end-to-end security
Questions What are the benefits that an organization would get from properly classifying data? Research about the 10 commandments of computer ethics by the Computer Ethics Institute
End of Presentation
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8,495
- Slides 28
- Favorites 2
- Age 5126 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
48 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
47 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views