Security Safeguards and Best Practices
assets given one or more vulnerabilities. Defense in depth calls for lay- ering multiple security functions in order to improve the risk level by al- tering either the time relationship, the resources relationship, or both necessary for the hacker. Defense in depth doesn’t just help with aspects of time and resources though, it also helps with responding and recov- ering once certain acts take place.
Defense in depth can include a combination of these security mea- sures to effectively meet the needs of each environment.
■ Protecting user accounts
■ Protecting administrative accounts and remote management interfaces
■ Protecting against Trojan applications, viruses, and other malicious scripts
■ Protecting against software architecture design flaws
■ Protecting against system and application configuration errors ■ Protecting against software programming errors
■ Protecting against user naiveté, carelessness, or stupidity ■ Protecting against eavesdropping (network sniffing to
shoulder surfing)
■ Protecting against user impersonation (electronically or phone) ■ Protecting against physical theft (office, datacenter, traveling,
and remote locations)
■ Protecting against inappropriate use of resources
Network Security Best Practices
Expanding upon the safeguards and controls, as well as the defense in depth principals mentioned earlier, the following list of network security best practices will help you tie-in the principals and information intro- duced to you with active security measures that outline comprehensive network security methods that can safeguard any organization. Don’t worry if many of these seem unclear to you right now, we expand on these topics with greater clarity in subsequent chapters.
■ Protect the different network environments by layering multiple types of security technologies and protection measures. The level and cost should be equitable to the value of information being protected.
■ Compartmentalize both physical (databases and web servers, for example) and logical (inbound customer web services and outbound employee Internet use) operational resources.
Put different Internet services (HTTP, database, FTP, mail) on different networks or VLANs with strict traffic control between them.
■ Use firewalls to control critical network border points and provide advanced auditing, logging, and alerting.
■ Control source addresses at border points of critical environments such as Internet and organizational server operations.
■ Implement split DNS architecture for internal organization and Internet operations use. Control zone transfers.
■ Tightly control and regulate administrative accounts. ■ Compartmentalize system administration and root account
passwords across network functional environments and technologies (different passwords for the routers, web or Solaris servers, for example).
■ Do not use unsecured Telnet and FTP. If you do not use SSH or Secure Copy, then at least use secure remote password enabled Telnet and FTP (http://srp.stanford.edu).
■ Do not allow Internet-based system administration.
■ Diligently update vendor patches and fixes for both operational and user systems.
■ Implement critical security technology such as firewalls, virus scanning, intrusion detection, advanced log analysis, and web input filters.
■ Consider double firewall layers and multiple firewall manufacturers for border or resource control points. ■ Proxy inbound Internet connections for Internet services
such as FTP, SMTP, HTTP (if feasible).
■ Proxy user’s outbound HTTP connections with authentication. ■ Implement “hardened” security configurations on border
and operationally critical routersandswitches (do not rely on standard router and VLAN configurations). This would apply both at external Internet border points and internal critical network junctures.
■ Control allowed outbound network traffic as well as inbound. Allow in and out only what is operationally necessary for those systems and networks.
■ Implement two-factor authentication for all external intranet access.
■ Implement two-factor authentication for all administrative accounts.
■ Run only operationally necessary services and applications on systems in Internet operational areas, both servers and network devices.
■ Minimize the number of user accounts on operationally critical systems.
■ Require very strong passwords for system administration and strong passwords for users.
■ Strip dangerous e-mail attachments at network gateways. ■ Require user e-mail account passwords to be different from
system account passwords.
■ Conduct risk assessments for critical services, systems, and environments at a minimum.
■ Conduct regular vulnerability assessments on the network infrastructure (internal and external) as well as web applications and services.
Figure 1-3 (from the Australian Office of Information Technology’s Information Security Guideline Part 1) illustrates the relationships of the different elements of security to one another and sets the stage for Chapter 2. Having a general understanding of these concepts and rela- tionships is required to begin protecting organizational assets with an effective risk management program and information security plan.
Network Security Safeguards and Best Practices
Chapter 1: Security Principles and Components
15
Network Security Safeguards and Best Practices
SUMMARY
We covered a lot of ground in this chapter. It may all be new to you or it may not. Regardless, it’s important to emphasize that these fundamen- tal concepts and building blocks play a major role in understanding the nature, methods, and guidelines surrounding information security and the protection of computer systems. We first introduced the ARBIL lifecycle and CIA models that describe the “what” and “why” of infor- mation security. Then we presented the concepts of the hacking pro- cess, threat types, targets, and safeguards. Finally, given the context of those items, we pulled it all together with some representative active best practice network security measures.
Information security and risk management programs cannot enable and maintain the proper safeguards and controls if the processes and methods governing their creation and use are flawed or missing key components; or the correct frame of reference is not being utilized. In Chapter 2, we continue along the path of understanding the risk man- agement and risk assessments and how they help us properly define the resources that we need to protect.
Chapter 2
INFOSEC
Risk Assessment
and Management
17
IN THIS CHAPTER:
■ Risk Management Using the SMIRA Process ■ What Is Risk Management?
■ What Is Risk Assessment? ■ Risk Assessment Terminology and
Component Definitions ■ Conducting a Risk Assessment
I
n Chapter 1 we introduced you to the governing principles of infor- mation security and network security guidelines. In Chapter 2 we continue with principles and methodologies by introducing the con- cepts of risk assessments and risk management. Often a confusing, bor- ing, and misunderstood topic, risk assessments are an integral part of the information security lifecycle. When used correctly they can be a tre- mendous help in terms of properly safeguarding your organization’s network.The following sections may seem very confusing at first. Bear in mind that these are often complicated concepts to most people. The figures in this chapter will also help provide an overall understanding, although they may not become entirely clear until you get through the chapter.