...

Saturday, March 13, 2010

CCNA Security 2

The steps of Cisco Secure Network Life Cycle are:1) Initiation
2) Acquisition and Development
3) Implementation
4) Operations and Maintenance
5) Disposition

In the SDLC (Cisco's Secure Development Life Cycle for Secure Networks), initiation is used to categorize risks (recall that risks are chances that a vulnerability may be exploited). Risk categories include:
1) Catastrophe - A business process is destroyed
3) Disaster - A business process is disrupted for an entire day or more
4) Non-Disaster - A business process is disrupted for a finite period of time

In network security, there is a principle known as the SoD (Separation of Duties). SoD states that no one person should be able to compromise the whole system. SoD also states that there should be two-man and dual operator controls in place.

In a two-man control situation, multiple individuals audit and approve of each other's work. This is an administrative control. On the other hand, the dual operator control is when a certain task requires two user's approval to carry out, such as a safe deposit box which requires the customer's and the bank's keys to open. This is a technical control.

There are many types of testing techniques, including:
1) Network scanning
2) War driving
3) Penetration testing
4) Log analysis
5) Password cracking
6) Vulnerability detection
7) Integrity checkers
8) Virus detection
9) War dialing

Scanners probe a network for vulnerabilities and can even simulate an attack, while probes take a more passive role of monitoring a network for signs of probes, scanners and attacks.

Warm sites are redundant sites without real-time copies of data and software. Most of the time a disaster recovery team needs to be dispatched to restore data to the site for it to become fully functional. This is different from hot sites which are synchronized real-time and is able to continue operation immediately.

Policies are made up of many components. The first level hierarchy can be split into:
1) Technical policies - General, Email, Remote-access, Telephony, Application, Network, Wireless etc.
2) End-user policies - Policies such as the AUP.

The AUP is the Acceptable Use Policy, which is most visible to users. It sets out rules as to what is allowed and what isn't to prevent misinterpretation. Things that an AUP contain include the list of websites not allowed during work, etc.

Policies are very general. For a more specific plan for the implementation and actualization of policies, we need to use Standards, Guidelines and Procedures.

Policies specify the overall statements of direction, management position on security issues, organization goals in the context of security, definition of roles an so on.

Standards define the measuring stick against which the efficacy of security controls is judged, resulting in the consistent, uniform application of specific technologies. Usually mandatory.

Guidelines are used to ensure adherence to more general security policies, usually not mandatory.

Finally, procedures are detailed steps to accomplish certain tasks.

There are two broad categories of risk analysis:
1) Qualitative - Using the asset value as a starting point, and develop a mathematical model to come up with a monetary figure of expected losses.
2) Quantitative - This is a scenario-based model which is useful for countries, large cities, and places where it is impractical to list all assets.

Quantitative risk assumes that risk can be determined mathematically, therefore we have a Quantitative Risk Analysis Formula:
ALE = SLE*ARO where SLE = AV*EF.

AV stands for the Asset Value. It is the cost of an individual asset. EF is the exposure factor represented as a percentage the threat is expected to occur. ARO is the annualized rate of occurrence, which is the estimated frequency a threat is expected to occur annually. SLE is the result of AV*EF, which stands for the cost of a single instance of a threat. ALE is the expected loss an individual threat will cause an organization.

ALE itself is useless. ALE of every asset groups should be calculated to show the relative risks to develop a more effective security policy.

Firewalls used to be the definitive element as the security perimeter of a network, but due to the advent of new tunneled services as vectors of attacks, the perimeter of a network is said to be blurring.

Cisco Security Agent, AVS and MARS are threat control for endpoints. ISRs, IPSs and ASA are threat control for both infrastructure, and endpoints. NAC appliances are threat control for infrastructure.

1 comment :

  1. There are various online auction sites that you just can check out every so often if
    you wanted to find the best prices on your ugg boots.
    ì (IE: sand, chestnut, chocolate, black) UGG boots. Nevertheless, with super delicate ease and convenience,
    increased desire, and winter season season approaching, you'll be able to still discover some terrific provides.

    Feel free to visit my web blog; コーチ バッグ

    ReplyDelete

<