CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

Upload

CISSP - Certified Information Systems Security Professional Study Guide, Third E

dition

Browse

Download

Standard view Full view of 13 ? ? ? ? ? ?

? ? ?

fundamental network security.pdf Ratings: ????? (0)|Views: 64|Likes: 0 Published by swordmy2523 network security fundamental

See More

Fundamental Principles of Network Security Revision 1 by Christopher Leidigh Introduction2Security basics3Basic network host security7Securing access to devi ceand systems7Secure access protocols10Best practices for networkSecurity11Concl usion12Resources13 Click on a section to jump to it Contents White Paper 101 Security incidents are rising at an alarming rate everyyear. As the complexity o f the threats increases, so dothe security measures required to protect networks .Data center operators, network administrators, andother data center professiona ls need to comprehendthe basics of security in order to safely deploy andmanage networks today. This paper covers the funda-mentals of secure networking systems

, includingfirewalls, network topology and secure protocols. Bestpractices are a lso given that introduce the reader tosome of the more critical aspects of secur ing a network. Executive summary > white papers are now part of the Schneider Electric white paper libraryproduced by Schneider Electric s Data Center Science Center DCSC@Schneider-Electric.com

You're reading a free preview. Pages 2 to 13 are not shown in this preview.

Read the full version

Fundamental Principles of Network SecuritySchneider Electric Center White Paper 101

Data Center Science

Rev 1

Securing the modern business network and IT infrastructure demands an end-to-end approach and a firm grasp of vulnerabilities and associated protective measures. While suchknowledge cannot thwart all attempts at network incursion or system a ttack, it can empower network engineers to eliminate certain general problems, g reatly reduce potential damages,and quickly detect breaches. With the ever-incre asing number and complexity of attacks,vigilant approaches to security in both l arge and small enterprises are a must. Figure 1 illustrates the steep rise in security incidents occurring each year, as report ed to the CERTCoordination Center (a center of Internet security expertise).This paper presents security fundamentals as well as some best practices regarding th enetwork, computer hosts and infrastructure network elements. Since there is no such thingas the only way to approach security , it is left up to the reader / impl ementer to best judgewhat measures are appropriate. The people problem People are truly the weakest link in any security schema. Most people are not ca reful aboutkeeping secrets such as passwords and access codes that form the basi s for most securesystems. All security systems rely on a set of measures employe d to control access, verifyidentity and protect disclosure of sensitive informat ion. These measures usually involve oneor more secrets . Should a secret be reveale d or stolen then the systems that are protectedby these secrets can be compromis ed. It may seem like a terribly obvious statement, butmost systems are compromis ed in very basic ways. Leaving a Post-It note with a systempassword stuck to the side of a computer monitor may seem foolish, but many people in factdo such thi ngs. Another example, which is only slightly less obvious, is the tendency to le avefactory default passwords in certain network devices. One such device might b e a network Introduction 1998-2003 by Carnegie Mellon University Year e N u m d b e r o f I n c i d e n t s R e p o r t

82,09455,10021,7569,8593,7342,1342,5732,4122,340 1995 1996 1997 1998 1999 2000 2001 2002 2003 90,00085,00080,000 75,000 70,00065,00055,000 50,000 60,00045,00040,00030,000

25,000 35,00020,00015,0005,000 0 10,000 100,000 95,000 Figure 1 Security incidents by year CERT.ORG

You're Reading a Free Preview Page 2 is not shown in this preview. Download

Fundamental Principles of Network SecuritySchneider Electric Center White Paper 101

Data Center Science

Rev 1

management interface to a UPS. UPS systems, whether small in capacity or large e nough topower 100 servers, are often overlooked in a security scheme. If such de vices are left withdefault usernames and passwords, it could just be a matter of time before someone gainsaccess knowing nothing more than the device type and i ts published default credentials.Imagine a server bank with rock solid security protocols on each web and mail server crashedby a simple power cycle on an unpro

tected UPS! Security, the big picture A secure enterprise , big or small, should have an approach to security that is co mprehen-sive and end-to-end if it is to be effective. Most organizations do not have such policies andpractices in place. There are some good reasons for this; security clearly comes at a cost.This cost can be measured not just in dollars, but also in complexity, time and efficiency. Tomake things secure, it is necessa ry to spend money, perform more procedures, and wait for these procedures to com plete (or perhaps involve someone else).The reality is that true security progra ms are difficult to achieve. It is usually necessary tochoose a schema that has a certain amount of cost and an understood amount of securitycoverage. (This is al most always less than comprehensive and end to end .) The point hereis to make educ ated decisions for each aspect of an overall system and to consciouslyemploy mor e or less in a calculated fashion. If one knows the areas that are less protecte d,one can at least monitor such areas to determine problems or breaches. Knowing the network It is not possible to protect anything unless one clearly understands WHAT one w ants toprotect. Organizations of any size should have a set of documented resour ces, assets andsystems. Each of these elements should have a relative value assi gned in some manner asto their importance to the organization. Examples of thing s that should be considered areservers, workstations, storage systems, routers, switches, hubs, network and Telco links, andany other network elements such as p rinters, UPS systems and HVAC systems. Other important aspects of this task incl ude documenting equipment location and any notes ondependencies. For instance mo st computers will rely on power backup systems such asUPSs which themselves may be part of the network if they are managed. Environmentalequipment such as HVAC units and air purifiers may also be present. Understanding different threats The next step is to identify the potential threats own in Table 1 . Threats can come from both internal and external sources. They may be humanbas ed, automated or even non-intentional natural phenomenon. The latter might morea ppropriately be categorized under system health threats as opposed to security t hreats, butone issue can lead to the other. One example is a power outage to a b urglar alarm. Thepower outage could be intentional or through some natural event such as a lightning strike.In either case security is diminished. Security basics to each of these elements as sh

You're Reading a Free Preview Page 3 is not shown in this preview. Download

You're Reading a Free Preview Page 4 is not shown in this preview. Download

Activity (0) Filters ?Add to collection?Review?Add note?Like?Embed

No activity yet

More From This User

Modul SAY 2012 Update swordmy2523

IT-Jadual Program SAY 2012 swordmy2523

Planner for Tugas Harian swordmy2523

PC parts and assembly presentation swordmy2523

flash_cs3_animation_1_mt swordmy2523

Acronis true image userguide swordmy2523

Storyboard Format

swordmy2523

Tatacara Pengurusan Stor swordmy2523

network-security.ppt swordmy2523

security-policy-checklist-.pdf swordmy2523

Hands on Access 2007.pdf swordmy2523

folio.pdf swordmy2523

Carta Alir Tatacara Permohonan Peralatan ICT Secara Berpusat swordmy2523

49185358 Fundamentals of Preventive Maintenance swordmy2523

Preventive-Maintenance.pdf swordmy2523

garis_panduan_polisi_rangkaian.pdf swordmy2523

Storyboard Format

swordmy2523

windows history diagram swordmy2523

Cabling Best Practices swordmy2523

computer assembly swordmy2523

Active Directory swordmy2523

Phonology swordmy2523

polya swordmy2523

Prolink ShareHub Device Server swordmy2523

Download and print this document Read and print without ads Download to keep your version Edit, email or read offline Choose a format: .PDF.TXT Download

AboutAbout Scribd Team Blog Join our team! Contact Us SubscriptionsSubscribe today Your subscription Gift cards Advertise with usGet started

AdChoices SupportHelp FAQ Press Purchase Help PartnersPublishers Developers / API LegalTerms Privacy Copyright Get Scribd Mobile Scribd on Appstore Scribd on Google Play Mobile Site Copyright 2014 Scribd Inc. Language: English

Upload

Browse

Download Standard view Full view of 13 ? ? ? ? ? ?

? ? ?

fundamental network security.pdf Ratings: ????? (0)|Views: 64|Likes: 0 Published by swordmy2523 network security fundamental

See More

Fundamental Principles of Network Security Revision 1 by Christopher Leidigh Introduction2Security basics3Basic network host security7Securing access to devi ceand systems7Secure access protocols10Best practices for networkSecurity11Concl usion12Resources13 Click on a section to jump to it Contents

White Paper 101 Security incidents are rising at an alarming rate everyyear. As the complexity o f the threats increases, so dothe security measures required to protect networks .Data center operators, network administrators, andother data center professiona ls need to comprehendthe basics of security in order to safely deploy andmanage networks today. This paper covers the funda-mentals of secure networking systems , includingfirewalls, network topology and secure protocols. Bestpractices are a lso given that introduce the reader tosome of the more critical aspects of secur ing a network. Executive summary > white papers are now part of the Schneider Electric white paper libraryproduced by Schneider Electric s Data Center Science Center DCSC@Schneider-Electric.com

You're reading a free preview. Pages 2 to 13 are not shown in this preview.

Read the full version

Fundamental Principles of Network SecuritySchneider Electric Center White Paper 101

Data Center Science

Rev 1

Securing the modern business network and IT infrastructure demands an end-to-end approach and a firm grasp of vulnerabilities and associated protective measures. While suchknowledge cannot thwart all attempts at network incursion or system a ttack, it can empower network engineers to eliminate certain general problems, g reatly reduce potential damages,and quickly detect breaches. With the ever-incre asing number and complexity of attacks,vigilant approaches to security in both l arge and small enterprises are a must. Figure 1 illustrates the steep rise in security incidents occurring each year, as report ed to the CERTCoordination Center (a center of Internet security expertise).This paper presents security fundamentals as well as some best practices regarding th enetwork, computer hosts and infrastructure network elements. Since there is no such thingas the only way to approach security , it is left up to the reader / impl ementer to best judgewhat measures are appropriate. The people problem People are truly the weakest link in any security schema. Most people are not ca reful aboutkeeping secrets such as passwords and access codes that form the basi s for most securesystems. All security systems rely on a set of measures employe d to control access, verifyidentity and protect disclosure of sensitive informat ion. These measures usually involve oneor more secrets . Should a secret be reveale d or stolen then the systems that are protectedby these secrets can be compromis ed. It may seem like a terribly obvious statement, butmost systems are compromis ed in very basic ways. Leaving a Post-It note with a systempassword stuck to the side of a computer monitor may seem foolish, but many people in factdo such thi ngs. Another example, which is only slightly less obvious, is the tendency to le avefactory default passwords in certain network devices. One such device might b e a network Introduction 1998-2003 by Carnegie Mellon University Year e N u m d b e r o f I n c i d e n t s R e p o r t

82,09455,10021,7569,8593,7342,1342,5732,4122,340 1995 1996 1997 1998 1999 2000 2001 2002 2003 90,00085,00080,000

75,000 70,00065,00055,000 50,000 60,00045,00040,00030,000 25,000 35,00020,00015,0005,000 0 10,000 100,000 95,000 Figure 1 Security incidents by year CERT.ORG

You're Reading a Free Preview Page 2 is not shown in this preview. Download

Fundamental Principles of Network SecuritySchneider Electric Center White Paper 101

Data Center Science

Rev 1

management interface to a UPS. UPS systems, whether small in capacity or large e nough topower 100 servers, are often overlooked in a security scheme. If such de vices are left withdefault usernames and passwords, it could just be a matter of time before someone gainsaccess knowing nothing more than the device type and i ts published default credentials.Imagine a server bank with rock solid security protocols on each web and mail server crashedby a simple power cycle on an unpro tected UPS! Security, the big picture A secure enterprise , big or small, should have an approach to security that is co mprehen-sive and end-to-end if it is to be effective. Most organizations do not have such policies andpractices in place. There are some good reasons for this; security clearly comes at a cost.This cost can be measured not just in dollars, but also in complexity, time and efficiency. Tomake things secure, it is necessa ry to spend money, perform more procedures, and wait for these procedures to com plete (or perhaps involve someone else).The reality is that true security progra ms are difficult to achieve. It is usually necessary tochoose a schema that has a certain amount of cost and an understood amount of securitycoverage. (This is al most always less than comprehensive and end to end .) The point hereis to make educ ated decisions for each aspect of an overall system and to consciouslyemploy mor e or less in a calculated fashion. If one knows the areas that are less protecte d,one can at least monitor such areas to determine problems or breaches. Knowing the network It is not possible to protect anything unless one clearly understands WHAT one w ants toprotect. Organizations of any size should have a set of documented resour ces, assets andsystems. Each of these elements should have a relative value assi gned in some manner asto their importance to the organization. Examples of thing s that should be considered areservers, workstations, storage systems, routers, switches, hubs, network and Telco links, andany other network elements such as p rinters, UPS systems and HVAC systems. Other important aspects of this task incl ude documenting equipment location and any notes ondependencies. For instance mo st computers will rely on power backup systems such asUPSs which themselves may be part of the network if they are managed. Environmentalequipment such as HVAC units and air purifiers may also be present. Understanding different threats The next step is to identify the potential threats own in Table 1 . Threats can come from both internal and external sources. They may be humanbas ed, automated or even non-intentional natural phenomenon. The latter might morea ppropriately be categorized under system health threats as opposed to security t hreats, butone issue can lead to the other. One example is a power outage to a b urglar alarm. Thepower outage could be intentional or through some natural event such as a lightning strike.In either case security is diminished. Security basics to each of these elements as sh

You're Reading a Free Preview

Page 3 is not shown in this preview. Download

You're Reading a Free Preview Page 4 is not shown in this preview. Download

Activity (0) Filters ?Add to collection?Review?Add note?Like?Embed

No activity yet

More From This User

Modul SAY 2012 Update swordmy2523

IT-Jadual Program SAY 2012 swordmy2523

Planner for Tugas Harian swordmy2523

PC parts and assembly presentation swordmy2523

flash_cs3_animation_1_mt swordmy2523

Acronis true image userguide swordmy2523

Storyboard Format swordmy2523

Tatacara Pengurusan Stor swordmy2523

network-security.ppt swordmy2523

security-policy-checklist-.pdf swordmy2523

Hands on Access 2007.pdf swordmy2523

folio.pdf swordmy2523

Carta Alir Tatacara Permohonan Peralatan ICT Secara Berpusat swordmy2523

49185358 Fundamentals of Preventive Maintenance swordmy2523

Preventive-Maintenance.pdf swordmy2523

garis_panduan_polisi_rangkaian.pdf swordmy2523

Storyboard Format swordmy2523

windows history diagram swordmy2523

Cabling Best Practices swordmy2523

computer assembly swordmy2523

Active Directory swordmy2523

Phonology swordmy2523

polya swordmy2523

Prolink ShareHub Device Server swordmy2523

Download and print this document Read and print without ads Download to keep your version Edit, email or read offline Choose a format: .PDF.TXT Download

AboutAbout Scribd Team Blog Join our team!

Contact Us SubscriptionsSubscribe today Your subscription Gift cards Advertise with usGet started AdChoices SupportHelp FAQ Press Purchase Help PartnersPublishers Developers / API LegalTerms Privacy Copyright Get Scribd Mobile Scribd on Appstore Scribd on Google Play Mobile Site Copyright 2014 Scribd Inc. Language: English

Upload

Browse

Download Standard view Full view of 13 ? ? ? ? ? ?

? ? ?

fundamental network security.pdf Ratings: ????? (0)|Views: 64|Likes: 0 Published by swordmy2523

network security fundamental

See More

Fundamental Principles of Network Security

Revision 1 by Christopher Leidigh Introduction2Security basics3Basic network host security7Securing access to devi ceand systems7Secure access protocols10Best practices for networkSecurity11Concl usion12Resources13 Click on a section to jump to it Contents White Paper 101 Security incidents are rising at an alarming rate everyyear. As the complexity o f the threats increases, so dothe security measures required to protect networks .Data center operators, network administrators, andother data center professiona ls need to comprehendthe basics of security in order to safely deploy andmanage networks today. This paper covers the funda-mentals of secure networking systems , includingfirewalls, network topology and secure protocols. Bestpractices are a lso given that introduce the reader tosome of the more critical aspects of secur ing a network. Executive summary > white papers are now part of the Schneider Electric white paper libraryproduced by Schneider Electric s Data Center Science Center DCSC@Schneider-Electric.com

You're reading a free preview. Pages 2 to 13 are not shown in this preview.

Read the full version

Fundamental Principles of Network SecuritySchneider Electric Center White Paper 101

Data Center Science

Rev 1

Securing the modern business network and IT infrastructure demands an end-to-end approach and a firm grasp of vulnerabilities and associated protective measures. While suchknowledge cannot thwart all attempts at network incursion or system a ttack, it can empower network engineers to eliminate certain general problems, g reatly reduce potential damages,and quickly detect breaches. With the ever-incre asing number and complexity of attacks,vigilant approaches to security in both l arge and small enterprises are a must. Figure 1 illustrates the steep rise in security incidents occurring each year, as report ed to the CERTCoordination Center (a center of Internet security expertise).This paper presents security fundamentals as well as some best practices regarding th enetwork, computer hosts and infrastructure network elements. Since there is no such thingas the only way to approach security , it is left up to the reader / impl ementer to best judgewhat measures are appropriate. The people problem People are truly the weakest link in any security schema. Most people are not ca reful aboutkeeping secrets such as passwords and access codes that form the basi s for most securesystems. All security systems rely on a set of measures employe d to control access, verifyidentity and protect disclosure of sensitive informat ion. These measures usually involve oneor more secrets . Should a secret be reveale d or stolen then the systems that are protectedby these secrets can be compromis ed. It may seem like a terribly obvious statement, butmost systems are compromis ed in very basic ways. Leaving a Post-It note with a systempassword stuck to the side of a computer monitor may seem foolish, but many people in factdo such thi ngs. Another example, which is only slightly less obvious, is the tendency to le avefactory default passwords in certain network devices. One such device might b e a network Introduction

 1998-2003 by Carnegie Mellon University Year e N u m d b e r o f I n c i d e n t s R e p o r t

82,09455,10021,7569,8593,7342,1342,5732,4122,340 1995 1996 1997 1998 1999 2000 2001 2002 2003 90,00085,00080,000 75,000 70,00065,00055,000 50,000 60,00045,00040,00030,000 25,000 35,00020,00015,0005,000 0 10,000 100,000 95,000 Figure 1 Security incidents by year CERT.ORG

You're Reading a Free Preview Page 2 is not shown in this preview. Download

Fundamental Principles of Network SecuritySchneider Electric Center White Paper 101

Data Center Science

Rev 1

management interface to a UPS. UPS systems, whether small in capacity or large e nough topower 100 servers, are often overlooked in a security scheme. If such de vices are left withdefault usernames and passwords, it could just be a matter of time before someone gainsaccess knowing nothing more than the device type and i ts published default credentials.Imagine a server bank with rock solid security protocols on each web and mail server crashedby a simple power cycle on an unpro tected UPS! Security, the big picture A secure enterprise , big or small, should have an approach to security that is co mprehen-sive and end-to-end if it is to be effective. Most organizations do not have such policies andpractices in place. There are some good reasons for this; security clearly comes at a cost.This cost can be measured not just in dollars, but also in complexity, time and efficiency. Tomake things secure, it is necessa ry to spend money, perform more procedures, and wait for these procedures to com plete (or perhaps involve someone else).The reality is that true security progra ms are difficult to achieve. It is usually necessary tochoose a schema that has a certain amount of cost and an understood amount of securitycoverage. (This is al most always less than comprehensive and end to end .) The point hereis to make educ ated decisions for each aspect of an overall system and to consciouslyemploy mor e or less in a calculated fashion. If one knows the areas that are less protecte d,one can at least monitor such areas to determine problems or breaches. Knowing the network It is not possible to protect anything unless one clearly understands WHAT one w ants toprotect. Organizations of any size should have a set of documented resour ces, assets andsystems. Each of these elements should have a relative value assi gned in some manner asto their importance to the organization. Examples of thing s that should be considered areservers, workstations, storage systems, routers, switches, hubs, network and Telco links, andany other network elements such as p rinters, UPS systems and HVAC systems. Other important aspects of this task incl ude documenting equipment location and any notes ondependencies. For instance mo st computers will rely on power backup systems such asUPSs which themselves may be part of the network if they are managed. Environmentalequipment such as HVAC units and air purifiers may also be present. Understanding different threats The next step is to identify the potential threats own in Table 1 . Threats can come from both internal and external sources. They may be humanbas to each of these elements as sh

ed, automated or even non-intentional natural phenomenon. The latter might morea ppropriately be categorized under system health threats as opposed to security t hreats, butone issue can lead to the other. One example is a power outage to a b urglar alarm. Thepower outage could be intentional or through some natural event such as a lightning strike.In either case security is diminished. Security basics

You're Reading a Free Preview Page 3 is not shown in this preview. Download

You're Reading a Free Preview Page 4 is not shown in this preview. Download

Activity (0) Filters ?Add to collection?Review?Add note?Like?Embed

No activity yet

More From This User

Modul SAY 2012 Update swordmy2523

IT-Jadual Program SAY 2012 swordmy2523

Planner for Tugas Harian swordmy2523

PC parts and assembly presentation swordmy2523

flash_cs3_animation_1_mt swordmy2523

Acronis true image userguide swordmy2523

Storyboard Format swordmy2523

Tatacara Pengurusan Stor swordmy2523

network-security.ppt swordmy2523

security-policy-checklist-.pdf swordmy2523

Hands on Access 2007.pdf swordmy2523

folio.pdf swordmy2523

Carta Alir Tatacara Permohonan Peralatan ICT Secara Berpusat swordmy2523

49185358 Fundamentals of Preventive Maintenance swordmy2523

Preventive-Maintenance.pdf swordmy2523

garis_panduan_polisi_rangkaian.pdf swordmy2523

Storyboard Format swordmy2523

windows history diagram swordmy2523

Cabling Best Practices swordmy2523

computer assembly swordmy2523

Active Directory swordmy2523

Phonology swordmy2523

polya swordmy2523

Prolink ShareHub Device Server swordmy2523

Download and print this document Read and print without ads Download to keep your version Edit, email or read offline Choose a format: .PDF.TXT Download

AboutAbout Scribd Team Blog Join our team! Contact Us SubscriptionsSubscribe today Your subscription Gift cards Advertise with usGet started AdChoices SupportHelp FAQ Press Purchase Help PartnersPublishers Developers / API LegalTerms Privacy Copyright Get Scribd Mobile Scribd on Appstore Scribd on Google Play Mobile Site Copyright 2014 Scribd Inc. Language: English

Upload

Browse

Download Standard view Full view of 13 ? ? ? ? ? ?

? ? ?

fundamental network security.pdf Ratings: ????? (0)|Views: 64|Likes: 0 Published by swordmy2523 network security fundamental

See More

Fundamental Principles of Network Security Revision 1 by Christopher Leidigh Introduction2Security basics3Basic network host security7Securing access to devi ceand systems7Secure access protocols10Best practices for networkSecurity11Concl usion12Resources13 Click on a section to jump to it Contents White Paper 101 Security incidents are rising at an alarming rate everyyear. As the complexity o f the threats increases, so dothe security measures required to protect networks .Data center operators, network administrators, andother data center professiona ls need to comprehendthe basics of security in order to safely deploy andmanage networks today. This paper covers the funda-mentals of secure networking systems , includingfirewalls, network topology and secure protocols. Bestpractices are a lso given that introduce the reader tosome of the more critical aspects of secur ing a network. Executive summary > white papers are now part of the Schneider Electric white paper libraryproduced by Schneider Electric s Data Center Science Center DCSC@Schneider-Electric.com

You're reading a free preview. Pages 2 to 13 are not shown in this preview.

Read the full version

Fundamental Principles of Network SecuritySchneider Electric Center White Paper 101

Data Center Science

Rev 1

Securing the modern business network and IT infrastructure demands an end-to-end approach and a firm grasp of vulnerabilities and associated protective measures. While suchknowledge cannot thwart all attempts at network incursion or system a ttack, it can empower network engineers to eliminate certain general problems, g reatly reduce potential damages,and quickly detect breaches. With the ever-incre asing number and complexity of attacks,vigilant approaches to security in both l arge and small enterprises are a must. Figure 1 illustrates the steep rise in security incidents occurring each year, as report ed to the CERTCoordination Center (a center of Internet security expertise).This paper presents security fundamentals as well as some best practices regarding th enetwork, computer hosts and infrastructure network elements. Since there is no such thingas the only way to approach security , it is left up to the reader / impl ementer to best judgewhat measures are appropriate. The people problem People are truly the weakest link in any security schema. Most people are not ca reful aboutkeeping secrets such as passwords and access codes that form the basi

s for most securesystems. All security systems rely on a set of measures employe d to control access, verifyidentity and protect disclosure of sensitive informat ion. These measures usually involve oneor more secrets . Should a secret be reveale d or stolen then the systems that are protectedby these secrets can be compromis ed. It may seem like a terribly obvious statement, butmost systems are compromis ed in very basic ways. Leaving a Post-It note with a systempassword stuck to the side of a computer monitor may seem foolish, but many people in factdo such thi ngs. Another example, which is only slightly less obvious, is the tendency to le avefactory default passwords in certain network devices. One such device might b e a network Introduction 1998-2003 by Carnegie Mellon University Year e N u m d b e r o f I n c i d e n t s R e p o r t

82,09455,10021,7569,8593,7342,1342,5732,4122,340 1995 1996 1997 1998 1999 2000 2001 2002 2003 90,00085,00080,000 75,000 70,00065,00055,000 50,000 60,00045,00040,00030,000 25,000 35,00020,00015,0005,000 0 10,000 100,000 95,000 Figure 1 Security incidents by year CERT.ORG

You're Reading a Free Preview Page 2 is not shown in this preview. Download

Fundamental Principles of Network SecuritySchneider Electric Center White Paper 101

Data Center Science

Rev 1

management interface to a UPS. UPS systems, whether small in capacity or large e nough topower 100 servers, are often overlooked in a security scheme. If such de vices are left withdefault usernames and passwords, it could just be a matter of time before someone gainsaccess knowing nothing more than the device type and i ts published default credentials.Imagine a server bank with rock solid security protocols on each web and mail server crashedby a simple power cycle on an unpro tected UPS! Security, the big picture A secure enterprise , big or small, should have an approach to security that is co mprehen-sive and end-to-end if it is to be effective. Most organizations do not have such policies andpractices in place. There are some good reasons for this; security clearly comes at a cost.This cost can be measured not just in dollars, but also in complexity, time and efficiency. Tomake things secure, it is necessa ry to spend money, perform more procedures, and wait for these procedures to com plete (or perhaps involve someone else).The reality is that true security progra ms are difficult to achieve. It is usually necessary tochoose a schema that has a certain amount of cost and an understood amount of securitycoverage. (This is al most always less than comprehensive and end to end .) The point hereis to make educ ated decisions for each aspect of an overall system and to consciouslyemploy mor e or less in a calculated fashion. If one knows the areas that are less protecte d,one can at least monitor such areas to determine problems or breaches. Knowing the network It is not possible to protect anything unless one clearly understands WHAT one w ants toprotect. Organizations of any size should have a set of documented resour ces, assets andsystems. Each of these elements should have a relative value assi gned in some manner asto their importance to the organization. Examples of thing s that should be considered areservers, workstations, storage systems, routers, switches, hubs, network and Telco links, andany other network elements such as p rinters, UPS systems and HVAC systems. Other important aspects of this task incl

ude documenting equipment location and any notes ondependencies. For instance mo st computers will rely on power backup systems such asUPSs which themselves may be part of the network if they are managed. Environmentalequipment such as HVAC units and air purifiers may also be present. Understanding different threats The next step is to identify the potential own in Table 1 . Threats can come from both internal and external sources. They may be humanbas ed, automated or even non-intentional natural phenomenon. The latter might morea ppropriately be categorized under system health threats as opposed to security t hreats, butone issue can lead to the other. One example is a power outage to a b urglar alarm. Thepower outage could be intentional or through some natural event such as a lightning strike.In either case security is diminished. Security basics threats to each of these elements as sh

You're Reading a Free Preview Page 3 is not shown in this preview. Download

You're Reading a Free Preview Page 4 is not shown in this preview. Download

Activity (0) Filters ?Add to collection?Review?Add note?Like?Embed

No activity yet

More From This User

Modul SAY 2012 Update swordmy2523

IT-Jadual Program SAY 2012 swordmy2523

Planner for Tugas Harian swordmy2523

PC parts and assembly presentation swordmy2523

flash_cs3_animation_1_mt swordmy2523

Acronis true image userguide swordmy2523

Storyboard Format swordmy2523

Tatacara Pengurusan Stor swordmy2523

network-security.ppt swordmy2523

security-policy-checklist-.pdf swordmy2523

Hands on Access 2007.pdf swordmy2523

folio.pdf swordmy2523

Carta Alir Tatacara Permohonan Peralatan ICT Secara Berpusat swordmy2523

49185358 Fundamentals of Preventive Maintenance swordmy2523

Preventive-Maintenance.pdf swordmy2523

garis_panduan_polisi_rangkaian.pdf swordmy2523

Storyboard Format swordmy2523

windows history diagram swordmy2523

Cabling Best Practices swordmy2523

computer assembly swordmy2523

Active Directory swordmy2523

Phonology swordmy2523

polya swordmy2523

Prolink ShareHub Device Server swordmy2523

Download and print this document Read and print without ads Download to keep your version Edit, email or read offline Choose a format: .PDF.TXT

Download

AboutAbout Scribd Team Blog Join our team! Contact Us SubscriptionsSubscribe today Your subscription Gift cards Advertise with usGet started AdChoices SupportHelp FAQ Press Purchase Help PartnersPublishers Developers / API LegalTerms Privacy Copyright Get Scribd Mobile Scribd on Appstore Scribd on Google Play Mobile Site Copyright 2014 Scribd Inc. Language:

English

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E

dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition

CISSP - Certified Information Systems Security Professional Study Guide, Third E dition