Top-Down Network Design [教程].ppt

Chapter 1: Analyzing Business Goals and Constraints Copyright 2004 Cisco Press Top-Down Network DesignChapter EightDeveloping Network Security Strategies Network Security DesignThe 12 Step Program Identify network assets Analyze security risks Analyze security requirements and tradeoffs Develop a security plan Define a security policy Develop procedures for applying security policies The 12 Step Program (continued) Develop a technical implementation strategy Achieve buy-in from users, managers, and technical staff Train users, managers, and technical staff Implement the technical strategy and security procedures Test the security and update it if any problems are found Maintain security Network Assets Hardware Software Applications Data Intellectual property Trade secrets Company’s reputation Security Risks Hacked network devices Data can be intercepted, analyzed, altered, or deleted User passwords can be compromised Device configurations can be changed Reconnaissance attacks Denial-of-service attacks Security Tradeoffs Tradeoffs must be made between security goals and other goals: Affordability Usability Performance Availability Manageability A Security Plan High-level document that proposes what an organization is going to do to meet security requirements Specifies time, people, and other resources that will be required to develop a security policy and achieve implementation of the policy A Security Policy Per RFC 2196, “The Site Security Handbook,” a security policy is a “Formal statement of the rules by which people who are given access to an organization’s technology and information assets must abide.” The policy should address Access, accountability, authentication, privacy, and computer technology purchasing guidelines Security Mechanisms Physical security Authentication Authorization Accounting (Auditing) Data encryption Packet filters Firewalls Intrusion Detection Systems (IDSs) Modularizing Security Design Security defense in depth Network security s