Solved

Network Security

Posted on 2014-02-04
5
265 Views
Last Modified: 2014-02-22
what you mean by network security ? how we can define this with the technology implementation with the company setup
0
Comment
Question by:cur
5 Comments
 
LVL 17

Assisted Solution

by:Chris Millard
Chris Millard earned 64 total points
Comment Utility
For me, network security encompasses many things including:-

Policies and procedures (what rules and regulations a company sets out for EVERYTHING)
Computer password policies (Password length, complexity, expiry rules etc)
Computer security (User accounts and groups, what computers, folders, files can groups or users access and how you restrict access based on policies, NTFS and share permissions)
Remote access (Firewalls, Remote working procedures - who can have RDP or VPN access)
Anti-Virus software (Desktop vs Enterprise - can the products be centrally managed etc)
Web and Email filtering (either using internal software, hardware devices or external services)
Physical Access (Who can get PHYSICAL access to servers, backup tapes etc.... Are you servers in a secure location, locked away - perhaps with combination door entry systems as well as key locks)
Backup tapes / drives - where are these kept? We use a data safe but also have an offsite policy for weekly tapes - you need to look at where these off sites are stored etc....
BYOD (Bring Your Own Devices) - again this goes back to Virus etc, AND email - do you allow people to use their own smartphones to access company email. What happens if those devices are lost or stolen?
Portable drives and USB sticks - what stops employees losing (or even worse stealing) company data?
Staff training / social networking - Staff are the biggest loophole in computer security. Have procedures in place to stop them unwittingly giving people their logon details etc....


There's probably tons more, but those are some of the things that I have to deal with...
0
 
LVL 3

Assisted Solution

by:markc56
markc56 earned 64 total points
Comment Utility
When starting with Network Security I always look at the definition and structure listed in the CISSP. Telecommunications and Network Security is one of the ten domains listed. Here is a link for the ten domains of the CISSP exam and another link briefly describing the Telecommunications & Network Security domain. This will list the main areas for Network Security and you can then expand into more depth from there as needed.



CISSP Domains:


https://www.isc2.org/cissp-domains/default.aspx


http://www.packtpub.com/article/telecommunications-and-network-security-concepts-for-cissp-exam
0
 
LVL 6

Assisted Solution

by:Sasa Kranjac
Sasa Kranjac earned 127 total points
Comment Utility
Network security and its implementation has to have a holistic approach, that is, each Network Security component or layer is viewed as a standalone part and an integral part of whole at the same time.
Defense In Depth, a security model or a strategy that was developed by National Security Agency can assist you in planning your network security.
Going from outward or a base layer towards inner layers, it has following components:
1. Policies, procedures, awareness
2. Physical
3. Perimeter
4. Internal network
5. Host
6. Application
7. Data
This is just one of many Defense In Depth layered representations but basically all of them have the same concept or structure.

This is a huge topic but to get a better picture, as a starting point I would recommend few resources worth reading that have very good examples, graphics and links to other, in-depth security topics:

- Cisco Defense-In-Depth nice graphic
 - Windows Server 2008 in an Organization's Defense in Depth Strategy - although it refers to Windows Server 2008, it gives a very good overview of the security model with a table at the end that can be used in your security planning (and modified as needed)
 - Microsoft Best Practices (in security)
 - Microsoft Security IT Showcase
 - Security Content (Executive) Overview
 - Security Guidance Topics
 - Best Practices For Enterprise Security

These are mostly Microsoft related resources but the security concept is universal and can be applied to other systems as well.
0
 

Author Comment

by:cur
Comment Utility
citrix  and firewall products will used to implements above security components  . coz I have widows ISA and citrix as well as some level of projection on the router level as well
if some one ask the question as :what is your network security implementation ?

how can I answer to that question ?
0
 
LVL 6

Accepted Solution

by:
Sasa Kranjac earned 127 total points
Comment Utility
The most comprehensive answer, and probably most complete, should address security implementations across seven layers of Defense in Depth or related to layered security approach.
For example:
" We have (1) written policies and procedures that address data security and privacy by defining BYOD policies, ____ , _____ and etc.

Our (2) servers are isolated and in locked in rooms that are secured by smartcards and two keylocks. PCs and the offices are guarded by 24/7 guards.

Corporate network is (3) secured by state-of-the-art ISA firewall and we monitor and filter both inbound and outbound traffic. Certain URLs are not permitted and external employees are given accounts with restricted permissions.

(4) Network access policies and access protection is enforced too. Internal firewall, proxy and NAT protect internal network even further. Network separation and isolation is done by routers and switches (VLAN)

(5) All devices and computers are protected by XYZ Enterprise Class Antivirus, definitions are refreshed daily and full scan is done on Saturday afternoons. Updates to Operating systems are performed monthly, on every third Friday. Active Directory is implemented and controls access to computers, based on location, department, employee position and current performing tasks.

(6) All applications are tested and have latest patches and updates. Application update policy complies with OS update policy. Application usage permission is based on department and is enforced through Group Policy.

(7) We secure our data and access to sensitive information through Active Directory, using Dynamic Access Control, carefully planned permissions, password complexity and password expiration policies.

I think our network is well secured although we never sleep and constantly review and improve our network security policy."

This is only an example but you get the picture. Put Citrix and any other device or policy in the context and this should be your network security policy.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Defense in depth is one of the most important security principles that no one disagrees with, it simply states that IT security must be handled at different layers without neglecting any of them relying on other or others.  If I tried to clarify the…
"Oh crap. I think we've been hacked." That's the last sentence you ever want to hear from your IT guy, and the last sentence you ever want to have to say to your customers and clients. The fact is, hackers are everywhere. They are out there doing…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now