?
Solved

Network Security

Posted on 2014-02-04
5
Medium Priority
?
276 Views
Last Modified: 2014-02-22
what you mean by network security ? how we can define this with the technology implementation with the company setup
0
Comment
Question by:cur
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 17

Assisted Solution

by:Chris Millard
Chris Millard earned 256 total points
ID: 39834907
For me, network security encompasses many things including:-

Policies and procedures (what rules and regulations a company sets out for EVERYTHING)
Computer password policies (Password length, complexity, expiry rules etc)
Computer security (User accounts and groups, what computers, folders, files can groups or users access and how you restrict access based on policies, NTFS and share permissions)
Remote access (Firewalls, Remote working procedures - who can have RDP or VPN access)
Anti-Virus software (Desktop vs Enterprise - can the products be centrally managed etc)
Web and Email filtering (either using internal software, hardware devices or external services)
Physical Access (Who can get PHYSICAL access to servers, backup tapes etc.... Are you servers in a secure location, locked away - perhaps with combination door entry systems as well as key locks)
Backup tapes / drives - where are these kept? We use a data safe but also have an offsite policy for weekly tapes - you need to look at where these off sites are stored etc....
BYOD (Bring Your Own Devices) - again this goes back to Virus etc, AND email - do you allow people to use their own smartphones to access company email. What happens if those devices are lost or stolen?
Portable drives and USB sticks - what stops employees losing (or even worse stealing) company data?
Staff training / social networking - Staff are the biggest loophole in computer security. Have procedures in place to stop them unwittingly giving people their logon details etc....


There's probably tons more, but those are some of the things that I have to deal with...
0
 
LVL 3

Assisted Solution

by:markc56
markc56 earned 256 total points
ID: 39835440
When starting with Network Security I always look at the definition and structure listed in the CISSP. Telecommunications and Network Security is one of the ten domains listed. Here is a link for the ten domains of the CISSP exam and another link briefly describing the Telecommunications & Network Security domain. This will list the main areas for Network Security and you can then expand into more depth from there as needed.



CISSP Domains:


https://www.isc2.org/cissp-domains/default.aspx


http://www.packtpub.com/article/telecommunications-and-network-security-concepts-for-cissp-exam
0
 
LVL 6

Assisted Solution

by:Sasha Kranjac
Sasha Kranjac earned 508 total points
ID: 39835774
Network security and its implementation has to have a holistic approach, that is, each Network Security component or layer is viewed as a standalone part and an integral part of whole at the same time.
Defense In Depth, a security model or a strategy that was developed by National Security Agency can assist you in planning your network security.
Going from outward or a base layer towards inner layers, it has following components:
1. Policies, procedures, awareness
2. Physical
3. Perimeter
4. Internal network
5. Host
6. Application
7. Data
This is just one of many Defense In Depth layered representations but basically all of them have the same concept or structure.

This is a huge topic but to get a better picture, as a starting point I would recommend few resources worth reading that have very good examples, graphics and links to other, in-depth security topics:

- Cisco Defense-In-Depth nice graphic
 - Windows Server 2008 in an Organization's Defense in Depth Strategy - although it refers to Windows Server 2008, it gives a very good overview of the security model with a table at the end that can be used in your security planning (and modified as needed)
 - Microsoft Best Practices (in security)
 - Microsoft Security IT Showcase
 - Security Content (Executive) Overview
 - Security Guidance Topics
 - Best Practices For Enterprise Security

These are mostly Microsoft related resources but the security concept is universal and can be applied to other systems as well.
0
 

Author Comment

by:cur
ID: 39845598
citrix  and firewall products will used to implements above security components  . coz I have widows ISA and citrix as well as some level of projection on the router level as well
if some one ask the question as :what is your network security implementation ?

how can I answer to that question ?
0
 
LVL 6

Accepted Solution

by:
Sasha Kranjac earned 508 total points
ID: 39846744
The most comprehensive answer, and probably most complete, should address security implementations across seven layers of Defense in Depth or related to layered security approach.
For example:
" We have (1) written policies and procedures that address data security and privacy by defining BYOD policies, ____ , _____ and etc.

Our (2) servers are isolated and in locked in rooms that are secured by smartcards and two keylocks. PCs and the offices are guarded by 24/7 guards.

Corporate network is (3) secured by state-of-the-art ISA firewall and we monitor and filter both inbound and outbound traffic. Certain URLs are not permitted and external employees are given accounts with restricted permissions.

(4) Network access policies and access protection is enforced too. Internal firewall, proxy and NAT protect internal network even further. Network separation and isolation is done by routers and switches (VLAN)

(5) All devices and computers are protected by XYZ Enterprise Class Antivirus, definitions are refreshed daily and full scan is done on Saturday afternoons. Updates to Operating systems are performed monthly, on every third Friday. Active Directory is implemented and controls access to computers, based on location, department, employee position and current performing tasks.

(6) All applications are tested and have latest patches and updates. Application update policy complies with OS update policy. Application usage permission is based on department and is enforced through Group Policy.

(7) We secure our data and access to sensitive information through Active Directory, using Dynamic Access Control, carefully planned permissions, password complexity and password expiration policies.

I think our network is well secured although we never sleep and constantly review and improve our network security policy."

This is only an example but you get the picture. Put Citrix and any other device or policy in the context and this should be your network security policy.
0

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question