Chapter 3 - 02 - Discuss Network Security Fundamentals - 04_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Network Security Controls: Technical Security Controls g?_ e QO This is a set of security measures taken to protect data and systems from unauthorized personnel Examples of Technical Security Controls oL O o Ruthorization Access Controls Security Protocols Network Security Devices Technical Security Controls Technical security controls are used for restricting access to devices in an organization to protect the integrity of sensitive data. The components of technical security controls include: = System access controls: System access controls are used for the restriction of access to data according to sensitivity of data, clearance level of users, user rights, and permissions. = Network access controls: Network access controls offer various access control mechanisms for network devices like routers and switches. = Authentication and authorization: Authentication and authorization ensure that only users with appropriate privileges can access the system or network resources. * Encryption and Protocols: Encryption and protocols protect the information passing through the network and preserve the privacy and reliability of the data. = Network Security Devices: Network security devices such as firewall and IDS are used to filter and detect malicious traffic, thus protecting the organization from threats. = Auditing: Auditing refers to the tracking and examining of the activities of network devices in a network. This mechanism helps in identifying weaknesses in the network. Module 03 Page 434 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Network Defense Elements: Technology O Appropriate selection of technology, well-defined operations, and skilled people are required for effective implementation of security strategies. %+ Selecting appropriate technology is crucial, as improper selection of technology can %+ Example questionnaire for facilitating appropriate selection of technology: provide a false sense of security e' ". Is a centralized or a distributed access mechanism ' Which type of firewalls, IDS, antivirus, | more suitable for the network? @ etc., are required for the network? iy > Which type of encryption algorithm should be used? ©. @ What type of password complexity should s be adopted? , Should critical servers be placed on a separate segment? Network Defense Elements Technology, operations and people are major elements of network security. These elements play an important role in achieving appropriate defense-in-depth network security for the organization. Technological implementations are by themselves not sufficient to guarantee the security of the network. Well-defined operations are needed in order to configure these technologies, and skilled individuals who can perform these operations are necessary. The combination of these elements enables the achievement of defense-in-depth security. Technology Selecting appropriate technology is crucial, as improper selection of technology may provide a false sense of security. A security professional must consider the following factors regarding technology: = The existing network topology = The appropriate selection of security technologies = Proper configuration of each component The following technology: = = is an example questionnaire for facilitating an appropriate selection of Which type of firewalls, IDS, antivirus, etc., are required for the network? Which type of encryption algorithm should be used? = |sacentralized or a distributed access mechanism more suitable for the network? = What type of password complexity should be adopted? = Should critical servers be placed on a separate segment? Module 03 Page 435 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Network Defense Elements: Operations E’ Operations O Technological implementations are by themselves not sufficient, they should be supported by well-defined operations O Examples of operations: ] OOOP®OOOOO Creating and enforcing security policies Creating and enforcing standard network operation procedures Planning business continuity Configuration control management Creating and implementing incident response processes Planning disaster recovery Providing security awareness and training Enforcing security as culture Copyright © by EC- il All Rights Reserved. Reproduction is Strictly Prohibited. Operations The following are some examples of operations that a security professional must conduct to ensure organization security. Creating and enforcing security policies: Security professionals need written security policies to monitor and manage a network efficiently. These policies set appropriate expectations regarding the use and administration of information assets on a network. Security policies describe what to secure on the network and the ways to secure them. Creating and enforcing standard network operating procedures: Standard network operating procedures are instructions intended to document routine network activity. Security professionals should rely on these procedures to ensure efficiency and security of the network. The main goal of network operating procedures is to conduct the network operations correctly and consistently. Planning business continuity and disaster recovery: There are various threats and vulnerabilities to which businesses are exposed such as natural disasters, acts of terrorism, accidents or sabotage, outages due to application errors, and hardware or network failures. Planning for business continuity and disaster recovery involves proactively devising mechanisms to prevent and manage the consequences of a disaster, thereby limiting it to a minimal extent. Configuration control management: Security problems due to the lack of configuration control management involves initiating, authorizing proposals for change to a system. Module 03 Page 436 professionals encounter numerous management capabilities. Configuration preparing, analyzing, evaluating, and Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Configuration control management includes: = o Device hardware and software inventory collection. o Device software management. o Device configuration collection, backup, viewing, archiving, and comparison. o Detection of changes to configuration, hardware, or software. o Configuration change implementation to support change management. Creating and implementing incident response processes: Security professionals create and implement an incident response process by planning, communication, and preparation. Incident preparation readiness ensures quick and timely response to incidents. Security managers should determine whether to include law enforcement agencies during incident response or not, as this may affect the organization positively or negatively. = Conducting forensics activities on incidents: Computer forensics investigators examine incidents and conduct forensic analysis by using various methodologies and tools to ensure that the computer network system is secure in an organization. While conducting forensics activities on incidents, people responsible for network management should: = o Ensure that the professionals they hire are prepared to conduct forensic activities. o Ensure that their policies contain clear statements about forensic considerations. o Create and maintain procedures and guidelines for performing forensic activities. o Ensure that the organization’s security policies and procedures support the use of forensic tools. Providing security awareness and training: Some threats to network security originate from within the organization. These threats can be from uninformed users who may harm the network by visiting websites infected with malware, responding to phishing e- mails, storing their login information in an unsecured location, or even providing sensitive information over the phone when exposed to social engineering. Security managers must ensure that the company’s employees do not commit costly errors that can affect network security. They should institute company-wide security awareness training initiatives including training sessions, security awareness websites, helpful hints via e-mail, or posters. These methods can ensure that employees have a good understanding of the company’s security policies, procedures and best practices. = Enforcing security as culture: Security professionals should enforce security as a culture in the organization, which can help proliferate an awareness of behaviors that compromise security and educate employees to change such behavior. The culture within an organization can have a significant influence on the emergence of risks, and the degree to which varying control approaches are successful. Module 03 Page 437 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.