Network Security Management Process Resources No matter how many security mechanisms we deploy, nor where we deploy them, the security mechanisms will not protect us unless we have a way to manage, administer and observe the security mechanisms. Securing the network requires personnel designated to be accountable for controls: Develop network controls; Ensure that controls are operating effectively; and Update or replace controls when necessary. These operational controls need to be reviewed periodically for usefulness, verification and testing to ensure that the controls are still present (verification), determine if the controls are working as specified (testing), and update or replace controls when necessary. There exist numerous books and other writings on the subject of management and operations; thus we will not consider general operations issues. Rather we will constrain our consideration mainly to security related points. First considered are a number of operational security mechanisms which are primarily procedural in nature. Then considered are security event response and forensic investigation, operational reviews, accreditation and certification, lifecycle reviews and finally operations compliance. Operational Guidelines, Procedures Operational security activities cannot be performed consistently, with minimal errors, unless appropriate guidelines and procedures are developed and documented. Operational guidelines and procedures define the specific sequence of actions required to accomplish a management activity. The need for these guidelines and procedures continues to grow as the complexity of capabilities, especially security capabilities, grows. Enterprises are increasingly deploying: Packet filtering firewalls driven by filtering rules that, if not configured correctly, will unintentionally allow malicious network traffic to pass; Deep packet inspection rules and algorithms that, if not configured correctly, will unintentionally allow malicious network traffic to pass; Remote log collection (as in Syslog mechanisms) and audit trail recording; IPsec remote access gateways (remote client to intermediate gateway) requiring definition of security association parameters (i.e., IKE timers, session re-key frequencies, acceptable transforms and credentials); More types of authentication and authorization controls (including RADIUS, TACACS+, Diameter, PKI CAs and RAs, DCE/Kerberos server/client software, SSO applications); some of which will interoperate and others are stand-alone (closed) approaches; and Anti-malware applications driven by signatures and other data that becomes obsolete unless updated regularly. All of the aforementioned mechanisms require correct and timely configuration and monitoring (surveillance) to accomplish their objectives effectively. Today's operations environments are experiencing increased personnel turn-over rates. Many employees also seek reassignments to new duties periodically to further career progress. The results of these two forces are:
You've reached the end of your free preview.
Want to read all 27 pages?
- Spring '19
- IP address, IP addresses, SIP