Scribd
Upload
121 views9 pages

Network Security Principles & Practices: by Saadat Malik Cisco Press 2003

The document summarizes key elements from Chapter 1 of the book "Network Security: Principles & Practices" by Saadat Malik. It discusses the model of the network security process, elements of a security policy including access, accountability and authentication policies, and elements of network security design such as firewalls, VPNs, and IDS. It also provides an example case study and exercise on designing the security for a new computer lab being added to an existing distributed computer security lab network.

Uploaded by

Xozan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
121 views9 pages

Network Security Principles & Practices: by Saadat Malik Cisco Press 2003

The document summarizes key elements from Chapter 1 of the book "Network Security: Principles & Practices" by Saadat Malik. It discusses the model of the network security process, elements of a security policy including access, accountability and authentication policies, and elements of network security design such as firewalls, VPNs, and IDS. It also provides an example case study and exercise on designing the security for a new computer lab being added to an existing distributed computer security lab network.

Uploaded by

Xozan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 9

Network Security

Principles & Practices


By Saadat Malik
Cisco Press
2003

Chapter 1
Introduction to Network Security

Model of Network Security Process


Elements of Network Security Policy
Elements of Network Security Design
Case Study

Network Security

Network Security

Elements of a Network Security Policy

Based on FRC 2196 Site Security Handbook. B. Fraser.


September 1997. (ftp://ftp.rfc-editor.org/in-notes/rfc2196.txt)

1.

Computer technology purchasing guidelines


wrt security features

2.

Privacy policy
emails, user data

3.

Access policy
control of access to assets

4.

Accountability policy
roles/responsibilities, auditing, incident handling

Network Security

Elements of a Network Security Policy


(2)
5.

Authentication policy (identity management)


passwords, remote authentication, smart cards

6.

Availability statement
expected availability, QoS, hours

7.

Maintenance policy for IT system & network


esp. remote admin, outsourcing

8.

Violations reporting policy


types of violations, anonymous reporting?

9.

Supporting information
point(s) of contact, publicity, company policies,

Network Security

Network Security Design


Assets + Threats + Risks Policies
Policies + Control measures (tools,
procedures, etc.) Design

Network Security

Elements of Network Security Design


Device security features
Admin passwords, Secure Shell,

Firewalls
VPN
Client-server VPN, site-to-site VPN

IDS
AAA (Radius server)
Access control
Access Control Lists, Committed Access Rate

And more ?
Network Security

Case Study
pp. 12-21

Exercise A: Draw a network diagram to show the


network security design of Biotech, Inc.
Exercise B: In Table 1-1, three criteria
(confidentiality, integrity, and availability) are
used in constructing the critical asset risk rating
table. Add two more criteria, origin integrity and
non-repudiability, into the table, and assign risk
ratings to the two new columns. Justify your
answer.
Network Security

Network Security Design:


An Exercise
1.

Refer to the paper Design of Distributed Computer Security Lab.


Journal of Computing Sciences in Colleges. Volume 20, Issue 1. October
2004. http://sce.cl.uh.edu/yang/research/DCSL%20RMCCSC04.pdf

2.

Task: The DCSL lab is currently located in Delta 140. A new Computer
Security Lab (CSL) is to be added to Delta 158. The new lab will consist
of 30 desktop computers, connected to a switch, through which a
connection to the DCSL network is established.
a)
b)
c)
d)
e)

Identify the assets.


Identify the threats.
Risk Analysis.
Devise security policies based on the requirements you have collected from
the paper and from relevant personnel.
Draw a network security diagram to illustrate your design of the complete
DCSL and CSL labs. Indicate what control measures are to be adopted to
counter the threats.
Network Security

You might also like