Network Security Assessment

Similar documents
Objectives of the Security Policy Project for the University of Cyprus

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

IC32E - Pre-Instructional Survey

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Submitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Information Security for Mail Processing/Mail Handling Equipment

Meeting the Meaningful Use Security and Privacy Measure

Potential Mitigation Strategies for the Common Vulnerabilities of Control Systems Identified by the NERC Control Systems Security Working Group

Handbook Webinar

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

Monthly Cyber Threat Briefing

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

ISSP Network Security Plan

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

Threat and Vulnerability Assessment Tool

2015 HFMA What Healthcare Can Learn from the Banking Industry

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 January 23, 2015

10 FOCUS AREAS FOR BREACH PREVENTION

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

CoreMax Consulting s Cyber Security Roadmap

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

EXAM - CAS-002. CompTIA Advanced Security Practitioner (CASP) Exam. Buy Full Product.

Master Information Security Policy & Procedures [Organization / Project Name]

Exhibit A1-1. Risk Management Framework

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations

SECURITY & PRIVACY DOCUMENTATION

EXAMINATION [The sum of points equals to 100]

THE TRIPWIRE NERC SOLUTION SUITE

Security Management Models And Practices Feb 5, 2008

MIS Week 9 Host Hardening

Ensuring System Protection throughout the Operational Lifecycle

Select Agents and Toxins Security Plan Template

Education Network Security

ISO27001 Preparing your business with Snare

NEN The Education Network

Cyber Criminal Methods & Prevention Techniques. By

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Consideration of Issues and Directives Federal Energy Regulatory Commission Order No. 791 June 2, 2014

PCI Compliance Assessment Module with Inspector

Information System Security. Nguyen Ho Minh Duc, M.Sc

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 9 Performing Vulnerability Assessments

The Eight Rules of Security

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Certification Report

AUTHORITY FOR ELECTRICITY REGULATION

NW NATURAL CYBER SECURITY 2016.JUNE.16

PeopleSoft Finance Access and Security Audit

IoT & SCADA Cyber Security Services

Tiger Scheme QST/CTM Standard

HIPAA Security and Privacy Policies & Procedures

TEL2813/IS2820 Security Management

Checklist: Credit Union Information Security and Privacy Policies

Certification Report

Oracle Audit Vault Implementation

Post-Class Quiz: Access Control Domain

01.0 Policy Responsibilities and Oversight

Infosec Europe 2009 Business Strategy Theatre. Giving Executives the Security Management Information that they Really Need

Red Flags/Identity Theft Prevention Policy: Purpose

Security+ SY0-501 Study Guide Table of Contents

Information Security Policy

CND Exam Blueprint v2.0

Top-Down Network Design

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

Lakeshore Technical College Official Policy

EXCERPT. NIST Special Publication R1. Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Cyber Security. Building and assuring defence in depth

EXHIBIT A. - HIPAA Security Assessment Template -

Standard: Risk Assessment Program

Standard CIP 005 2a Cyber Security Electronic Security Perimeter(s)

Development Authority of the North Country Governance Policies

Courses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X

Forensics and Active Protection

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

Cyber security tips and self-assessment for business

Cisco Data Center Accelerated Deployment Service for Nexus 9000 (ASF-DCV1-NEX-ADS)

The Common Controls Framework BY ADOBE

HQ 754 th Electronic Systems Group. Application Software Assurance Center of Excellence (ASACoE) Maj Michael Kleffman, CTO ASACoE

Protecting productivity with Industrial Security Services

Information Security Awareness

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Take Risks in Life, Not with Your Security

ITG. Information Security Management System Manual

Security Standards for Information Systems

INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE ASIA/PAC RECOMMENDED SECURITY CHECKLIST

Information Security Management

Integrated Access Management Solutions. Access Televentures

Oracle Data Cloud ( ODC ) Inbound Security Policies

Standard CIP Cyber Security Electronic Security Perimeter(s)

Top 10 ICS Cybersecurity Problems Observed in Critical Infrastructure

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Security analysis and assessment of threats in European signalling systems?

Security Solutions. Overview. Business Needs

HIPAA Compliance Assessment Module

Certification Report

Transcription:

Network Security Assessment http://www.cta.com/content/docs/n et_ass.pdf 1

Introduction There are certain characteristics that the network should possess: 1. Security Policy. Networks should have an associated defined security policy that specifies information security requirement (e.g., confidentiality, integrity, availability, auditing, access control, etc.) as well as what users may and may not do on the network (e.g., what constitutes unauthorized and illegal activities). 2. Network Management. Networks should be able to control access to and detect modifications of critical components. Networks must maintain control over their configuration (e.g., hardware, software, security, etc.) and connectivity.

Introduction There are certain characteristics that the network should possess: 1. Identification and Authentication. Networks should provide and manage identification and authentication functions. 2. Resources Management. Networks should provide and manage confidentiality, integrity, access control, and availability of network resources. 3. Account Management. Networks should provide and manage security-related features of network accounts (e.g., user). Network security assessment is identifying network vulnerabilities that an active hostile human threat might exploit.

Network security assessment process Network security assessment processes includes 1. Identifying and reporting network security weaknesses. 2. Providing the client information about the weakness, 3. Assisting in identifying measures to eliminate or mitigate the vulnerability, and 4. Validating that the vulnerability is eliminated or mitigated. 4

Network Security Assessment modules network security assessment is a snapshot of a network at a point in time or it may be a continuous process. Network security Assessment modules Module1 Data Collection and Network Identification. Module 2 - Technical Security Assessment Module 3 - Site Assessment Module 4 - Network Security Assessment and Findings. 5

Module1 Data Collection and Network Identification. Aim to collect initial information about the network and exchange information with the client. In this Module 1. discuss the four overall assessment modules with the client. 2. discuss the risks (if any) the enterprise is assuming by conducting the assessment, what we have done to minimize risks, and any expected impacts on network operation.

Module1 Data Collection and Network Identification. Objectives Our job in this step is to identify and confirm Network components and services connectivity to the network (e.g., routers, modems, etc.) who is gaining access to critical sub-networks, and any unauthorized network services (e.g., employees running their own web sites).

Module1 Data Collection and Network Identification. Process 1. Client orientation Meet with client s staff (network administrators, network security administrator, functional area MIS managers) for a pre-assessment briefing and discussion. Determine client s main security concerns. Determine if the client has a security policy, and if so, how is that policy enforced. Determine client s most critical systems or information, where it is located, and who has access to these systems and/or information. Determine client s expectations from the assessment. Distribute data collection sheets. 8

Module1 Data Collection and Network Identification. Process 2. Collect and analyze data. Collect security and network information from client staff interviews, either through site visits or via templates accessible through our secure website, and through available documentation such as network diagrams, security policy (if one exists), and functional descriptions of data/applications. Determine the system/network architecture (physical and logical configuration) and the network connectivity (e.g., router, modems, etc.) Collect IP addresses and subnet masks for the networks that will be part of the assessment.. 9

Module1 Data Collection and Network Identification. Process 3. Conduct initial probes and scan component services.. Collect security and network information from client staff interviews, either through site visits or via templates accessible through our secure website, and through available documentation such as network diagrams, security policy (if one exists), and functional descriptions of data/applications. Determine the system/network architecture (physical and logical configuration) and the network connectivity (e.g., router, modems, etc.) Collect IP addresses and subnet masks for the networks that will be part of the assessment.. 10

SNM Module1 Data Collection and Network Identification 4. Conduct initial probes and scan component services. 5. Identify network users. To help identify users we may install network-monitoring devices on critical subnets. Here are trying to determine who is accessing the network. Are there hostile or suspicious sites accessing or attempting to access the network? 6. Review and analyze the data collected and prepare the Network Survey Report. 7.Prepare a tailored, detailed technical security assessment plan with the customer. 11

Module1 Data Collection and Network Identification Deliverables Survey Report Lists Network users and suspicious users- subnet and host IP addresses Verifies known connectivity and lists unknown network connections that we have found. Lists host running unauthorized services. Lists critical network components and subnets Detailed Technical Assessment Plan Tailors the approach Provides the assessment schedule Describes the boundaries of the network assessment 12

Module2 - Technical Security Assessment The technical assessment of network components is the heart of the Network Security Assessment. During the technical assessment, in-depth searches is conducted for security weaknesses in network components. The objective of this step is to identify and report technical vulnerabilities. 13

Process Module2 - Technical Security Assessment 1. Select components to assess. In some cases the client wants to limit the assessment or focus on critical components. 2. Run vulnerability detection tools against subnets and the critical components. 3. Run policy enforcement assessments of components Policy enforcement assessments detect internal policy violations and vulnerabilities that vulnerability detection scans don't detect Normally these violations are related to component configuration errors. For example, a policy requiring that user passwords should be a minimum of eight characters is not supported by a system configured to accept three character passwords 4. Review tool generated reports and run supplemental procedures to detect vulnerabilities that the tool does not detect. 5. Produce and provide overall Technical Assessment and supplemental reports to client 14

Deliverables Module2 - Technical Security Technical Vulnerability Assessment and reports generated by assessment tools. The report describes vulnerabilities and how to address them. External assessment : concentrates on assessing the security of perimeter components of network segments. Internal assessment : focuses on system configurations and security policies 15 Assessment

16

17

Module 3 - Site Assessment The objective of this step is to identify and report site level environmental and operational vulnerabilities. Process 1. Arrange site visit with the client and perform an initial site data collection. Tailor checklists and procedures for the client's environment. 2. Conduct assessment and prepare draft findings. 3. Debrief site personnel. 4. Analyze results and complete final report

Module 3 - Site Assessment Deliverables a Site Assessment Report that lists vulnerabilities and recommendations on how to address them.

Module 3 - Site Assessment 20

Module 4 - Network Security Assessment and Findings. The objective of this step is to provide a view of the network's security recommendations to mitigate and minimize risks. Process 1. Review assessment results from site assessments and technical assessments. 2. Determine major findings and generate a summary briefing of major findings (good and bad) 3. Generate a list of recommendations (further analyses, actions they should take, etc.) and supporting rationale 4. Protect the report and findings as agreed upon with client

Module 4 - Network Security Assessment and Findings. The deliverables are a. Network Security Assessment Report. b. Network Security Assessment Briefing.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback