Upload
samantha-maxwell
View
225
Download
0
Tags:
Embed Size (px)
Citation preview
Chapter 2 Information Security Overview
The Executive Guide to Information Security manual
Introduction • Infor Security Programs requires solutions
from:• People • Process• Technology
• People administers security programs & processes to ensure info are protected
• Using Technology, Layered Security (defense in depth) can be develop to protect information assets.
Overview
• Information Security Principles & components of Info Sec program for Enterprises
• Review of major security technologies & best practices
• Foundation for more in-depth security review in subsequent classes.
3 Major components of Info. Sec. Program
• People play a critical role in Information Security .
• Processes provides guidelines for securing information assets
• Technology enables security programs to be executed.
• What is the weakest link in Info Sec.?
People
• Having the right people in Key positions is paramount to a successful Security Program.
WHY???• Skills • Change management• SOD• Many other reasons
Process • Provides a framework/standards for People to execute security operations
• What are some of the processes?– Policies– Procedures– Guidelines– Work Aids – Training– Risks & Security Assessments
• Access on the Principle of Lease Privilege (Need-to-Know)
– Others • Process serves as the “glue” bwt
PEOPLE & TECH to ensure Security Programs are operating effectively
• The most vast and complicated component of the Security Program.
Why is Technology the most complicated components?
• Variety of products currently in market
• Products don’t all work in sync together
• Need special knowledge to run different security applications.
• Constant upgrades/maintenance to ensure product operates in an optimal manner
Defense – in – Depth • Layer security for– Gateway – entryway btw 1 part of the environment to
another (internet to network)– Server – PCs that performs shared functions (ERP, SAP,
PeopleSoft) – Client – desktops, laptops, PDAs, others that
employees used daily • 4 Major zones for defense
1. External (internet)2. Extranet3. Intranet4. Missions Critical systems
Example of Layering Security
Today’s Security Technology
• Authentication, Authorization & Accounting (AAA)
• Firewalls/Virtual Private Network (VPN)• Anti-Virus software• Intrusion Detection/Intrusion Prevention
(IDS/IPS)• Content filtering• Encryption
Authentication, Authorization & Accounting (AAA)
What are some examples of Security tools?• Access Control List (ACL)
• RSA tokens • Smart cards• Biometric
What is a 2 factor authentication?• Something you know• Something you have
Privilege Access
• What is privilege access?– Admin, Super user, sys admin, utility, etc.
• How should privilege access be controlled?– Limit access, daily/wkly/monthly monitoring,
mandatory access change control, etc.• What is Single Sign on (SSO) & how should this be
controlled?– Access on the concept of Lease privilege– Monitor & timely removal of access when not in use
for 30 days. – Periodic password change
Firewalls
• What is a firewall?– Filters electronic traffics to allow only certain types
of information to flow to the CO’s network• What are the 3 type of firewalls?– Packet Filtering – reviews the header/address– Statefull Inspection- verify the inbound packet
matches the outbound request (identifies legitimacy of source ie addresses on a letter)
– Proxy firewall-read & rewrite ea. packet to only allow valid messages to pass to the network. More secure at a slower speed.
Virtual Private Networks (VPN)
• What is VPN?– Tool that enables secure connection the network
when using public network (internet)– Use encryption to protect data (tunnel)– Uses hardware & software combo to secure access
Anti-Virus Software
• Why should you install updated anti-virus?– Prevent pc infection from virus, worms, Trojan
horse, malware in general– Virus vs Worms- what is the difference?
• Signature vs Heuristic virus– Signature relays on know pattern – Heuristic looks for pattern of potential virus (lots
of false positives)
Vulnerability Management
• Network based & Host based– Network base identify know vulnerabilities on the
network – Host based scan physical devices ( servers)
• Patch management• Intrusion Detection System (IDS)• Intrusion Prevention System (IPS)• Content Filtering • Encryption (symmetric & asymetric)
Summary Key Points
• Effective info sec program use a combination of People, Process & Technology
• People are the weakest link, therefore, it is the most important aspect of the program
• Process is the gel that binds People & Technology to effectively protect information assets
• Technology can be use to layer security for Defense –in-Depth approach to protect information asset.