security planning and policyWord格式文档下载.docx

1、Most security incidents occur because system administrators do not implement available countermeasures, and hackers or disgruntled employees exploit the oversight. Therefore, the issue is not just one of confirming that a technical vulnerability exists and finding a countermeasure that works, it is

2、also critical to verify that the countermeasure is in place and working properly.This is where the Security Wheel, a continuous process, is an effective approach . The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis.To begin the Security Wheel process

3、, first develop a security policy that enables the application of security measures. A security policy needs to accomplish the following tasks: Identify the security objectives of the organization. Document the resources to be protected. Identify the network infrastructure with current maps and inve

4、ntories. Identify the critical resources that need to be protected, such as research and development, finance, and human resources. This is called a risk analysis. After the security policy is developed, make it the hub upon which the four steps of the Security Wheel are based. The steps are secure,

5、 monitor, test, and improve.Secure Secure the network by applying the security policy and implementing the following security solutions : Threat Defense o Stateful Inspection and packet filtering Filter network traffic to allow only valid traffic and services. o Intrusion Prevention Systems Inline i

6、ntrusion detection systems （IDS）, which is better termed intrusion prevention systems （IPS）, can be deployed at the network and host level to actively stop malicious traffic. o Vulnerability patching Apply fixes or measures to stop the exploitation of known vulnerabilities. This includes turning off

7、 services that are not needed on every system. The fewer services that are enabled, the harder it is for hackers to gain access. Secure Connectivity o Virtual Private Networks （VPNs） Hide traffic content to prevent unwanted disclosure to unauthorized or malicious individuals. Trust and Identity o Au

8、thentication Give access to authorized users only. One example of this is using one-time passwords. o Policy enforcement Assure users and end devices are in compliance with the corporate policy. Monitor Monitoring security involves both active and passive methods of detecting security violations . T

9、he most commonly used active method is to audit host-level log files. Most operating systems include auditing functionality. System administrators for every host on the network must turn these on and take the time to check and interpret the log file entries.Passive methods include using intrusion de

10、tection system （IDS） devices to automatically detect intrusion. This method requires only a small number of network security administrators for monitoring. These systems can detect security violations in real time and can be configured to automatically respond before an intruder does any damage.An a

11、dded benefit of network monitoring is the verification that the security devices implemented in Step 1 of the Security Wheel have been configured and are working properly.Test In the testing phase of the Security Wheel, the security of the network is proactively tested . Specifically, the functional

12、ity of the security solutions implemented in Step 1 and the system auditing and intrusion detection methods implemented in Step 2 must be assured. Vulnerability assessment tools such as SATAN, Nessus, or NMAP are useful for periodically testing the network security measures at the network and host l

13、evel.Improve The improvement phase of the Security Wheel involves analyzing the data collected during the monitoring and testing phases, and developing and implementing improvement mechanisms that feed into the security policy and the securing phase in Step 1 . To keep a network as secure as possibl

14、e, the cycle of the Security Wheel must be continually repeated, because new network vulnerabilities and risks are created every day.With the information collected from the monitoring and testing phases, intrusion detection systems can be used to implement improvements to the security. The security

15、policy should be adjusted as new security vulnerabilities and risks are discoveredNetwork security policySecurity policies are worth the time and effort needed to develop them. A security policy benefits a company in the following way: It provides a process to audit existing network security. It pro

16、vides a general security framework for implementing network security. It defines which behavior is and is not allowed. It often helps determine which tools and procedures are needed for the organization. It helps communicate consensus among a group of key decision makers and defines the responsibili

17、ties of users and administrators. It defines a process for handling network security incidents. It enables global security implementation and enforcement. It creates a basis for legal action if necessary. Computer security is now an enterprise-wide issue and computing sites are expected to conform t

18、o the network security policy.Developing a Security Policy A security policy can be as simple as a brief Acceptable Use Policy for network resources, or can be several hundred pages long and detail every element of connectivity and associated policies. Although somewhat narrow in scope, RFC 2196 sui

19、tably defines a security policy as follows :A security policy is a formal statement of the rules by which people who are given access to an organizations technology and information assets must abide.It is important to understand that network security is an evolutionary process. No single product can

20、 make an organization secure. True network security comes from a combination of products and services, combined with a comprehensive security policy and a commitment to adhere to that policy from the top of the organization down. In fact, a properly implemented security policy without dedicated secu

21、rity hardware can be more effective at mitigating the threat to enterprise resources than a comprehensive security product implementation without an associated policy.In order for a security policy to be appropriate and effective, it needs to have the acceptance and support of all levels of employee

22、s within the organization, including the following: Site security administrator. Information technology technical staff, such as staff from the computing center. Administrators of large user groups within the organization, such as business divisions or a computer science department within a universi

23、ty. Security incident response team. Representatives of the user groups affected by the security policy. Responsible management. Legal counsel, if needed. It is extremely important that management fully support the security policy process. Otherwise, there is little chance that the process will have

24、 the intended impact.An effective security policy works to ensure that the network assets of the organization are protected from sabotage and from inappropriate access, both intentional and accidental. All network security features should be configured in compliance with the organizations security p

25、olicy. If a security policy is not present, or if the policy is out of date, the policy should be created or updated before deciding how to configure security on any devices.Figure illustrates the traits that any security policy should include.Developing Security Procedures Security procedures imple

26、ment security policies. Procedures define configuration, login, audit, and maintenance processes. Security procedures should be written for end users, network administrators, and security administrators. Security procedures should specify how to handle incidents. These procedures should indicate wha

27、t to do and who to contact if an intrusion is detected. Host and server based security components and technologiesIt is critical to protect network hosts, such workstation PCs and servers. These hosts need to be secured as they are added to the network and updated with security patches as they becom

28、e available. Additional steps can be taken to secure these hosts. Anti-virus, firewall, and intrusion detection are valuable tools that can be used to secure network hosts. Because many business resources may be contained on a single file server, it is especially important for servers to be accessible and available. Device Hardening When a new operating system is installed on a computer, the security settings are all set to the default values. In most cases this level of security is inadequate. There are some simple steps that should be taken th