|[ LiB ]|
It's very likely that tomorrow's network security breach hasn't been addressed or anticipated by today's network security policy. As such, the security policy requires a continuous process of evaluation, tuning, and adjustment. Figure 2.1 shows Cisco's Security Wheel, defined by Cisco to illustrate how securing, monitoring, and testing network security together support the process of updating a security policy.
The Cisco Security Wheel illustrates four steps in the process of achieving and maintaining network security. Those steps are as follows :
The following sections discuss each of these steps in detail.
Securing the environment involves using different tools to address different points of vulnerability. Authentication systems, such as one-time-passwords (OTP) support and Cisco Secure Access Control Server (CSACS), help protect networks by allowing only authenticated users into the environment. You can use encryption techniques to disguise data traveling across insecure media. Systems with known security holes should be kept up-to-date through vulnerability patching. Physical security, often overlooked, involves keeping equipment secure behind locked doors. For example, if an intruder can physically access Cisco equipment, then he or she can use password-breaking procedures and wreak havoc on your network.
Methods to mitigate the risk of specific attacks to secure the network environment are reviewed later in this chapter.
Monitoring for violations of network security plays a critical role in determining how effective the secured environment is in supporting the security policy requirements. Using intrusion detection systems, such as the Cisco Secure Intrusion Detection System (CSIDS), can provide an effective solution for monitoring and blocking unwanted traffic. You can record logging information such as user access and modifications to system settings.
Once you've established the security environment and its monitors , testing them is the only way to be sure that your security measures support your policy. Outsourcing testing to a third party, such as the Cisco Secure Posture Assessment (SPA) group , is a good way to make sure that your tests are objective and comprehensive.
In today's environment of publicly available hacking tools and the continuous discovery of new application vulnerabilities, improving the security policy is a continuous job. Monitoring, testing, and identifying flaws and attacks against the network are critical in refining and tuning the security policy.
Vulnerability reports and security advisories help administrators stay abreast of new potential attacks and should be considered when you perform Step 4, improving the security policy.
|[ LiB ]|