Lesson
11: Security Basics
Welcome to the Lesson 11.Our goal here is
to give you the terminology, the words that your customers
are going to want you to know and want you to be able to converse
with.
The
Agenda
- Why
Security?
- Security
Technology
-
Identity
-
Integrity
-
Active Audit
All Networks Need Security
Security is very important. The Internet
is a wonderful tool. Meteoric growth like that of Cisco from
nowhere to a multi-billion dollar company in a decade would
not be possible without leveraging the tools available with
the internet and intranet.
But without well defined security, the Internet can be a dangerous
place. The good news is that the tools are available to make
the Internet a safe place for your business. Some people think
that only large sites are hacked. In reality, even small company
sites are hacked.
There’s a false impression from many small company owners
that, "Hey, who would want to break into my company?
I’m a nobody.
I’m not a big corporation like IBM or the Pentagon or
something like that, so why would somebody want to break into
my company?"
The reality is that even small companies are hacked into very,
very often.
Why Security?
Why network security? There’s three primary reasons
to explore network security.
- One is policy vulnerabilities.
- Another one, configuration vulnerabilities.
- Lastly, there’s technology vulnerabilities.
And the bottom line is there are people that are willing and
eager to take advantage of these vulnerabilities.
Security Threats
So these are some of the different things that we need to
protect against:
Loss of privacy: Without encryption,
every message sent may be read by an unauthorized party. This
is probably the largest inhibitor of business-to-business
communications today.
Impersonation: You must also be
careful to protect your identity on the Internet. Many security
systems today rely on IP addresses to uniquely identify users.
Unfortunately this system is quite easy to fool and has led
to numerous break-ins.
Denial of service:And you must ensure
that your systems are available. Over the last several years,
attackers have found deficiencies in the TCP/IP protocol suite
that allows them to arbitrarily cause computer systems to
crash.
Loss of integrity:Even for data
that is not confidential, one must still take measures to
ensure data integrity. For example, if you were able to securely
identify yourself to the your bank using digital certificates,
you would still want to ensure that the transaction itself
is not modified in some way, such as by changing the amount
of the deposit.
Security Objective: Balance Business Needs with
Risks
Objectives for security need to balance the
risks of providing access with the need to protect network
resources. Creating a security policy involves evaluating
the risks, defining what’s valuable, and determining
whom you can trust. The security policy plays three roles
to help you specify what must be done to secure company assets.
-It specifies what is being protected and
why, and the responsibility for that protection.
-It provides grounds for interpreting and
resolving conflicts in implementation, without listing specific
threats, machines, or individuals. A well-designed policy
does not change much over time.
-It addresses scalability issues
Employees expect access but an enterprise requires security.
It is important to plan with scalability and deployment of
layered technologies in mind. Security policies that inhibit
productivity may be too restrictive.
[1] [2]
[3]
[4] [5]
[6] [7]
[8] [9]
[10]
[11] [12]
[13]
Next>>
|
