Why is network security important? What is the purpose/goal of security for an enterprise/organization?
CIA Triad
The principles of the CIA Triad form the foundation of security:
- Confidentiality
- Only authorized users should be able to access data
- Some data is accessible to the public, some only to certain groups, and yet others accessible only to very privileged individuals.
- Integrity
- Data should not be tampered with by unauthorized users
- Data should be correct and authentic
- Availability
- The network/systems/data should be working and accessible to authorized users
- It is very easy to make security systems that, while secure, are excessively or needlessly burdensome to the people who actually need to use the systems we’re protecting.
Attackers can (and will) try to compromise any and all of these three.
Definitions
Vulnerability
- Any potential weakness that can compromise the CIA of a system/data.
- A potential weakness isn’t a problem on its own — they are inevitable to some extent
Exploit
- Anything (a tool, method, bug/glitch, etc.) that can potentially be used to exploit a vulnerability.
- Something that can potentially be used as an exploit isn’t a problem on it’s own
Threat
- The potential of a vulnerability to be exploited.
- E.g. a hacker exploiting a vulnerability in your system
Mitigation Technique
- Something that can protect against threats
- Should be implemented everywhere a vulnerability can be exploited: clients, servers, switches, routers, firewalls, etc.
- Also includes physical protection (doors, locks, security guards, etc.)
Common Attacks
- DoS (Denial of Service)
- Spoofing
- amplification
- Man-in-the-middle
- Reconnaissance
- Malware
- Social engineering
- Password-related
There are many more than this, and there are very intelligent people who spend a lot of time coming up with new ones; some with malicious intent, some to try and preempt their use, and some out of academic curiosity. This list is just some of the more common attacks that any given organization is likely to have to defend against.
Authentication, Authorization, & Accounting
AAA, Authentication, Authorization, & Accounting, is a framework for controlling and monitoring users of a computer system.
Authentication is the process of verifying a user’s identity.
- Passwords, Multi-Factor Authentication, etc.
Authorization is the process of granting the user the appropriate access and permissions.
- Most users should have access to some files and services, but should not have access to others.
Accounting is the process of recording user activities on the system.
- Logging login attempts, when a user makes changes to a file, etc.
Organizations typically use a AAA server to provide these services. Cisco’s AAA server is called Cisco Identity Services Engine (ISE). AAA servers typically support the following two AAA protocols:
- RADIUS - An open standard protocol. Uses UDP ports 1812 and 1813.
- TACACS+ - A Cisco propriety protocol. Uses TCP port 49
Elements of a Security Program
A ‘Security Program’ is an organizations policies and procedures for maintaining the security of their computer system/network. They tend to be multi-faceted, especially in larger enterprises. I can’t cover all of the possible parts of a security program here, but these are common inclusions:
- User awareness programs - a system for making employees aware of potential security threats.
- These could be anything from sending out an email to the IT department creating its own phishing website and if employees fall for it, informing them to be more careful in the future.
- User training programs - more formal than a user awareness program.
- Dedicated training sessions, lectures, etc. to teach employees about the importance of security best-practices, and how to follow them. (e.g. how to make strong passwords, or how to identify phishing)
- Physical access control - protecting equipment and data from attackers by only allowing authorized users into protected areas (e.g. network closets, data center floors)
- RFID Badge locks, PIN locks, biometrics, etc.
Wireless Security Considerations
There are particular measures that must be taken for securing wireless networks. See Wireless Security for more information.
Footnotes
The “CIA Triad” has nothing to do with the Central Intelligence Agency, despite really sounding like it would.