By assessing all aspects of the networked business environment, it is possible to determine the ability of the organization to detect, defend against, and respond to network attacks. These are the key activities:
■ Security posture assessment: The first step in planning network security requires an evaluation of the network security posture of the organization. The security posture assessment provides a snapshot of the security state of the network by conducting a thorough assessment of the network devices, servers, desktops, and databases.
Analyze the effectiveness of the network security against recognized industry best practices to identify the relative strengths and weaknesses of the environment and document specific vulnerabilities that could threaten the business. Because network security involves all aspects of the business, it is necessary to assess security from a variety of perspectives, including the internal, external, dial-up, and wireless networks, and to provide recommendations on how to improve overall network security.
■ Internal assessment: With so much attention devoted to threats and incidents by hackers, administrators may overlook the security of the internal trusted network. The internal assessment is a controlled network attack simulation used to gauge the exposure present on internal systems, applications, and network devices. The assessment identifies the steps needed to thwart intentional attacks or unintentional mistakes from trusted insiders to effectively secure valuable information assets.
To go beyond automated detection of vulnerabilities, you could simulate a real intruder in a controlled, safe manner to confirm vulnerabilities manually. The assessment provides a more structured approach to identifying vulnerabilities that may go undetected. This secondary exploitation may include attempting to exploit trusted relationships between hosts, exploiting password weakness, or gaining administrative access to systems.
1-102 Security Cisco Network Devices (SND) v2.0 © 2006 Cisco Systems, Inc.
■ External assessment: The goal of an external assessment is to quantify the security risk associated with Internet-connected systems. After researching and confirming the registration of Internet devices, assessors scan the device for external visibility. Because most services have inherent and well-known vulnerabilities, it must be determined whether the services offered are potentially vulnerable.
■ Wireless assessment: The wireless assessment provides an evaluation of the security posture of the wireless network within the organization and identifies risks and exposures associated with a wireless deployment.
Assessors analyze the wireless technology architecture and configurations to identify authorized and unauthorized access points and to recommend solutions to strengthen the security of the wireless infrastructure. Assessors also check outside customer buildings to find wireless network traffic leaking from the buildings.
■ Dial-up assessment: The goal of dial-up assessment is to determine the security risks associated with remote-access services. Dial-up services can provide an attacker with an easy back door into a customer network, bypassing otherwise effective security measures such as firewalls.
■ Security posture assessment analysis and documentation: This assessment quantifies the security posture of the organization network by using metrics and graphs. The report should also provides technical details, including analysis of each IP address, an explanation of methods used to compromise network devices and systems, and a description of the likelihood that an attacker will use that same approach. The report then prioritizes the vulnerabilities, recommends actions to correct the security risks, and details remediation steps that will prevent future exploitation.
© 2006 Cisco Systems, Inc. Introduction to Network Security Policies 1-103
This topic describes the activities included in the design phase of the secure network life cycle.
Was this article helpful?