Secure -Access Control-Encryption-Authentication

Secure

Securing the network involves the intelligent placement of security devices such as firewalls, IDS, and other systems. Before doing so, however, the security team should have a detailed knowledge of the network in which they work. This involves gathering and understanding attributes such as overall network size and topology, ingress and egress points, service locations, and general application flow parameters. Understanding the traffic and how it flows across the network is an essential step in security implementations.

Securing the network also involves the security policy established in the first step of the methodology. Each network and organization differs in their needs, which is why a tuned security policy is necessary. Security administrators will find that the following security solutions are required:

  • Access Control

  • Encryption

  • Authentication

  • Vulnerability Patching

Access Control

Access control mechanisms can take many forms. Perimeter barrier devices are often first considered when securing a network. Firewalls in the form of packet filters, proxies, and stateful inspection devices are all helpful agents in permitting or denying specific traffic through the network. Access controls also exist on end systems in the form of a privilege level for access to resources, configuration files, or data.


Note

Securing the enterprise requires intimate knowledge of your infrastructure including network design, services locations, and data traffic flow attri-butes, among others. Knowing these details allows you to place IDS and perimeter security devices such as firewalls in the most effective locations to prevent unwanted intrusions. Without this knowledge, administrators will waste corporate resources by over-deploying security infrastructure, or worse, missing unseen attack avenues into the enterprise.

Encryption

Encryption in the form of IPSec, PPTP, or other protocols can help ensure confidentiality of data transport within networks and between networks. Virtual Private Networks (VPNs) are often cost-effective measures to facilitate private communication across a shared network infrastructure.

Authentication

After thorough planning, security support infrastructure such as authentication, authorization, and accounting (AAA) systems can be implemented to provide verification for access and privilege control through firewalls and VPNs to services. Cisco offers Secure Access Control (ACS) as a means of implementing AAA. Several varying degrees of authentication can be integrated with AAA such as clear-text passwords, Microsoft CHAP, S/Key and SecurID. Administrators should set up logging capabilities for historical and forensic data analysis and monitoring.