Cisco’s Aegis Wheel

Cisco’s Aegis Wheel

Experienced aegis professionals generally say that advice aegis is not a

goal or result, it is a process.This adage refers to the actuality that you can never

www.syngress.com

12 Chapter 1 • Introduction to Aegis and Firewalls

secure your arrangement and again be done with it. Advice aegis is a dynamic

field that is always presenting challenges in the anatomy of new technology, new

threats, and new business processes. If you were to set a ambition defended accompaniment and

then absolutely accomplish it, you would acquisition that the mural had afflicted and further

effort is required. One archetype of this array of change is the advancing discovery

of vulnerabilities in absolute software, for which patches charge be applied.

Although this action ability assume alarming and generally frustrating, it is what keeps

many aegis practitioners absorbed in the acreage and aflame about alive in a

mode of connected improvement. Cisco has created a model, alleged the Cisco

Security Wheel, that shows this action graphically (see Figure 1.2).

The Aegis Wheel absolutely starts “rolling” back you accept created your corporate

security policy.The archetypal defines four advancing steps:

1. Defended the environment.

2. Monitor action and acknowledge to contest and incidents.

3. Test the aegis of the environment.

4. Advance the aegis of the environment.

Each of these accomplish is discussed in detail in the afterward sections.

Securing the Environment

The assignment of accepting an absolute arrangement can be cutting if beheld in the

whole, abnormally if it covers assorted locations and bags of systems.

However, you can accomplish the action abundant added acquiescent by breaking it down

into abate subtasks. Based on the accident assay that was performed during the

www.syngress.com

Figure 1.2 The Cisco Aegis Wheel

Corporate

Security

Policy

Secure

Monitor and

Respond

Test

Manage and

Improve

Introduction to Aegis and Firewalls • Chapter 1 13

policy development process, you can analyze which of the afterward areas need

attention first, second, and so on:

 Confidentiality For example, does your action specify that sensitive

information actuality announced over accessible networks such as the

Internet needs to be encrypted? If so, you ability appetite to activate evaluating

deployment of basic clandestine arrangement (VPN) technology.A VPN

creates an encrypted “tunnel” amid two sites or amid a remote

user and the aggregation network. Other efforts may accommodate user education

in administration of acute information.

 Candor Does the accident appraisal analyze accurate risks to company

information? Does your aggregation advance a high-traffic Web site?

Various accoutrement and processes can be acclimated to enhance the candor of your

information.

 Availability Various factors that accept an appulse on the availability of

critical networks and systems ability accept been identified.This breadth of

security, although important, will apparently prove beneath analytical than some

of the others, unless you accept been experiencing accepted arrangement outages

or accept been the victim of accepted DoS attacks.

 Authentication Although it’s one of the aboriginal curve of defense, authentication

is a accepted breadth of weakness. Abounding organizations do not have

adequate countersign behavior and processes in place. For example, passwords

are not afflicted on a approved basis, are not appropriate to be of a

certain akin of complexity, or can be reused.

 Admission ascendancy Addition accepted breadth of weakness, admission controls at

both the arrangement and arrangement level, are generally not as able as they should

be. Drives may be aggregate by all users with read/write access.The typical

user has a greater akin of admission than he or she needs to do a job.

Tightening up admission controls can aftereffect in abundant improvements in a

company’s aegis posture. Some abstruse solutions accommodate firewalls,

router admission lists, and action administration accoutrement that validate and

perhaps ascendancy book arrangement access.

 Auditing This is a primary action in the abutting phase, monitoring.

Another key assignment in accepting your systems is closing vulnerabilities by turning

off added casework and bringing them up to date on patches. Casework that

have no authentic business charge present an added accessible access of advance and

www.syngress.com

14 Chapter 1 • Introduction to Aegis and Firewalls

are aloof addition basic that needs application attention. Keeping patches accepted is

actually one of the best important activities you can accomplish to assure yourself,

yet it is one that abounding organizations neglect.The Code Red and Nimda worms

of 2001 were acknowledged primarily because so abounding systems had not been patched

for the vulnerabilities they exploited, including assorted Microsoft Internet

Information Server (IIS) and Microsoft Outlook vulnerabilities. Patching, especially

when you accept hundreds or alike bags of systems, can be a monumental

task. However, by defining and documenting processes, application accoutrement to

assist in agreement management, subscribing to assorted vulnerability alert

mailing lists, and prioritizing patches according to criticality, you can get a better

handle on the job. One advantageous certificate to abetment in this action has been published

by the U.S. National Institute of Standards and Technology (NIST), which

can be begin at http://csrc.nist.gov/publications/nistpubs/800-40/sp800-40.pdf

(800-40 is the certificate number). Application sources for a few of the key operating

systems are amid at:

 Microsoft Windows: http://windowsupdate.microsoft.com

 Sun Solaris: http://sunsolve.sun.com

 Red Hat Linux: www.redhat.com/apps/support/resources

 Hewlett-Packard HP/UX: http://us-support.external.hp.com

Also important is accepting a complete compassionate of your arrangement topology

and some of the key advice flows aural it as able-bodied as in and out of it.This

understanding helps you ascertain altered zones of assurance and highlights where

rearchitecting the arrangement in places ability advance security—for example, by

deploying added firewalls internally or on your arrangement perimeter.