International Journal of Innovations in Computing (ISSN : 2319-8257) Vol. 2 Issue 4

Managing the Organizational Network Security

Anamika Sharma

MTech Student Lingaya’s University, Faridabad [email protected]

Abstract - Organizations daily face threats to their To prevent interruptions to business activities and information assets. At the same time, they are becoming ensure the correct and secure operation of computer and increasingly dependent on these assets. The rapid growth in network facilities by: the size and complexity of organizational networks will soon • Minimizing the risk of systems failures make the current way of manual management infeasible. Most information systems are not inherently secure, and (through use of appropriate operational technical solutions are only one portion of a holistic procedures and plans) approach to information security. Recent years have seen • Safeguarding the integrity of the University’s many tools developed to automate this process. Establishing software and data information security requirements is essential, but to do so, • Maintaining the integrity and availability of organizations must understand their own unique threat information services, networks and supporting environment. There are also tools that scan networks and infrastructure discover possible attack scenarios involving complex combination of multiple vulnerabilities. In this paper we are • Preventing damage to assets by controlling and describing the network security followed by the management physically protecting computer media of that network security. II. DESIGNING SECURE NETWORKS

Keywords: Network Security; Information Security; Security The architecture of a network includes hardware, Management; Security Infrastructure. software, information link controls, standards, topologies, and protocols. A protocol relates to how I. INTRODUCTION computers communicate and transfer information. There It is not possible to protect anything unless one clearly must be security controls for each component within the understands WHAT one wants to protect. Organizations architecture to assure reliable and correct data of any size should have a set of documented resources, exchanges. Otherwise the integrity of the system may be assets and systems. Each of these elements should have compromised. a relative value assigned in some manner as to their In designing the network, it's necessary to consider importance to the organization. A key issue in network three factors: security management is how to define a formal security • The user should get the best response time and policy. A good policy specification should be easy to get throughput. Minimizing response time entails right and relatively stable, even in a dynamically shortening delays between transmission and changing network. Much work has been done in receipt of data; this is especially important for automating network security management. But the interactive sessions between user applications. policy languages used are usually operational and do not Throughput means transmitting the maximum explicitly express the underlying security goal. amount of data per unit of time. Appropriate management of our computers (host, • The data should be transmitted within the servers and desktops) and the network infrastructure network along the least-cost path, as long as interconnecting them is a critical information security other factors, such as reliability, are not requirement for the organization. compromised. The least-cost path is generally The underlying IT infrastructure must be the shortest channel between devices with the designed, procured, deployed, operated and maintained fewest intermediate components. Low priority in accordance with good information security principles. data can be transmitted over relatively At the same time security systems must be maintained inexpensive telephone lines; high priority data in a manner appropriate to the business requirements can be transmitted over expensive high speed and commensurate with the value of data they contain satellite channels. and permit access to.

www.klresearch.org Page 5

International Journal of Innovations in Computing (ISSN : 2319-8257) Vol. 2 Issue 4

• Reliability should be maximized to assure continual improvement—to keep the various proper receipt of all data. Network reliability requirements in perspective and to avoid forgetting includes the ability not only to deliver error- about aspects of security. Security management centers free data, but also to recover from errors or lost on the concept of a security policy, which is a document data. The network's diagnostic system should containing a set of rules that describes how security be able to locate component problems and should be configured for all systems to defend against a perhaps even isolate the faulty component from complete set of known threats. The security policy the network. creates a balance between security and usability. The executive management team of your organization should III. ORGANIZATIONAL NETWORK determine where to draw the line between security SECURITY concerns and ease of use. Just think of a security policy Organizational Security control addresses the need as the security rules for your organization along with for a management framework that creates, sustains, and policies for continual enforcement and improvement. manages the security infrastructure, including: The Management Security Forum consists of the Chief  Management Information Security Forum Information Officer, Engineering Manager, NOC or Provides a multi-disciplinary committee Data Center Manager, and the Information System chartered to discuss and disseminate Security Officer. Other members are included as information security issues throughout the required. organization. Management Security Forum duties include:  Information System Security Officer (ISSO) • Provide ongoing management support to the Acts as a central point of contact for security process information security issues, direction, and • Serve as an alternative channel for discussion decisions. of security issues  Information Security responsibilities • Develop security objectives, strategies, and Individual information security responsibilities policies are unambiguously allocated and detailed • Discuss status of security initiatives within job descriptions. • Obtain and review security briefings from the  Authorization processes Information System Security Officer Ensures that security considerations are • Review security incident reports and evaluated and approvals obtained for new and resolutions modified information processing systems. • Formulate risk management thresholds and  Specialist information assurance requirements Maintains relationships with independent • Yearly review and approval of the Information specialists to allow access to expertise not Security Policy available within the organization. Network security management is by nature a  Organizational cooperation distributed function. Applications that may utilize Maintains relationships with both information- security management include firewalls, databases, sharing partners and local law-enforcement Email, teleconferencing, electronic commerce, intrusion authorities. detection, and access control applications. Security  Independent review management faces the same security threats as other Mechanisms to allow independent review of distributed applications. Coordinated management of security effectiveness. security is not feasible without a secure management  Third-party access infrastructure that protects in transit messages from Mechanisms to govern third-party interaction modification, spoofing, and replay. Although end within the organization based on business system security is beyond the scope of this discussion, it requirements. is clear that key management, access control, and  Outsourcing reliable implementation of management software are Organizational outsourcing arrangements critical also. In its crudest form, security management should have clear contractual security could require human presence at every security device requirements. and manual evaluation of all significant events. On the other hand, we believe that remote monitoring with IV. MANAGING NETWORK SECURITY computer assisted correlation and management of Managing computer and network security is easier system events is just as viable for security management than it may seem, especially if you establish a process of as it is for network management. In fact, it may be www.klresearch.org Page 6

International Journal of Innovations in Computing (ISSN : 2319-8257) Vol. 2 Issue 4 argued that detection of sophisticated attacks need the progress or complete. Audit logs provide a help of computer-assisted correlation tools even more record of configuration changes, supporting than network management systems. Here are some task central oversight of business policy which we have to perform for network security compliance. management. • Schema updates • Device configuration management Schema driven application that allows users to Centralized interface to quickly and easily support updates and new devices quickly. deploy one or more devices provides a similar, • Log and report management intuitive interface across all device types and High-performance log storage mechanism versions, along with complete support for all allows collection and monitoring of detailed device features. Device templates enable historical information on key criteria such as administrators to define and maintain network traffic and security events. Using the commonly used configurations in one place. complete set of built-in analysis tools, • Policy management administrators can quickly generate reports for Provides an intuitive, rule-based approach for investigative or compliance purposes. all device families being managed, with a complete view of rule behaviors and options V. SECURITY RISK ASSESSMENT and powerful filtering capabilities. Allows The process of managing the risk is accomplished network objects and services to be dragged and by developing a risk management and mitigation dropped directly into the policy rules from strategy, whereby assets, threats, and vulnerabilities are within the Policy or Object Manager window. identified and the commensurate risk is quantified. • Centralized object management Controls can then be selected to avoid, transfer, or Shared Object manager allows central reduce risk to an acceptable level. Security risk administration of network, service, Network assessment is a method to maximize use of finite Address Translation (NAT), attack, organizational assets based on measurable risk and antivirus/deep inspection objects from one organizational risk tolerance. Risk assessment steps are interface that can be used by one or more as follows: policies. • Identify assets within the security perimeter • Real-time monitoring An asset can be a tangible item, such as Enables administrators to actively monitor the hardware, or intangible, such as an status of large numbers of firewall/VPN and organizational database. By definition, an asset IDP Series devices, clusters, and VPN tunnels. has value to the organization, hence requires • Intelligent security updates protection. Assets must be identified, and An automatic, scheduled process updates the ownership must be established. A relative NSM attack object database, and new attack value must also be established for each asset so object databases can be automatically pushed importance can be established when risks are to security devices. quantified. • Topology view • Identify threats to the assets Centralized interface to discover and visualize Threats exploit or take advantage of asset a layer 2 topology on an Ethernet switched vulnerabilities to create risks. Threats to each network. Discovered topology is automatically asset must be identified. There can be multiple organized into sub networks, and network threats for each asset. Identification of threats administrators can view the topology of each must be realistic. Only those threats that have a sub network as well as view the topology significant probability, or extreme harm should between sub networks. The zoom in and zoom be considered. For example, a threat to the out capability allows network administrators to organizational database may be theft or easily navigate through the various parts of the alteration. network. The topology view also lists the • Identify vulnerabilities to the assets various end hosts connected to the switch. Vulnerabilities are recognized deficiencies in • User activity management assets that can be exploited by threats to create Object locking allows multiple administrators risk. An asset may have multiple to safely modify different policies or devices vulnerabilities. For example, the vulnerability concurrently. Job Manager provides centralized to an organization’s database may be a poor status for all device updates, whether in access control or insufficient backup.

www.klresearch.org Page 7

International Journal of Innovations in Computing (ISSN : 2319-8257) Vol. 2 Issue 4

• Determine realistic probability and Systems Management 14, pp. 483-491, Probabilities for each threat/vulnerability DOI 10.1007/s10922-006-9044-7 (2006) combination should be determined. [4] Angelos D. Keromytis, Sotiris Ioannidis, Combinations with statistically insignificant Michael B. Greenwald, and Jonathan M. Smith. probability may be ignored. The STRONGMAN architecture. In • Calculate harm Proceedings of the 3rd DARPA Information Harm (sometimes referred to as impact) may Survivability Conference and Exposition be quantified numerically to reflect damage (DISCEX III), pages 178 – 188, Washington, from a successful exploit. This value allows the DC, April 2003. rating on a relative scale of the seriousness of a [5] Sushil Jajodia, Steven Noel, and Brian given risk independent of its probability. Harm O’Berry. Topological Analysis of Network is not related to probability. Attack Vulnerabiity, chapter 5. Kluwer • Calculate risk Academic Publisher, 2003. Mathematically, risk can be expressed as: [6] Oleg Sheyner, Joshua Haines, Somesh Jha, Probability x Harm = Risk. This calculation Richard Lippmann, and Jeannette M. Wing. results in a numeric rating of asset-based risk Automated generation and analysis of attack for a given set of threats and vulnerabilities. graphs. In Proceedings of the 2002 IEEE This numerical interpretation allows Symposium on Security and Privacy, pages prioritization of finite risk-mitigating 254– 265, 2002. resources. [7] Paul Ammann, Duminda Wijesekera, and Saket Kaushik. Scalable, graph-based network VI. CONCLUSION vulnerability analysis. In Proceedings of 9th This study has demonstrated how differing the ACM Conference on Computer and viewpoints of the organization and the individual are Communications Security, Washington, DC, when it comes to network security management. November 2002. Organization’s needs are often more directly connected [8] N. Damianou, N. Dulay, and M Sloman E. with their financial mission or goal. This often means Lupu. The ponder policy specification that they look for network security management to language. In Workshop on Policies for lower costs arising from network security breaches or Distributed Systems and Networks for enabling new business opportunities. Today network (Policy2001), HP Labs Bristol, Jan 2001. security has to do with protecting your sensitive [9] Ronald W. Ritchey and Paul Ammann. Using information from both outsiders and insiders. You need model checking to analyze network a security policy that covers all risks. Security tools such vulnerabilities. In 2000 IEEE Symposium on as firewalls, antivirus software, and encryption will help Security and Privacy, pages 156–165, 2000. your company deter access to unauthorized users. Believing that your environment is secured is not enough. You have to take a proactive approach to security, making sure that newer technologies are implemented to keep up with sophisticated hacker tools. A safe and secure computer environment will protect your investments for the coming years. REFERENCES [1] Blum, Magedanz, Schreiner, Wahle, "From IMS Management to SOA based Management", Journal of Network and Systems Management (2009) 17, pp. 33-52 [2] L. Bernstein: ―Network management isn’t dying, it’s just fading away‖, Journal of Network and Systems Management 15, pp. 419-424, DOI 10.1007/s10922-007-9080-y (2007) [3] Gupta: ―Network Management: Current Trends and Future Perspectives‖, Journal of Network

www.klresearch.org Page 8