Computer network and security management

>


Most Viewed Networking Devices:

  1. Small business firewalls
  2. Computer networking hardware
  3. High speed gigabit PCI adapter
  4. USB 3.0 PCI Card for Super Speed Data Transfer Rate
  5. Small Business Computer Network with Apple Mac Mini Server
  6. NSA 240 Sonicwall Small Business Network Security
  7. Cisco WRVS4400N Wireless Security Router
  8. Cisco RV 120W Wireless-N VPN Firewall and VLAN Router
  9. Cisco RV016 Multi WAN Router For Small Business
  10. Cisco RV220W Small Business Router
  11. Cisco RV082 Dual WAN VPN Router
  12. Edimax EnduraLINK ER-1088 Multi WAN Routers
  13. TL-R4299G Dual WAN Router for Internet Café
  14. New WNDR4500 N900 Vs Tew-692GR N900 Routers
  15. Netgear WNDR4000 and WNDR3800 Dual Band Routers
  16. Linksys E2500 Advanced Dual Band Router Vs E2000
  17. Linksys E-4200 Dual Band Gigabit Router

Most viewed Security Management:

  1. Information security management
  2. Firewalls Security Guidelines
  3. Business Continuity and Disaster Recovery Planning
  4. An Example of LAN Network Risk Assessment
  5. Information security policy guidelines
  6. Network Security Best Practices
  7. IT Security Risk Assessment

Most Viewed Networking Concepts:

  1. Local area network topology
  2. LAN Cable - standard deployment
  3. Easy way to calculate subnet mask
  4. VLAN tutorial
  5. WAN technologies
  6. Route summarization
  7. Understanding firewall with DMZ

 
«  
  »

Network Security Standards

Computer Network Security System implements the best practices of Network Security Management and policy, and implements the minimum and recommended requirements of Network Security Standards for medium-scaled business and corporate organization.

Computer Network Security System in a medium to large scale network infrastructure within an organization is achieved via the implementation of a best practices security policy and by following a defense in depth procedure. This policy as a minimum should encompass physical access, switch and router access controls, VLAN support, encryption, as well as router connections and packet filtering.

Unlike Computer network security system in a home environment that can use powerful internet security software such as BitDefender Security 2009, the network security standard in a large scale network environment identifies components that must be addressed in order to deliver a secure network environment.

Minimum Requirement of Computer Network Security System

Implementing a computer network security system should comply with the minimum requirements of the network security standards. The minimum requirement with regards to Network Security Standards in a large organization is:

  • All physical access points and network equipment (network routers, servers and LAN switches) must be physically secured.
  • All the Operating systems used and device firmware must be patched at the earliest to prevent security holes.
  • All routers must have strong secure passwords assigned, as well as Switches, and other Networking devices.
  • Controlling remote access to networking devices (Telnet and SNMP) must use IP address restrictions policy with access granted to only authorize IT support personnel.
  • Networking devices should have a “Message of the Day” or “Login” banners that defines a legal warning (not welcome) message to any unauthorized users attempting to access the device.
  • Limitations to Session timeouts on console and telnet access should be less than 10 minutes (unattended) on all networking devices. This is to prevent security breaches via unattended management terminals.
  • The minimum characters long for the Passwords and SNMP community names must be set to eight and must consist of an alphanumeric password. Passwords should not be susceptible to basic brute force or dictionary attacks. Read more about password tips here.
  • If not required, all the Management services such as SNMP must be disabled or protected.
  • All encryption keys for all public network communications (Internet and wireless) must be routinely changed in a secure fashion to prevent eavesdropping and data manipulation based attacks.
  • Suitable perimeter defenses must be enforced for any public network, including the Internet. This can be done by using a packet filter (extended access-list) based router in conjunction with a suitable configured firewall. For Internet connections a firewall with a strong enforcement policy must be used. Use strong router based “inbound” access-lists for restricting incoming Internet traffic on all perimeter routers. Access-lists should be simple but effective in controlling unwanted traffic and providing security to key network assets

For a much better computer network security system, the recommended requirement with regards to Network Security Standards is as above plus the following addition:

  • VLANs can be used to segment users and control resource access. Inter-VLAN traffic can be controlled via access-lists on configured routers (or layer-3 switches).
  • Switch based port-level (MAC-address) security can be used in high risk public access environments to further restrict device access.
  • Protecting the management passwords for all network device configurations, strong password encryption must be used.
  • To prevent 3rd party devices from route infecting the network, dynamic routing protocols should only be enabled on router links. While on user access links, routing protocols should not be run.
  • Routing update messages should be protected using a secure authentication mechanism (MD-5 hash) in the routing protocols.
  • Access logging to key devices should be used to record device access and configuration changes. In hostile network environments, packet logging may also be a requirement.

Computer Network Security system regarding the Physical security is imperative in providing a solid foundation for all other security and is often overlooked. All networking infrastructure must be securely located and access only granted to authorize personnel. Any device can be compromised if physical access is permitted.

Computer Network security system should manage the Switches and routers that must be configured in such away to provide adequate network security. Telnet and SNMP restrictions enforce authorized management to the device. Session timeouts can be used to close vacant management sessions. A legal “Message of the Day” warning message is required to deter unauthorized access to these devices.

Network device security is critical in maintaining the operational success of a network. All key networking devices (routers and switches) must have strong alphanumeric passwords. Any unused TCP/UDP small services running on these devices should be disabled. SNMP and telnet should be restricted via IP address to govern who can access and manage these devices.

Switches may use VLANs to define separate security boundaries based on workgroup or location settings. MAC-based port restrictions on LAN switches can be used to further restrict network access in hostile public access environments.

Routers should be configured securely to ensure only authorized business intended traffic flows exist. Access-lists must be used to restrict network traffic in environments where network security threats may exist. Packet filters should be used to prevent unauthorized access to key business resources, but should not stop registered network traffic. Packet filters (inbound extended access-list) as a minimum should be configured on perimeter routers to provide protection from the Internet (or other public networks).

Any public Internet connection must be secured with a perimeter router and a firewall. The router functions as the first level defensive packet screener and the firewall functions as a last-line of defense from the public network. Wireless LAN connections must also be secured via encryption and preferably connected via fire-walled network segment.

Sensitive data traversing a public link such as the Internet must be encrypted using VPNs. Network device configuration over public links should also be encrypted.

Network Security Standards

Network Security Standards

By not following a basic security policy, unauthorized network access is possible. This includes access to sensitive resources that have a high security risk. Having a basic security policy on the network ensures that resources are not readily compromised. Network components such as switches and routers are core to the operational integrity of the network and as such should be adequately protected.

Share
August 3rd, 2009 | Tags: , , | Category: Information Security

1 comment to Network Security Standards

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>