Discussing Network Security and Cisco
The security wheel

Most security incidents occur because system administrators do not implement available countermeasures, and hackers or disgruntled employees exploit the oversight. Therefore, the issue is not just one of confirming that a technical vulnerability exists and finding a countermeasure that works, it is also critical to verify that the countermeasure is in place and working properly.

This is where the Security Wheel, a continuous process, is an effective approach . The Security Wheel promotes retesting and reapplying updated security measures on a continuous basis.

To begin the Security Wheel process, first develop a security policy that enables the application of security measures. A security policy needs to accomplish the following tasks:

  • Identify the security objectives of the organization.
  • Document the resources to be protected.
  • Identify the network infrastructure with current maps and inventories.
  • Identify the critical resources that need to be protected, such as research and development, finance, and human resources. This is called a risk analysis.

After the security policy is developed, make it the hub upon which the four steps of the Security Wheel are based. The steps are secure, monitor, test, and improve.

Secure
Secure the network by applying the security policy and implementing the following security solutions :

  • Threat Defense
    • Stateful Inspection and packet filtering – Filter network traffic to allow only valid traffic and services.
    • Intrusion Prevention Systems – Inline intrusion detection systems (IDS), which is better termed intrusion prevention systems (IPS), can be deployed at the network and host level to actively stop malicious traffic.
    • Vulnerability patching – Apply fixes or measures to stop the exploitation of known vulnerabilities. This includes turning off services that are not needed on every system. The fewer services that are enabled, the harder it is for hackers to gain access.
  • Secure Connectivity
    • Virtual Private Networks (VPNs) – Hide traffic content to prevent unwanted disclosure to unauthorized or malicious individuals.
  • Trust and Identity
    • Authentication – Give access to authorized users only. One example of this is using one-time passwords.
    • Policy enforcement – Assure users and end devices are in compliance with the corporate policy.

Monitor
Monitoring security involves both active and passive methods of detecting security violations . The most commonly used active method is to audit host-level log files. Most operating systems include auditing functionality. System administrators for every host on the network must turn these on and take the time to check and interpret the log file entries.

Passive methods include using intrusion detection system (IDS) devices to automatically detect intrusion. This method requires only a small number of network security administrators for monitoring. These systems can detect security violations in real time and can be configured to automatically respond before an intruder does any damage.

An added benefit of network monitoring is the verification that the security devices implemented in Step 1 of the Security Wheel have been configured and are working properly.

Test
In the testing phase of the Security Wheel, the security of the network is proactively tested . Specifically, the functionality of the security solutions implemented in Step 1 and the system auditing and intrusion detection methods implemented in Step 2 must be assured. Vulnerability assessment tools such as SATAN, Nessus, or NMAP are useful for periodically testing the network security measures at the network and host level.

Improve
The improvement phase of the Security Wheel involves analyzing the data collected during the monitoring and testing phases, and developing and implementing improvement mechanisms that feed into the security policy and the securing phase in Step 1 . To keep a network as secure as possible, the cycle of the Security Wheel must be continually repeated, because new network vulnerabilities and risks are created every day.

With the information collected from the monitoring and testing phases, intrusion detection systems can be used to implement improvements to the security. The security policy should be adjusted as new security vulnerabilities and risks are discovered.