Network Security - The Road Ahead

Network Security - The Road AheadIntroduzione What is network security? "NetworkSecurity" Monitoring "Network Security" Forensics "Network Security" Compliance HIPAA SOX GLBA Security ConclusioneLa IntroductionNetwork is the next wave that is destined to sweep the softwaremercato. Increase in offshore projects and transfer of informazioniAcross the Wire has added fuel to the burning desire to secure ilrete. As the famous adage goes, the computer is more sicuroQuale was disconnected from the network (which makes quasiinutile). Security retesta becoming more of a necessity. Interestingly, the type of protezionerichiesto between different industries depends on the nature of suobusiness. Offlate some laws and acts have been defined aindividuare security breaches, which is a very good move prevenibilifradulent use / access of information. There are two types of softwareLa for network security, and prevents Which Which makes ilanalisi forensics. The main objective of this article sarebbeI forensics of network security network security network is security.What: the protection of a computer network and its services nonmodifica access, destruction odisclosureNetwork security is a philosophy of self-contradiction where necessarioconsentire full access and to provide protection assoluta.Ogni Sametime enterprise needs to protect itself from two different types of accessoInformazioni / transaction for that matter (eg ftp, http, etc.), internoe external access. Ensuring access to information orisorse from the outside world (WWW) is quite a task master, Chee here that the plant inside firewall Firewalls act as custodians cheseggregate the invasive and non-intrusive and allow requests accesso.Configurazione and management a firewall is in itself a task cheha need experience and knowledge. There are no hard rules and velociper instruct the firewall, the firewall èinstallato depends on where and how the company intends to provide access ainformazioni / resources. Thus, the effectiveness of a firewall dipendequanto good or how bad you are configuring. Please be aware many firewallsono with preconfigured rules, which intend to do the job diassicurare access information from outside sources. In brevefirewall provides information on attacks happenning dallaesterno world.The hardest job is to protect information from sources that interne.Più fixing it, managers need to follow the flow of information, identify possible dicasuatives. Monitoring the flow of information saràtornare useful in case of legal situations. For what seems essereuna information sharing might be against her in the court dilegge. To apply this by looking acts as HIPAA, GLBA, SOX are statiputforth, to ensure that the scam (s) as that of "Enron" nonnon will happen. In short, monitoring and control of information that dàviolazioni information security and possible internal attacks.There abouot are a number of network security attacks / breaches: Virus Attacks Denial of Service Unauthorized Access Confidentiality violations Destruction of Information Handling datiÈ interesting to note that all of this information is available throughout ilimpresa form of log files. But to read attraversoe make sense out of it, will all my life. It's where the "Network Security" monitoring also known as "log" in software monitoraggiopasso They do a belcompito to make sense of the information disseminated through varieLe positions and offer a holistic view of system administrators chesta happening in their network, in terms of safety network. In short, essiraccogliere, compare, analyze and produce reports that help ilamministratore system to monitor the security of the network. "Network Security" MonitoringNo matter how well the defense systems are, you need to have qualcunoper make sense of the enormous amount of data churned out a bordodispositivo as a firewall and system logs. Company records tipiciA 2-3GB/day the second company of the size can vary. Ilobiettivo main forensic software is to pick through the vast amount of information and pull out the events that require attention. The "Safety Net" software play an important role in identifying delegated security breaches that are happenning nellaenterprise.Some TIVO Cause of the main areas to be addressed by any retePer provide security product is a virus attack collective indispositivi different peripheral network. What this offers is perimpresa a holistic view, the attacks that occur throughout ilimpresa. It provides a detailed overview of the width of bandautilizzo, should also provide access based on user reports. Ilprodotto sescurity should disclose violations and abuse of internetaccesso, this will allow the administrator to take appropriate measures necessariepassi. The control board must provide altrealimentari communication devices, such as traffic patterns, knowledge of capacity planning and traffic Livemonitoraggio, which will help the administrator find the network monitoring product causeper congestion.The internal audit has to offer diutenti information, violations of system security and audit trail activities (for example: a distanzaaccesso) Since the majority of the directors ignore requisitiper laatti compliance, it is best to cross that acts apply AMake that their company and the product supports laatti reporting for compliance (see hereto further information compliance) In altoghether must support the storage, planning direlazioni and a complete list of reports. follow the prossimoper more details. "Network Security" The most important necessarioloop Forensics is, when you shortlist a network security product is the first legalecapacitàper store records. This is an important factor when trattagli acts and laws. Thus, the court of law, the original record must essereprodotta as evidence and not the custom format of the vendor. Iluno next looking for is the ability to create alerts, cioècapacità to communicate whenever certain criteria such as happens for example when login attempts tresoccombente mail me stuff, or better if breastfeeding senoc'è to a virus attack in the same host for more than once, comunicame, etc. This will reduce the manual intervention required in moltimantenere the secure network. Furthermore, the possibility of pianificarerelazioni is a great advantage. No need to check the daily reports. A voltaavete done your ground work to set up some basic warnings anda bit 'scheduled reports. It should be a walk since then. Tuttiquello have to do is check the information (reports / ratios) is obtained Intua inbox. We recommend setting up relations based settimanalebase. So it's never too late to react to a potential minaccia.E finally a complete list of reports is a key element of perricerca. Here is a list of reports that might come utiliper any company: Reports to expect from such peripheral devices tested as a firewall: Live Monitoring Report concerning the safety reports Virus reports Attack Traffic Information Protocol usage reports Web usage reports Using e-mail reports FTP usage reports Telnet VPN Usage Reports Reports Inbound / Outbound traffic reports Intranet Internet reports Trend reports rapportiRapporti to expect from such compliance and internal control: (See sub-heading for compliance reporting on compliance) Member of audit reports (successful / unsuccessful attempts login) Change in political control (eg change of privileges, etc.) Password Changes Account Lockout Changes Account IIS user reports DHCP MSI Reports reports (list of products installed / uninstalled) Group Policy changes PRC relations DNS report reports Active DirectoryIl gating factor for choosing a product monitoring is to cross verificareSia devices you have in your network are supported dalfornitore chosen. There are a number of products cheaffrontare this market, you might want to look for "Firewall Analyzer" and "eventlog analyzer" in google. "Network Security" Compliance Most of the areas examined, such as health and finanziariale institutions are responsible for ensuring compliance with HIPAA and acts SOX.Questi acts strictly apply the rules in all aspects dell'impresacompreso physical access of information. (This SectionI focused on the software requirement of documents) There are a belnumero of agencies that offer a service for respect as a business. But it all depends if you want to manage conformitàte or employ a third party vendor to ensure compliance allaacts.HIPAA Compliance: HIPAA defines the standards for security and monitoring system controlloattività. HIPAA mandate analysis of all records, including records of the system operativoe applications including both peripheral devices, such as looking for IDS, comenonché activities of insiders. Here are some of the important relationships chedevono be in place: User Logon report: HIPAA requirements (164 308 (a) (5)-monitoring Log-in/Log-out) clearly state that the user logs alsistema to be recorded and monitored for possible abuse. Remember, questointento is not just to catch hackers but also to document the accessiper medical details by legitimate users. In most cases, the fact that of the access is recorded is sufficient deterrent for illicit purposes; very similar to the presence of a camera in a parking lot. User Logoff report: HIPAA requirements clearly that the utenteaccessi the system to be recorded and monitored for abusi.Ricordate possible, this goal is not just to catch hackers but also to documentaregli access to medical data by legitimate users. In most cases, the very fact that access is recorded deterrent to dannosoattività, very similar to the presence of a camera in a parcheggiolotto. Logon Report: the functionality of security access includes the registrazionetutti login attempts failed . The user name, date and time sonocontenute in this report. Audit log Access report: HIPAA requirements (164 308 (a) (3)-review and monitoring of access logs) requires procedures to review regolarmenteregistrazioni activity survey information system, such as control registers. Security Log Archiving Utility: Periodically, the sistemaamministratore will be able to back up copies of the encrypted data loge restart registri.SOX Compliance: Sarbanes-Oxlet defines the collection, storage and review auditsentiero of log data from all sources in section 404 of its processocontrolli. These records are the basis of internal controls cheFornire companies with the assurance that the financial and commercialeinformazione is neutral and accurate. Here are some of importantirapporti to search: User Logon report: SOX requirements (Sec 302 (a) (4) (C) and (D)-monitoring Log-in/Log-out) clearly state that the user accesses the alsistema be recorded and monitored for possible abuse. Remember, questointento is not just to catch hackers but also to document the accessiper medical details by legitimate users. In most cases, the fact that of the access is recorded is sufficient deterrent for illicit purposes; very similar to the presence of a camera in a parking lot. User Logoff relationship: SOX requirements (Sec 302 (a) (4) (C) and (D) clearly states that the user accesses the system to record emonitorati for possible abuse. Remember, this intent is not only to dicatturare hackers, but also to document the accesses to medical details by legitimate parteutenti. In most cases, the fact siaregistrato that access is sufficient to deter dangerous activities alpresenza much like a surveillance camera in a parking lot. Failure to report security logon feature includes access registrazionetutti failed login attempts. user name, date and sonocontenute hours in this report. Access Audit log reports: SOX requirements (Sec 302 (a) (4) (C) and (D) - review and monitoring of access logs) requires procedures for regolarerivedere records of activities Survey system information, such as control registers. Security Log Archiving Utility: Periodically, the sistemaamministratore will be able to back up copies of the encrypted data loge restart logs. Keep track of account management changes: Significant Changes nellainterno controls sec 302 (a) (6). Changes to the configuration of sicurezzaaggiungere or remove search settings as a user account to a admistrativegruppo. These changes can be monitored through the analysis of event logs. Keep track of policy changes Control: Internal controls sec 302 (a) (5) monitoring of log eventiper any changes in security policy control. Monitor the actions of individual users: Internal controls sec 302 (a) (5) diauditing user activity . Track access applications: internal controls sec 302 (a) (5) the application of monitoraggioprocesso. Trace directory / file access: Internal controls sec 302 (a) (5) for any violation of accesso.GLBA Compliance : The Financial Services Modernization Act (FMA99) was signed into law nelGennaio 1999 (PL 106-102). Commonly referred to as the ilGramm-Leach-Bliley Act or GLBA, Title V of the Act regulates the passiche financial institutions and service companies Financial devonosotto taken to ensure the security and confidentiality of clienteInformazioni. The law states that service companies routinely collected finanziarivengono nonpublic personal information (NPI) daindividui, and inform people when sharing informazioniFuori by the company (or affiliate structure ), and in some cases, when examined using the information in situations not related to a specific operation allapromozione finanziaria.Utente ratio of active: compliance requirements GLBA clearly cheutente accesses the system to be recorded and monitored for possibiliabusi. Remember, this intent not just to catch hackers but also perdocumentare access to medical data by legitimate users. In maggiorcasi, the very fact that access is recorded is deterrent sufficienteper dangerous work, very similar to the presence of a camera sorveglianzain parking. User Logoff report: GLBA requirements utenteaccessi clear that the system be recorded and monitored for possible abusi.Ricordate, this intent is not just to catch hackers but also to documentaregli access to medical data by users legitimate. In most cases, the very fact that access is recorded deterrent to dannosoattività, very similar to the presence of a camera in a parcheggiolotto. Logon Report: the functionality of security access includes the registrazionetutti login attempts failed. user name, date and time sonocontenute in this report. Audit log reports Access: requirements Glab (auditlog review and access) requires procedures to regularly review records disistema shall record information such as research. Log Utility Safety Storage: Periodically, the sistemaamministratore will be able to back up copies of the encrypted data loge registri.Conclusione restart "Network Security" should be done both internally cheesternamente, the task of nailing the problem is a task requires skills and enormeChe help mostly looking for software like EventLog Analyzer (compliance and internal control of the internal machines) and Firewall Analyzer (viruses, attacchimonitoraggio traffic and border [EXTRACT] Network Security - The Way Forward launch what is the safety net "network security" "safety net" forensics "monitoring network? Security is the next wave, which is committed to sweeping the software market. Increase in offshore projects and transfer of information across the network has added to the oil ardent desire to protect the network. As the proverb says, is the most secure computer in which you extracted from the network (making it almost useless). network security is increasingly becoming a necessity. It is interesting to note that the type of Sicherheitbenötigt in various companies is his business out of fashion. Offlate some laws and acts that have been defined to identify security breaches, which is a great step to prevent the use istfradulent end / access to information. There are two types of software Network security using, one that prevents it, and that an analysis funktioniertforensischen. The focus of this article wäredie forensics of network security. What is network security, network security? dieSchutz a computer network and services unerlaubtenModifikation, oderdisclosureNetwork destruction is certainly a philosophy of self-contradiction, where necessary, surrounded absolute access and absolute Sicherheit.Jedes same company must consist of two different access certain information / transaction this matter (for as FTP, HTTP, etc..), internal access and external access secure access to information or resources from the outside world (WWW) is quite a task master, dassist where firewalls Firewalls act as gatekeepers in the Tonhöheseggregate intrusive investigations and not intrusive and allow Zugang.Konfigurieren and maintain a firewall itself is a task that requires experience and knowledge. There are no fixed rules that instruct the firewall, depending on where the firewall is turned on istinstalliert and how the company wants to provide access , the information / resources. This depends on the effectiveness of the firewall jedemwie good or how bad you are configuring. flag with many coming firewall with preconfigured rules that informed the work of the faculty want to ensure access to information from outside sources. information on the firewall you are in Short attacks happenningexterne world.The work harder is to gather information from internal sources as attachments sichern.Mehr, managers must follow the flow of information, umErmittlung casuatives possible. Persecution of the flow of information will be useful in case of legal situations. for what might seem seinein exchange of information to keep you in court are legal. To implement this effect, such as HIPAA, GLBA, SOX gewesenputforth to ensure that the. loop (s) as the "Enron" happen funktioniertnicht In Briefly, the search for control information and are abouot IhnenInformationen vulnerabilities and possible internal attacks.There are a number of network security attacks / breaches: denial of service attacks viruses unauthorized access to confidential destruction of data manipulation violations of interesting information, dieUnternehmen all this information about the form of log files. But to do so until lesenund make sense of it, life is long lasting. There is the "network security" surveillance as a "sign tracking", open-known software is inside a beautiful tunJob make sense of information on different sites of dissemination and to offer system administrators a holistic view, waswird goes into their network, in relation to network security siesammeln In a short time., evaluate and create reports that allow system administrator to keep tabs on network security. "Network Security" MonitoringNo no matter how good your immune system, you need to have someone from the enormous amount of significant data from an edge of agitation, it is the firewall and System Logs. Protocols typical enterprise than 2-3GB/day differently depending on the size of his company. DieHauptziel software forensics is due to the large amount of information and abbauenvon off events that need attention. "Network Security" software plays an important role in identifying derKausativa and security breaches, which should benötigtSicherheit werdenenterprise.Some happenning in the main areas to be addressed by each network a collective product of virus attacks exceeded other peripheral devices on the network. einUnternehmen what this is for a holistic view of attacks that occur on dieUnternehmen. It provides a detailed overview of the use of bandwidth, should also be reports of user access. DieProdukt must sescurity violations and abuses of web access special, this will be the administrator of the measures necessary to allow zuSchritte. The Edge device monitoring product has to offer to other animals such as traffic patterns, insights into the capacity planning and monitoring of live traffic, the administrator must find reasons to help network congestion for the product . The internal control review that provides information to users, system security breaches and audit trail activities (eg, remote access) As most administrators know nothing of dieCompliance Anforderungenfür used, it's best works of reference are überquerenihres companies and ensure that note, the vector product for the reporting of compliance (Please also refer to the details for compliance) In altoghether must support, archiving, scheduling vonBerichte and a complete list of reports. you Please follow the next section for more details "Network Security". forensics, the most important features you need, umAusschau if you have a short list of the product network security forensics dasFähigkeitzur storage of raw data. This is an important factor when it comes to actions and laws. So the judge's record seinproduziert original and not as evidence of custom format of the vendor. Dienächsten one according to the lookout is the ability to generate alarms to notify dieFähigkeit ie, if some of the criteria occurs, for example: if login attempts 3erfolglosen mail me stuff, or better yet, if there is a virus attack on the same host more than once, benachrichtigenmir etc. This reduces the amount of manual intervention, the Network sees fit in safely. Furthermore, the ability to schedule reports a big advantage. not have the reports should be checked daily. EinmalSie have done your basic working some alarms basic undeinige configure scheduled reports. There should be a breeze thereafter. AlleSie need to do is to check the information (reports / ratios) are available inIhrem inbox. You should receive this basic weekly configure message. So it is never too late to a possible threat to reagieren. Und finally a complete list of relations is a vital function for umSuche, Here is a list of reports that are useful könntefür each company. expect reports from onboard devices such as a firewall live security monitoring reports Virus reports traffic reports assault information protocol usage reports web usage report e-mail usage reports FTP usage statistics using Telnet VPN carries news reports on inbound / outbound intranet contains reports on the Internet reports Trend reports of compliance and internal control systems provides : (see Compliance in the direction of reports on compliance) audit reports of users (successful / unsuccessful login attempts) control policy changes (eg change of privileges, etc.), change the password of the Account Lockout Policy to change the relationship of IIS DHCP MSI Reports reports (lists of products installed / uninstalled) changes to the policy group reports RPC DNS Active Directory Reports BerichteDas gating factor for choosing a product tracking through überprüfenob the equipment you have on your network through 'environmental performance provider to choose. There are a number of products, addressing this market is concentrated, it is recommended to "Firewall Analyzer' to suchenund" EventLog Analyzer "should google." Security "Compliance Network Most sectors such as healthcare and financial institutions to be compliant with HIPAA and SOX Acts.Diese actions to enforce stricter standards in all areas of information access Unternehmenseinschließlich physical. (This Abschnittconcetrates relating to the requirement of the software file) There are a number of agencies that provide compliance as a service. for einUnternehmen, but it all depends if you want to manage the meeting or by a third party in order to ensure compliance, dieacts.HIPAA Compliance: HIPAA Security Standard defines the requirements for monitoring and revisions to the HIPAA activities. Analysis commissioned by all protocols, including application protocols OSund including both peripheral devices such as IDS, insider activity wiesowie Here are some of the important relationships that must be in User Logon report:. HIPAA ( 164.308 (a) (5) monitoring -log-in/log-out) clearly shows that the user logs dieSystem recorded and monitored for possible abuse. Remember, this is not simply wanted to capture hackers, but also access to medical information dokumentierenzu. the authorized user, in most cases only the fact that access is recorded is sufficient deterrent for dangerous activities, just as the presence of a surveillance camera in a ratio of parking lot log of the users. make HIPAA clearly that user access to the system recorded and monitored for possible abuse of werden.Denken to take this intent is not only for hackers but also to document dieTatsache demands on medical details by legitimate users. In most cases, is that access is recorded. a sufficient deterrent for böswilligeAktivität, such as the existence of a surveillance camera on a parking demand report. function security access includes Protokollierungalle failed login attempts, the user name, date and time this report sindin access logs contain audit reports. HIPAA requirements (164.308 (a) (3) review and audit access logs) calls, review the procedures on a regular basis, records of activity system information such as audit logs Log Security Storage Utility. encrypted secure at regular intervals, the system administrator to copy the log thepopulation-start compliance Protokolle.SOX. Sarbanes-Oxlet the collection, storage and review of data audit logs, perform all the sources defined by § 404 IT process controls These protocols form the basis of internal controls that provide companies with certainty. that the financial policies and management of information is factually accurate, and here are looking for some of the important relationships: User Access Report: SOX requirements (§ 302 (a) (4) (C) and (D) -log-in/log-out monitoring) clearly show is that the user accesses recorded for monitored dieSystem abuse. Remember, this intent is not only to capture hackers, but also about access to medical details dokumentierenzu by legitimate users. In most cases only the fact that access is recorded is deterrent enough for dangerous activities, just as the presence of a surveillance camera in a ratio of parking lot log of the users. SOX requirements (§ 302 (a) (4) (C) and (D) clear that the user requests to be undüberwacht included in the system for possible abuse. Remember, this is not intended to capture zuHacker only, but also to document accesses to medical details, users indemlegitimen. In most cases, the very fact that access is istaufgezeichnet sufficient deterrent for dangerous activities, dieAnwesenheit much like a surveillance camera in a parking lot. Login failed to report safety features includes the credentials Protokollierungalle failed login attempts. the user name, date and time of this report included sindin. audit log reports Access: SOX requirements (§ 302 (a) (4) (C) and (D) - Review and audit access logs) calls the procedure regularly audit records of information system activity such as audit logs Log Utility Storage Security: Periodically, the system administrator. ability to provide copies of the encrypted log thepopulation start tracking logs changes to account management .. Significant changes in derinternen control sec 302 (a) (6) changes in the settings security configuration such as adding or removing a user account. a admistrativeGruppe These changes can be traced through the analysis of event log monitoring changes of the control criteria Internal controls sec 302 (a) (5) , pursuing policy changes Ereignisprotokollefür safety control Follow the individual actions of the user ..: internal controls sec 302 (a) (5) for monitoring activity monitoring user access to applications. internal controls sec 302 (in ) (5), method of application monitoring Follow the directory / file access. internal controls sec 302 (a) (5) for each Zugriffsverletzung.GLBA Compliance: The Financial Services Modernization Act (FMA99) entered into force inJanuar 1999 (PL 106-102) Commonly referred to as program-Leach-Bliley Act or GLBA, Title V of the Act governs. measures that financial institutions and financial service providers would have to disregard obligations for the security and confidentiality to ensure afford customer information. The law says that the accumulated financial services companies that have routinely nonpublic personal information (NPI) and share vonEinzelpersonen these individuals to exchange information, with the exception of half of the company (or affiliate structure) and in some cases , when using such information in situations that are not associated with a specific report on the financial support of access will Transaktion.User GLBA compliance requirements shows that user-entered on the system and monitored for possible abuse. Remember, this is not going to start hacking only, but also requests aufdokumentieren to medical details by legitimate users. In most cases, the fact that access is logged genugfür deterrent damaging activities, similar to the presence of a Überwachungskameraauf a parking lot. Logoff relationship: requirements GLBA say show that access of users to the system and monitored for possible abuse of werden.Denken to take this intent is not only for hackers but also to document the demands on medical data by legitimate users. In most cases, dieTatsache that access is recorded is deterrent enough for böswilligeAktivität, such as the existence of a surveillance camera in a failure to report parking lot access. function security access includes Protokollierungalle failed login attempts, user name, and date. sindin time this Report contain audit log reports in Access. requirements Glab (revision and control of access logs) calls, review the procedures periodically to vonInformationssystem record activities such as audit logs Log Security Storage Utility. throughout Security at regular intervals, the system administrator encrypted copies of thepopulation Protokolle.Fazit log start "Network Security" will be both internally and externally must be done is the task of nailing the problem requires a Aufgabewas enormous know-how and, above all, EventLog Analyzer software as (compliance and internal monitoring of internal machines) and Firewall Analyzer (viruses, attacks helfenund border traffic monitoring