ANÁLISIS DEL PRETEST APLICADO A LOS EDUCANDOS

So, you've outlined your security requirements, derived a security policy, refined elements of policy, separated them into human security and automated policy, created an acceptable use policy, read it to the end-users, and applied the security settings required by policy for all of your systems.

Now you're done, right? Wrong. Now you start over.

Security administration is a perpetual cycle because new threats appear all the time. Every time you integrate a new device into your network, you need to consider its security ramifications and update your security policy. In short, you're never done.

The Security Cycle

Security administration is work that must be continually performed to keep a system as free from the loss or compromise of company data as is practicable. As a security administrator, it is your job to determine which security measures need to be taken and if those security measures have been properly executed. Although the task is daunting, it can be broken down into discreet steps that can be methodically executed. The cycle of security administration is as follows:

• Identify potential vulnerabilities.

• Evaluate vulnerabilities to determine how they can be effectively nullified.

• Determine which of the identified countermeasures you can effectively employ against the vulnerabilities.

• Employ countermeasures.

• Test countermeasures for effectiveness by simulating an attack.

• Monitor server logs and firewalls for evidence of security breaches.

• Investigate any indications of a breach to determine the breach progression and identify new potential vulnerabilities.

• Study public security sources for news of newly discovered security vulnerabilities.

• Repeat the cycle of security administration.

The cyclical nature of security cannot be stressed enough. Unlike a vault, which is static through time and suffers from only a few well-known vulnerabilities, computer networks are not static-they change constantly. Every new addition, be it software or hardware, must be evaluated in the context of security to determine if it will add a new vulnerability to the system. The methods used by hackers to gain access to a system must be continually

researched, and system software must be updated as new security fixes are released. Network security is like walking against a treadmill-you have to keep moving just to stay in place because as time goes by, new vectors of attack will be discovered and your network will become less secure without any changes at all on your part.

Review Questions

1. What is the purpose of a security policy?

2. What is the first step in developing a security policy?

3. Why is it important to automate security policies as much as possible? 4. Why is an appropriate use policy important?

5. How often should users be required to change their passwords?

6. What is the minimum length of a password that could be considered to be 'strong' in the context of today's computing power?

7. Why is the inconvenient policy of enforcing a password lockout after a few incorrect attempts important?

8. Why are execution environments dangerous? 9. Which is more secure: ActiveX or Java?

10. Why doesn't a digital signature mean that an ActiveX control is secure? Answers

1. A security policy describes security rules for your computer systems and defends against all known threats.

2. The first step in establishing a security policy is to establish functional requirements, features, and security requirements.

3. Automated security policies avoid the weakness of having to be enforced by humans. 4. An appropriate use policy allows users to understand their security responsibilities. 5. Users should not be required to change passwords often; rather, they should select

extremely strong passwords which can be relied upon for much longer periods of time than simple passwords.

6. 8 characters should be the minimum length of a password in today's environment.

7. Enforcing password lockout after failed attempts prevents automated password guessing. 8. Execution environments are dangerous because they can be exploited to propagate viruses

and Trojan horses.

9. Java is limited to a sandbox environment, which while not perfect, is far more secure than the unlimited ActiveX execution environment.

10. Digital signatures are only a means of verification; They do not perform any security function beyond attesting that content has not been modified and that it originates from a known source.

323Terms to Know

• ActiveX

• application

• appropriate use policy

• attachment • content signing • execution environment • firewall • group policies • Java • lessons learned • macro • password • permissions • policy • requirements • sandbox • system

Chapter 5: Border Security

Overview

Where does your network stop, and the Internet begin? That's like asking where one country stops and another starts. The line between them is merely a subjective boundary where one set of rules start and another set of rules stop. But like the border between China and Russia, where one country is built out and densely populated right to the edge, while the other is

nothing but forest for hundreds of miles, the place where the force of these two sets of

networking rules meet delineates a dramatic change in character of the networking landscape. Firewalls, also called border gateways, are routers whose purpose is to give administrators fine-grain control over which traffic is passed to and from the Internet and which is rejected. Modern firewalls also perform on-the-fly modification of streams, authentication, and tunneling in order to further eliminate threats from the Internet.

firewall

A gateway that connects a private network to a public network and enforces a security policy by allowing only those connections that match the device's security settings.

border gateway A firewall. tunneling

The process of encapsulating packets within IP packets for the purpose of transporting the interior packets through many public intermediate systems. When reassembled at the remote end, the interior packets will appear to have transited only one router on the private networks. Firewalls are the foundation of border security. The strength of your border security is equal to the strength of your firewalls and their proper configuration. Firewall security is by far the most important aspect of Internet security.