Network and Security Management Chapter 4 Panko and

Failure in the Target Breach Cost Matters Network Quality of Service Qo. S Network

Kill Chain • Ignored Explicit Warnings 資料非法滲出 • Contractor with weak security • Spear

Kill Chain Analysis � For a weapon to succeed, a number of steps must

4. 2 Quality-of-Service (Qo. S) Metrics Qo. S Metrics: Quantitative measures of network performance

Transmission Speed Ø Rated Speed vs Throughput Ø Aggregate Throughput vs Individual Throughput �

Aggregate Throughput vs Individual Throughput � Aggregate versus Rated Throughput on Shared Lines ◦

Rated Speed, Throughput, Aggregate Throughput, and Individual Throughput Individual throughput Aggregate throughput Rated speed

Speed Knowledge Check � You are in a Wi-Fi hot spot with 20 other

CNET News: Steve Jobs' demo fail https: //www. youtube. com/watch? v=znx. QOPFg 2 mo

Other Qo. S Metrics • • Availability Error Rates Latency Jitter PSTN: availability ~=

Jitter • Jitter is variability in latency. • In traditional applications, e. g. e-mail,

4. 5 Service Level Agreements (SLAs) � Service Level Agreements (SLAs) ◦ Contracts that

4. 5 Service Level Agreements (SLAs) � Worst-Case � Qo. S Specification guarantees are

4. 5 Service Level Agreements (SLAs) � Percentage-of-Time � Often Elements in SLAs written

4. 5 Service Level Agreements (SLAs) � Residential guarantees services are rarely sold with

4. 6 Two-Site Traffic Analysis • • Network design is based on speed requirements

4. 7 Three-Site Traffic Analysis There are three sites connected by two links Copyright

4. 7 Three-Site Traffic Analysis Link QR must carry the traffic flowing between Q

4. 7 Three-Site Traffic Analysis Copyright © 2015 Pearson Education, Ltd.

Three-Site Traffic Analysis with Redundancy Each pair of sites is connected Lines only carry

Three-Site Traffic Analysis with Redundancy How can traffic get from Q to R? Copyright

Momentary Traffic Peaks � Normally, network capacity is higher than the traffic. � Sometimes,

Momentary Traffic Peaks � Congestion causes latency because switches and routers must store frames

Overprovisioning - Momentary Traffic Peaks is providing far more capacity than the network normally

Priority - Momentary Traffic Peaks � With priority, latency-intolerant traffic, such as voice, is

Reserved Capacity - Momentary Traffic Peaks � Qo. S guarantees reserved capacity for some

Strategic Security Planning Principles � Security is a management issue, not a technology issue.

Threat Environment You cannot defend yourself unless you know the threat environment you face.

Plan-Protect-Respond Cycle Companies defend themselves with a process called the Plan-Protect-Respond Cycle. Copyright ©

Planning The Plan-Protect-Respond Cycle starts with Planning. We will look at important planning principles.

Protecting Companies spend most of their security effort on the protection phase, in which

Responding Even with great planning and protection, incidents will happen, and a company must

Security Planning Principles � Six Security Planning Principles 1. Risk analysis 2. Comprehensive security

(1) Risk Analysis 4. 11 Risk Analysis � The goal is not to eliminate

4. 12: Risk Analysis Calculation Countermeasure (對策) 對策 Damage per successful attack Annual probability

3. 10 Risk Analysis Calculation Countermeasure Damage per successful attack None A $1, 000

3. 10 Risk Analysis Calculation Countermeasure Damage per successful attack Annual probability of a

3. 10 Risk Analysis Calculation Countermeasure Damage per successful attack None B $1, 000,

(2) Comprehensive Security 4. 13 Comprehensive Security Copyright © 2015 Pearson Education, Ltd.

(3) Defense in Depth 4. 14 Defense in Depth Copyright © 2015 Pearson Education,

(4) Identifying Weakest Links 4. 15 Identifying Weakest Links Copyright © 2015 Pearson Education,

Weakest Link versus Defense in Depth Weakest Link Countermeasures Several One Criterion One must

(5) Protecting Single Points of Takeover Central control is crucial to reducing labor costs

Protecting Single Points of Take-Over Copyright © 2015 Pearson Education, Ltd.

(6) Least Permissions in Access Control Assigning Least Permissions in Access Control � Access

Least Permissions in Access Control � Authentication (Permissions) versus Authorizations ◦ Authentication: Proof of

4. 17 Least Permissions in Access Control � Principle of Least Permissions ◦ Give

Least Permissions in Access Control � Examples of Limited Permissions ◦ Create files but

4. 19 Ping Copyright © 2015 Pearson Education, Ltd.

Copyright © 2015 Pearson Education, Ltd.

4. 20: Simple Network Management Protocol (SNMP) � It is desirable to have network

4. 20: SNMP � Central manager program communicates with each managed device. � Actually,

4. 20: SNMP � The manager sends SNMP commands and gets SNMP responses. �

4. 20: SNMP � Information from agents is stored in the SNMP management information

Configuring SNMP Support https: //www. cisco. com/c/en/us/td/docs/optical/15000 r/dwdm/conf iguration/guide/b_snmp. html Copyright © 2015 Pearson

4. 20: SNMP � Network visualization programs analyze information from the MIB to portray

4. 20: SNMP � SNMP interactions are standardized, but network visualization program functionality is

http: //noc. twaren. net/ http: //mrtg. twaren. net/weathermap/twaren. html

Traditional Device Control in Networking � Firewall Forwarding ◦ How the firewall deals with

Traditional Device Control in Networking Copyright © 2015 Pearson Education, Ltd.

Software-Defined Networking (SDN) Copyright © 2015 Pearson Education, Ltd.

Centralized Firewall Management Copyright © 2015 Pearson Education, Ltd.

Slides: 69

Download presentation

Kill Chain Analysis � For a weapon to succeed, a number of steps must go correctly. � This is called the kill chain � Security attacks also have kill chains � Companies must look for evidence of kill chain patterns and end the chain before the end. Copyright © 2015 Pearson Education, Ltd.

Transmission Speed Ø Rated Speed vs Throughput Ø Aggregate Throughput vs Individual Throughput � Rated Speed ◦ The speed a system should achieve ◦ According to vendor claims or to the standard that defines the technology � Throughput ◦ The data transmission speed a system actually provides to users Copyright © 2015 Pearson Education, Ltd.

Aggregate Throughput vs Individual Throughput � Aggregate versus Rated Throughput on Shared Lines ◦ The aggregate throughput is the total throughput available to all users in part of a network � Individual Throughput ◦ The individual throughput is an individual’s share of the aggregate throughput Copyright © 2015 Pearson Education, Ltd.

Rated Speed, Throughput, Aggregate Throughput, and Individual Throughput Individual throughput Aggregate throughput Rated speed

Speed Knowledge Check � You are in a Wi-Fi hot spot with 20 other people. The access point router is rated as following the 802. 11 ac standard with options providing 300 Mbps. Throughput is about 50%. At a certain moment, you and four others are sending and receiving. What individual throughput are you likely to receive? Copyright © 2015 Pearson Education, Ltd.

Other Qo. S Metrics • • Availability Error Rates Latency Jitter PSTN: availability ~= 99. 999% Public Switched Telephone Network Copyright © 2015 Pearson Education, Ltd. 1 ms = 0. 001 sec 1 s = 10 -6 sec

Jitter • Jitter is variability in latency. • In traditional applications, e. g. e-mail, latency was slightly important, and jitter was not important at all. • Makes voice (Vo. IP), video, and interactive applications seem “jittery”. Copyright © 2015 Pearson Education, Ltd.

4. 5 Service Level Agreements (SLAs) � Service Level Agreements (SLAs) ◦ Contracts that guarantee levels of performance for various Qo. S metrics. ◦ Guarantees for performance ◦ Penalties if the network does not meet its service metrics guarantees Copyright © 2015 Pearson Education, Ltd.

4. 5 Service Level Agreements (SLAs) � Worst-Case � Qo. S Specification guarantees are expressed as worst cases. ◦ Lowest speed (e. g. , no worse than 1 Mbps) ◦ Maximum latency (e. g. , no more than 125 ms) Copyright © 2015 Pearson Education, Ltd.

4. 5 Service Level Agreements (SLAs) � Percentage-of-Time � Often Elements in SLAs written on a percentage basis ◦ No worse than 100 Mbps 99. 5% of the time ◦ Because as the percentage increases, additional engineering raises network costs ◦ 100% compliance would be prohibitively expensive Copyright © 2015 Pearson Education, Ltd.

4. 5 Service Level Agreements (SLAs) � Residential guarantees services are rarely sold with SLA ◦ It would be expensive to engineer the network for high-percentage guarantees for residential customers ◦ This would make prices unacceptable ◦ Businesses require high-percentage guarantees and so are willing to pay higher prices Copyright © 2015 Pearson Education, Ltd.

4. 6 Two-Site Traffic Analysis • • Network design is based on speed requirements These may be different in the two directions Most transmission lines are symmetric in speed In such cases, the higher-speed dictates line speed Copyright © 2015 Pearson Education, Ltd.

Momentary Traffic Peaks � Normally, network capacity is higher than the traffic. � Sometimes, however, there will be momentary traffic peaks above the network’s capacity—usually for a fraction of a second to a few seconds. Copyright © 2015 Pearson Education, Ltd.

Momentary Traffic Peaks � Congestion causes latency because switches and routers must store frames and packets while waiting to send them out again. � Buffers are limited, so some packets may be lost. Copyright © 2015 Pearson Education, Ltd.

Overprovisioning - Momentary Traffic Peaks is providing far more capacity than the network normally needs. � Overprovisioning � This avoids nearly all momentary traffic peaks wasteful of transmission line capacity. Copyright © 2015 Pearson Education, Ltd.

Priority - Momentary Traffic Peaks � With priority, latency-intolerant traffic, such as voice, is given high priority and will go first. � Latency-tolerant traffic, such as e-mail, must wait. � More efficient than overprovisioning; also more labor-intensive. Copyright © 2015 Pearson Education, Ltd.

Reserved Capacity - Momentary Traffic Peaks � Qo. S guarantees reserved capacity for some traffic, so this traffic always gets through. � Other traffic, however, must fight for the remaining capacity. Copyright © 2015 Pearson Education, Ltd.

Protecting Companies spend most of their security effort on the protection phase, in which they apply planned protections on a daily basis. We covered this phase in Chapter 3. Copyright © 2015 Pearson Education, Ltd.

Security Planning Principles � Six Security Planning Principles 1. Risk analysis 2. Comprehensive security 3. Defense in depth 4. Weakest link analysis 5. Single points of takeover 6. Least permissions in access control Copyright © 2015 Pearson Education, Ltd.

(1) Risk Analysis 4. 11 Risk Analysis � The goal is not to eliminate all risk � You would not pay a million dollars for a countermeasure to protect an asset costing ten dollars � You should reduce risk to the degree that it is economically reasonable � You must compare countermeasure benefits with countermeasure costs Copyright © 2015 Pearson Education, Ltd.

4. 12: Risk Analysis Calculation Countermeasure (對策) 對策 Damage per successful attack Annual probability of a successful attack Annual probability of damage Annual cost of countermeasure None A $1, 000 $500, 000 20% $200, 000 $100, 000 $0 $20, 000 Net annual probable outlay $120, 000 Countermeasure A$200, 000 cuts the damage per successful attack in half, Annual value of countermeasure $80, 000 but does not change the annual probability of occurrence. Adopt the countermeasure? Yes Copyright © 2015 Pearson Education, Ltd.

3. 10 Risk Analysis Calculation Countermeasure Damage per successful attack None A $1, 000 $500, 000 Countermeasure A Annual probability of asavings successful Will have a net of $80, 000 20% per year. attack Annual probability of damage Annual cost of countermeasure Net annual probable outlay Annual value of countermeasure Adopt the countermeasure? Copyright © 2015 Pearson Education, Ltd. 20% $200, 000 $100, 000 $0 $20, 000 $200, 000 $120, 000 $80, 000 Yes

3. 10 Risk Analysis Calculation Countermeasure Damage per successful attack Annual probability of a successful attack Annual probability of damage Annual cost of countermeasure None B $1, 000, 000 20% 15% $200, 000 $150, 000 $0 $60, 000 Net annual probable outlay $210, 000 Countermeasure$200, 000 B frequency of occurrence in half, Annual cuts value the of countermeasure -$10, 000 but does not change the damage per occurrence. Adopt the countermeasure? Copyright © 2015 Pearson Education, Ltd. No

3. 10 Risk Analysis Calculation Countermeasure Damage per successful attack None B $1, 000, 000 Annual a successful This probability time, the of countermeasure attack is too 20% expensive. 15% Annual probability of damage $200, 000 $150, 000 $0 $60, 000 $200, 000 $210, 000 Annual cost of countermeasure Net annual probable outlay Annual value of countermeasure Adopt the countermeasure? Copyright © 2015 Pearson Education, Ltd. -$10, 000 No

(6) Least Permissions in Access Control Assigning Least Permissions in Access Control � Access Control ◦ If attackers cannot get access to a resource, they cannot exploit it ◦ Access control is limiting who may have access to each resource ◦ And limiting his or her permissions when using the resource Copyright © 2015 Pearson Education, Ltd.

Least Permissions in Access Control � Authentication (Permissions) versus Authorizations ◦ Authentication: Proof of identity ◦ Authorizations (Permissions): The actions that an authenticated user is allowed to take on the resource. ◦ Just because a user is authenticated does not mean that he or she will be permitted to do everything. Copyright © 2015 Pearson Education, Ltd.

4. 17 Least Permissions in Access Control � Principle of Least Permissions ◦ Give each authenticated user only the minimum permissions he or she needs to do his or her job ◦ Cannot do unauthorized things that will compromise security Copyright © 2015 Pearson Education, Ltd.

Least Permissions in Access Control � Examples of Limited Permissions ◦ Create files but not delete files ◦ Cannot see files above a certain level of sensitivity ◦ Read files but not write (edit) them ◦ See files in own folders but not all folders ◦ Connect to the person’s department server but not to the Finance server ◦ Do certain things but cannot give others permission to do them Copyright © 2015 Pearson Education, Ltd.

4. 20: Simple Network Management Protocol (SNMP) � It is desirable to have network visibility—to know the status of all devices at all times. � Ping can determine if a host or router is reachable. � The simple network management protocol (SNMP) is designed to collect extensive information needed for network visibility. Copyright © 2015 Pearson Education, Ltd.

4. 20: SNMP � Central manager program communicates with each managed device. � Actually, the manager communicates with a network management agent on each device. Copyright © 2015 Pearson Education, Ltd.

4. 20: SNMP � SNMP interactions are standardized, but network visualization program functionality is not, in order not to constrain developers of visualization tools. Copyright © 2015 Pearson Education, Ltd.

http: //noc. twaren. net/ http: //mrtg. twaren. net/weathermap/twaren. html

Traditional Device Control in Networking � Firewall Forwarding ◦ How the firewall deals with incoming packets ◦ What interface (port) to send them out � Firewall Control ◦ Creates the rules for firewall forwarding ◦ In comparison, firewall forwarding is comparatively simple Copyright © 2015 Pearson Education, Ltd.