• DISCOVER
  • CREATE
IN-FOCUS
CONCEPTS
PROCESS
ROLES
CONTEXT
RATIONALE
HANDS-ON LAB
CHALLENGE
CONTRIBUTING FACTORS
COURSE OF ACTION
Key Concepts:
  • Best practices for network security management and their value to the organization
  • Strategies for integrating network security strategies with firewall defenses and VPN remote access
  • The value of incident response planning, testing, and practice

Network Security,
Firewalls, and VPNs

Network Security Management

Network Security Management
Network Security Management Strategies
Network security management strives to maintain established security standards, adapt the infrastructure to meet future threats, and respond to breaches in a timely manner.

Reflect on answers to the following questions related to network security management strategies. Then, click each question to reveal its answer. After going through the answers, click the ACTIVITY button to attempt a simple activity.
  • What are the common network security management strategies?
  • How do training and security awareness improve network security?
X
Network security management strategies are recommendations, guidelines, or standard operating procedures (SOPs) for obtaining reasonable security within a realistic budget. Network security management strategies are not specific recommendations for products or tools; instead, they are recommendations for philosophies, stances, or concepts to use. Click here to know about network security management strategies.
Training is educational information presented through various mechanisms, clearly defining security policies, their boundaries, and imposed limitations. Training aims at enhancing user accountability, understanding, and acceptance of obligatory security policies. Conducting security awareness sessions helps an organization define, inform, explain, and teach users the principles and importance of security. Every user in an organization has a part to play in upholding company security. Awareness and education may be tailored to job-specific or role-specific content. Policies and procedures are driven by people. Without mechanisms to aid users in secure network use, much of the work put into implementing best practices for network security may become ineffective.
Network Security Assessments
A network security assessment is the analysis, testing, and evaluation of a deployed security solution. Security assessment is an ongoing process of evaluating security so as to continually improve it.

Reflect on answers to the following questions related to network security assessments. Then, click each question to reveal its answer. After going through the answers, click the ACTIVITY button to attempt a simple activity.
  • What are the steps involved in conducting a network security assessment?
  • What is the importance of a security information and event monitoring (SIEM) tool in network security assessment?
A network security assessment is the process of analyzing, testing, and evaluating a deployed security solution. The steps in a network security assessment are as follows:
  • Perform a risk assessment.
  • Conduct a security assessment: Perform configuration scanning, followed by vulnerability scanning and penetration testing.
  • Conduct a post-mortem assessment review.
An SIEM tool allows automation of log and event centralization and analysis. The main purpose of an SIEM tool is to detect incidents, respond to them, and send alerts. An SIEM tool also helps in centralizing, managing, and monitoring logs. Some of the commonly available SIEM tools are Envision, Qradar, Eventia, Security Manager, and nDepth.
Network-Monitoring Tools
Some of the commonly available network-monitoring tools are listed below. Click on each tool to know more about it. After going through the tools, click the ACTIVITY button to attempt a simple activity.
  • Nagios
  • SmokePing
  • GroundWork
  • Ganglia
  • Cacti
  • Ntop
  • WhatsUp Gold
  • Iris
The premier open source network management and monitoring tool that monitors an entire information technology (IT) infrastructure and alerts administrators to problems
A network latency-monitoring and network visualization tool
A highly scalable network management and monitoring tool designed for heterogeneous environments
A tool for monitoring clusters and grid computers
A Web-based network usage- and performance-graphing tool
A UNIX or Linux network-probing tool that shows network usage
A commercial, proactive monitoring and management tool for networks of all sizes that is used to monitor devices, servers, network performance, and more
A network traffic monitoring and analysis tool
Information Security Strategies
An organization is planning the future of its IT infrastructure security by determining proper information security strategies. A number of factors influence the planning of information security strategies.

Reflect on answers to the following questions related to information security strategies. Then, click each question to reveal its answer. After going through the answers, click the ACTIVITY button to attempt a simple activity.
  • What areas should an organization focus on when planning its information security strategy?
  • Why is integration of firewalls and VPNs considered a good information
    security strategy?
When planning information security strategies, an organization should consider security threats, firewall capabilities, encryption, authentication, network and server metrics, industry focus, cloud security, mobile device security, and Internet Protocol v6 (IPv6) support.
For organizations with in-house servers and applications and remote employees, future networking technologies will focus even more on perimeter security and complementary technologies. Proper integration of firewalls and VPNs provides enhanced threat management, authentication, and encryption. It also improves confidentiality, integrity, and availability. Confidentiality is improved by keeping information, networks, and systems secure from unauthorized access. Integrity is improved by enhancing the consistency, accuracy, and validity of data or information. Availability is improved by making resources accessible to a user, application, or computer system, when required.
Incident Response Strategies
An incident response strategy is a planned reaction to negative situations or events. Inevitably, security breaches, or at least attempts to breach security, do occur. When those events affect an organization or its abilities to perform its tasks in any way, incident response is triggered. The goals of incident response are to minimize downtime, minimize loss, and restore the environment to a secured normal state as quickly as possible. The main phases of incident response are listed below. After going through the incident response strategies, click the ACTIVITY button to attempt a simple activity.
Incident response strategies have the following six primary phases:
  • Preparation: Select and train incident response team (IRT) members and allocate resources.
  • Detection: Confirm actual breaches.
  • Containment: Restrain further infection.
  • Eradication: Resolve the problem.
  • Recovery: Return to normal operations.
  • Follow-up: Review the incident and solution to improve future responses.
An incident response plan is an important element of network security management.

In this section, you will have an opportunity to practice the concepts and processes that you have explored in this lesson.

The Hands-On Lab provides you with an engaging learning experience that is diagnostic and flexible. Following the instructions provided in the Lab Manual, you will be able to practice the steps IT Security Specialists perform on a daily basis and develop the skills required for effective execution and management of IT Security operations.

In this section, you will have an opportunity to apply what you’ve learned in this lesson in the context of analyzing a business situation. Although simplified, a problem scenario provided here depicts the challenges often faced by professionals in the workplace.

In this interactive case study, you will explore a business situation, review critical information related to the problem discussed in the case, decide on the course of action, and receive a decision analysis summary that discusses the implications of your decision. Once you analyze the impact of your decision, explore alternative solutions to learn about other potential ways to address the issue in the case. Complete your work on the case by submitting the graded assignment that will reflect on your process of analyzing the business situation and defining an appropriate course of action.

You have been working on the Corporation Techs network project. Your manager now wants to brief you about your next task, which is a continuation of the assignment based on the Corporation Techs scenario.

Click the image of the manager to get his instructions.

After you have gone through the challenge, navigate to Contributing Factors from the panel at the top of your screen.

A firewall breach has occurred on Corporation Techs network. As a member of the IT security team, you should have received an e-mail alert. Please create a postincident follow-up report, in the form of an executive summary format, about the incident for management review. Let me know if you need any support.

Contributing Factors
From where can you gather information on this case? Let's find out by clicking the contributing factors. After you have gone through the contributing factors, navigate to Course of Action from the panel at the top of your screen.

Read E-mail
Review Critical Considerations

Select the icons from the top to receive additional
information related to the situation

Hi,

There was a security breach in our firewall that led to a denial of service (DoS) attack. We immediately notified the Internet service provider (ISP) and second-tier provider of Corporation Techs. The IT security team isolated the incident and took corrective actions. First, we blocked the offending source Internet Protocol (IP) addresses and set a maximum limit for incoming Internet Control Message Protocol (ICMP) traffic. Then, we deployed an intrusion detection system (IDS) to reduce the threat of future attacks.

Regards,
IT Security Team

An executive summary report for a security incident should include the following:

  • A high-level description of the incident and its scope
  • The impact on the organization
  • Actions taken to prevent further occurrence
  • Recommendations for further action

Research the Internet for typical executive summary reports to determine the proper format and level of detail.Click here for a brief example.

Course of Action
Use the following checklist as a guide to complete this assignment. Note that the tasks that you have completed are already checked in the list.

Tasks

  • Review the details of the incident and corrective action taken by the IT security team.
  • Research the Internet for typical executive summary reports.
  • Identify the essential elements in a typical executive summary report.
  • Ensure that the report has a professional look.
  • Ensure that the executive summary report is precise.
  • Submit the final postincident executive summary to the instructor.
At the end of this lesson, you should be able to:
  • Identify network security management strategies for responding when security measures fail.
  • Discuss user training and security awareness.
  • Describe the method of a network security assessment and review network-monitoring tools.
  • Summarize integration of network security, firewalls, and Virtual Private Networks (VPNs) and identify incident response strategies.
In this lesson, you will learn about the best practices for network security management and their value to an organization. You will also learn about strategies for integrating network security with firewall defenses and VPN remote access. In addition, you will analyze the value of incident response planning, testing, and practice.