2.1 Security Topologies 10655y
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report 2z6p3t
Overview 5o1f4z
& View 2.1 Security Topologies as PDF for free.
More details 6z3438
- Words: 585
- Pages: 16
Security Topologies Widyawan
Security Topologies
Defines the network design and implementation from a security perspective Unlike network topology, we are more concerned with access method, security and technology used Cover four main area
Design Goals Security Zone Technologies Business Requirement
Design goal
Confidentiality: prevent unauthorised disclosure of information Integrity: prevent unauthorised modification of information Availability: prevent unauthorised withholding of information or resources Others, e.g: ability: make system able for change and detect and investigate intrusions
Security Zones
Describe design method that isolate systems from other systems or network Key aspect of creating and deg security zones
Internet Intranet Extranet
Private Connection VPN
DMZ
Technologies
VLAN
NAT
Networks are grouped logically instead of physically Allow presenting a single address for all computer connection Can be achieved by router or NAT server
Tunneling
Ability to create a virtual dedicated connection between two systems or network
Business Requirements
Business requirements of security environments
Asset Identification Risk assessment/ analysis Threat Identification Vulnerabilities
Asset Identification
The process in which a company attempts to place a value on the information and systems in place In some cases, it may be as simple as counting systems and software license The more difficult is to assign value on information You would not assign the same value for the recipe of coca cola with your mothers recipe
Risk Assessment
From highly scientific formula-based methods to conversation wit the owner An attempt to identify the costs of replacing stolen data or systems, cost of downtime and virtually any other factor Then evaluate the like hood that certain types and outcome will occur Have any single person is planned for September 11 attack
Threat Identification
Implementing a security policy requires that we evaluate the risk of both internal and external threats Internal threats
Theft Financial abuse and embezzlements Sabotage Espionage
External threats
Natural disaster Burglar Attacker
Vulnerabilities
Operating System Vulnerabilities T/IP vulnerabilities
Primarily experimental and used by schools and governmental agencies for research Very robust in error handling It is by its nature unsecured Many modern attack occur through T/IP
Case Studies: Initial Risk Assessment
Estimate potential losses—Single Loss Expectance = Asset Value x Exposure Factor. Conduct a threat analysis—The goal here is to estimate the Annual Rate of Occurrence (ARO). This numeric value represents how many times the event is expected to happen in one year.
Determine Annual Loss Expectancy (ALE), ALE = Single Loss Expectancy (SLE) x Annualized Rate of Occurrence (ARO).
Exposure Value
ARO
Once a year, ARO = 1 Once in 10 year = 0.1
JTETI: Initial Risk Assessment Items
Asset Value
Threat
Exposure Factor
ARO
Annual Loss Expectancy
Server Farm
50M
Hardware Failure
0.25
0.5
6.25M
Web Server
10M
DoS
0.25
0.2
0.5M
Computer System
2B
Short-term 0.05 Outage
10
500M 506.75M
Quizz
What is the security goal? Explain with examples Explain this term below
VPN, NAT, DMZ
Mega Bank open a branch office in Yogyakarta and has appoint you as their security consultant. If it wants to connect to headquarters in Jakarta what kind of security zone would you suggest and explain why? Give examples of initial risk assessment of any company of your choice
Security Topologies
Defines the network design and implementation from a security perspective Unlike network topology, we are more concerned with access method, security and technology used Cover four main area
Design Goals Security Zone Technologies Business Requirement
Design goal
Confidentiality: prevent unauthorised disclosure of information Integrity: prevent unauthorised modification of information Availability: prevent unauthorised withholding of information or resources Others, e.g: ability: make system able for change and detect and investigate intrusions
Security Zones
Describe design method that isolate systems from other systems or network Key aspect of creating and deg security zones
Internet Intranet Extranet
Private Connection VPN
DMZ
Technologies
VLAN
NAT
Networks are grouped logically instead of physically Allow presenting a single address for all computer connection Can be achieved by router or NAT server
Tunneling
Ability to create a virtual dedicated connection between two systems or network
Business Requirements
Business requirements of security environments
Asset Identification Risk assessment/ analysis Threat Identification Vulnerabilities
Asset Identification
The process in which a company attempts to place a value on the information and systems in place In some cases, it may be as simple as counting systems and software license The more difficult is to assign value on information You would not assign the same value for the recipe of coca cola with your mothers recipe
Risk Assessment
From highly scientific formula-based methods to conversation wit the owner An attempt to identify the costs of replacing stolen data or systems, cost of downtime and virtually any other factor Then evaluate the like hood that certain types and outcome will occur Have any single person is planned for September 11 attack
Threat Identification
Implementing a security policy requires that we evaluate the risk of both internal and external threats Internal threats
Theft Financial abuse and embezzlements Sabotage Espionage
External threats
Natural disaster Burglar Attacker
Vulnerabilities
Operating System Vulnerabilities T/IP vulnerabilities
Primarily experimental and used by schools and governmental agencies for research Very robust in error handling It is by its nature unsecured Many modern attack occur through T/IP
Case Studies: Initial Risk Assessment
Estimate potential losses—Single Loss Expectance = Asset Value x Exposure Factor. Conduct a threat analysis—The goal here is to estimate the Annual Rate of Occurrence (ARO). This numeric value represents how many times the event is expected to happen in one year.
Determine Annual Loss Expectancy (ALE), ALE = Single Loss Expectancy (SLE) x Annualized Rate of Occurrence (ARO).
Exposure Value
ARO
Once a year, ARO = 1 Once in 10 year = 0.1
JTETI: Initial Risk Assessment Items
Asset Value
Threat
Exposure Factor
ARO
Annual Loss Expectancy
Server Farm
50M
Hardware Failure
0.25
0.5
6.25M
Web Server
10M
DoS
0.25
0.2
0.5M
Computer System
2B
Short-term 0.05 Outage
10
500M 506.75M
Quizz
What is the security goal? Explain with examples Explain this term below
VPN, NAT, DMZ
Mega Bank open a branch office in Yogyakarta and has appoint you as their security consultant. If it wants to connect to headquarters in Jakarta what kind of security zone would you suggest and explain why? Give examples of initial risk assessment of any company of your choice
Related Documents c2h70
Network Security Topologies (1) 4b136t
December 2019 33
2.1 Security Topologies 10655y
April 2022 0
Ceh Module 21: Physical Security 6g6r1e
July 2020 0
Food Security Ppt 21-30 6f91b
August 2021 0
Dwdm Topologies 3x2k7
December 2019 44
Power Topologies 6g6a17
July 2022 0More Documents from "Hari Laksono" 12g4p
2.1 Security Topologies 10655y
April 2022 0
Ten Steps Beating 6j6t9
December 2019 67
Intercultural Relations.ppt r2i56
March 2021 0
Akreditasi 2017 z6w55
April 2020 37
Jamesglen.com.au Thread Types 13s44
February 2022 0