Network Security Model


Five main security groups that should be taken into consideration when creating an enterprise-wide security strategy. These security groups comprise the perimeter security, network, transaction and monitoring security . These are all crucial elements of any business’s security plan. The term “perimeter” refers to a system that includes every device and circuit that connects to both private and public networks. Every server, data and other devices utilized in the company’s operations comprise the network inside. The demilitarized zone (DMZ), is the space that exists that lies between the internal network, and the outer perimeter comprised of firewalls as well as other servers that are public. It permits access to servers on the network for certain external users, but blocks access to internal servers.  It doesn’t mean that every external user won’t have access to the internal networks. A good security plan will define who is able to access what information and from where. Telecommuters, for instance are likely to make use of VPN concentrators to connect to Unix as well as Windows servers. Business partners may also make use of Extranet VPN connections to connect to the company’s S/390 Mainframe. To safeguard company data and applications, establish the security standards for each server. Determine the protocols for transactions that are necessary to safeguard data when it moves through secured and non-secure network segments. As a defensive and proactive strategy to defend against internal and external attacks, monitoring procedures must be implemented that track the flow of data in real time. Recent research has revealed that hackers are more frequent than internal attacks perpetrated by angry employees and consultants. It is crucial to consider the issue of virus detection since allowed sessions could be infected with viruses at their application layer through e-mail or file transfer, as well as other methods.

Security Policy Document

The security policy document provides the various policies that are applicable to all employees using the network of the enterprise. It defines the rights of employees to use what resources. The policy is also applicable to non-employees like clients, business partners consultants, clients, and fired employees. Security guidelines for Internet email and virus detection are specified. It is the basis for determining what cyclical procedure that is utilized to analyze and enhance security

Perimeter Security

This is the initial security issue that users need to address before they are able to authenticate on the network. This is to protect traffic that comes via the outside network. The perimeter of networks is secured by a variety of elements. This review looks at all perimeter devices that are currently being used. Modems, firewalls, routers, TACACS servers and RADIUS servers are just a few examples of devices that are considered to be perimeter.

Network Security

This covers the server and old host security that is used to authenticate and authorize both internal as well as external employees. After a user has been authenticated through security perimeters, security needs to be taken care of prior to them being able to start any application. The network can be used to transfer data between workstations and applications that are network-based. When a shared server is in place the network applications are developed. It could be an operating system such as Windows, Unix, Mainframe MVS or Unix. Operating systems are responsible for keeping data in storage and responding to requests for information, and ensuring security. Once a user is authenticated to an Windows ADS domain using a specific user account, they will be granted access rights. These rights allow the user to access directories on several servers, run programs and control a portion or all of the Windows server. The Windows Active Directory Services distributed is the sole server users can access once they authenticate. This gives enormous management benefits and also availability. Each account is controlled from a single view, and copies of security databases are maintained on different servers across the network. Unix and Mainframe hosts might require login to a specific host. However, rights to network are distributed to several hosts.

* Domain authentication and authorization to the Network Operating System

* Windows Active Directory Services authentication and authorization

* Unix and Mainframe host authentication. Authorization

* Application authorization per server

* Authorization for data and file

Transaction Security

The security of transactions is constantly evolving. Every session is secured by five major actions. They are authenticity, confidentiality, integrity and non-repudiation, as well as virus detection. Transparency security ensures that session information can be securely transmitted across the enterprise or on the Internet. This is essential when working on the Internet because data could be misused with no authorization. E-Commerce utilizes industry standards such as SET and SSL. These protocols define the set of protocols that provide security, confidentiality, and non-repudiation. To safeguard transactions using virus detection, it is utilized to identify viruses in files prior to their transfer internally to users or transferred via the Internet. Below are the industry-standard transaction security protocols.

Non-Repudiation – RSA Digital Signatures

Integrity — MD5 Route authentication

Authentication – Digital Certificates

Confidentiality – Confidentiality – IPSec/IKE/3DES

Virus Detection Antivirus Software McAfee/Norton Antivirus Software

Monitoring Security

Security strategies must be monitoring network traffic to detect suspicious events, security weaknesses and threats. This analysis will reveal the methods and the applications that are being utilized. Here’s an overview of the most common monitoring options. To monitor traffic that is arriving at your perimeter intrusion detection sensors could be utilized to monitor it. IBM Internet Security Scanner can be used to determine the level of the vulnerability of your business. Syslog server messaging is an Unix application that records security events to an audit log file it is utilized in numerous businesses. Audit trails are essential to record network changes and finding security issues. Large corporations that utilize many dial lines that are analog for modems typically utilize dial scanners to detect open lines that might be used to gain access. Security of facilities involves accessing servers and equipment that store mission-critical information with badge access. Access control systems for badges keep track of the exact time that each employee entered and left the room for telecom. Sometimes, cameras record the specific tasks that were carried out.

Intrusion Prevention Sensors

Cisco offers intrusion prevention devices (IPS), to corporate customers, with the aim of improving the security of their network. The Cisco IPS 4200 Series utilizes sensors at strategic places to safeguard routers, switches and servers from hacker. IPS sensors are able to detect network activity in real-time or inline, and then compare the packets against signatures that have been pre-determined. The sensor will inform you when it observes suspicious activity and will remove the packet. The IPS sensor can be found inline IPS or IDS, which means that the traffic is not routed through the device, or as a hybrid device. Most sensors in the data center network are in an IPS mode. This mode is characterized by active security features that stop attacks from happening immediately after they occur. IOS intrusion prevention software is available to be bought with routers in the present.

Vulnerability Assessment Testing

IBM Internet Security Scanner is an vulnerability scanner specifically targeted towards enterprise customers. It is able to evaluate vulnerabilities in networks from an external and internal view. Agents are utilized to check different network devices and servers for security flaws or weaknesses. It also includes network discovery as well as data analysis and collection, and also reports. The data comes from routers, switches, servers, firewalls , as also workstations, operating systems networks, network services, and servers. Non-destructive testing is utilized to identify vulnerabilities and provide recommendations to fix the issues. The scanner comes with a report feature that lets you communicate the results to your employees of your company.

Syslog Server Messaging

Syslog Syslog, an Unix application that monitors Cisco IOS’s devices and provides reports on any errors, is accessible. Syslog messages are created by the majority of routers and switches. The messages are then delivered to an Unix workstation that is designated to review. There are tools available to view log files and transmit Syslog messages between Unix and Windows NMS when the Network Management Console is running on Windows.