Network Security Assessment

http://www.cta.com/content/docs/N
et_Ass.pdf

1 IT352 | Network Security |Najwa AlGhamdi

 Introduction
• There are certain characteristics that the network should possess:
1. Security Policy.
– Networks should have an associated defined security policy that
specifies information security requirement (e.g., confidentiality,
integrity, availability, auditing, access control, etc.) as well as what
users may and may not do on the network (e.g., what constitutes
unauthorized and illegal activities).
2. Network Management.
– Networks should be able to control access to and detect
modifications of critical components. Networks must maintain
control over their configuration (e.g., hardware, software, security,
etc.) and connectivity.
 Introduction
• There are certain characteristics that the network should possess:
1. Identification and Authentication.
– Networks should provide and manage identification and
authentication functions.
2. Resources Management.
– Networks should provide and manage confidentiality, integrity,
access control, and availability of network resources.
3. Account Management.
– Networks should provide and manage security-related features of
network accounts (e.g., user).
• Network security assessment is identifying network
vulnerabilities that an active hostile human threat might
exploit.
 Network security assessment process
• Network security assessment processes includes
1. Identifying and reporting network security
weaknesses.
2. Providing the client information about the
weakness,
3. Assisting in identifying measures to eliminate or
mitigate the vulnerability, and
4. Validating that the vulnerability is eliminated or
mitigated.

4 IT352 | Network Security |Najwa AlGhamdi

Network Security Assessment modules
• network security assessment is a snapshot of a
network at a point in time or it may be a
continuous process.
• Network security Assessment modules
• Module1 – Data Collection and Network
Identification.
• Module 2 - Technical Security Assessment
• Module 3 - Site Assessment
• Module 4 - Network Security Assessment and
Findings.

5 IT352 | Network Security |Najwa AlGhamdi

 Module1 – Data Collection and Network
Identification.
•Aim to collect initial information about the network and
exchange information with the client.
•In this Module
1. discuss the four overall assessment modules with the
client.
2. discuss the risks (if any) the enterprise is assuming by
conducting the assessment, what we have done to
minimize risks, and any expected impacts on network
operation.
 Module1 – Data Collection and Network
Identification.
Objectives
•Our job in this step is to identify and confirm
Network components and services
connectivity to the network (e.g., routers, modems, etc.)
who is gaining access to critical sub-networks, and any
unauthorized network services (e.g., employees running
their own web sites).
 Module1 – Data Collection and
Network Identification.
• Process
1. Client orientation
• Meet with client’s staff (network administrators, network security
administrator, functional area MIS managers) for a pre-assessment
briefing and discussion.
• Determine client’s main security concerns.
• Determine if the client has a security policy, and if so, how is that
policy enforced.
• Determine client’s most critical systems or information, where it is
located, and who has access to these systems and/or information.
• Determine client’s expectations from the assessment.
• Distribute data collection sheets.

8 IT352 | Network Security |Najwa AlGhamdi

 Module1 – Data Collection and
Network Identification.
• Process
2. Collect and analyze data.
• Collect security and network information from client staff
interviews, either through site visits or via templates
accessible through our secure website, and through
available documentation such as network diagrams,
security policy (if one exists), and functional descriptions of
data/applications.
• Determine the system/network architecture (physical and
logical configuration) and the network connectivity (e.g.,
router, modems, etc.)
• Collect IP addresses and subnet masks for the networks
that will be part of the assessment..

9 IT352 | Network Security |Najwa AlGhamdi

 Module1 – Data Collection and
Network Identification.
• Process
3. Conduct initial probes and scan component services..
• Collect security and network information from client staff
interviews, either through site visits or via templates
accessible through our secure website, and through
available documentation such as network diagrams,
security policy (if one exists), and functional descriptions of
data/applications.
• Determine the system/network architecture (physical and
logical configuration) and the network connectivity (e.g.,
router, modems, etc.)
• Collect IP addresses and subnet masks for the networks
that will be part of the assessment..

10 IT352 | Network Security |Najwa AlGhamdi

 SNM Module1 – Data Collection and
Network Identification
4. Conduct initial probes and scan component services.
5. Identify network users. To help identify users we may
install network-monitoring devices on critical subnets.
Here are trying to determine who is accessing the
network. Are there hostile or suspicious sites accessing
or attempting to access the network?
6. Review and analyze the data collected and prepare the
Network Survey Report.
7.Prepare a tailored, detailed technical security assessment
plan with the customer.

11 IT352 | Network Security |Najwa AlGhamdi

 Module1 – Data Collection and
Network Identification
• Deliverables
• Survey Report
– Lists Network users and suspicious users- subnet and host
IP addresses
– Verifies known connectivity and lists unknown network
connections that we have found.
– Lists host running unauthorized services.
– Lists critical network components and subnets
• Detailed Technical Assessment Plan
– Tailors the approach
– Provides the assessment schedule
– Describes the boundaries of the network assessment

12 IT352 | Network Security |Najwa AlGhamdi

 Module2 - Technical Security
Assessment
• The technical assessment of network
components is the heart of the Network
Security Assessment.
• During the technical assessment, in-depth
searches is conducted for security weaknesses
in network components.
• The objective of this step is to identify and
report technical vulnerabilities.

13 IT352 | Network Security |Najwa AlGhamdi

 Module2 - Technical Security
Assessment
• Process
1. Select components to assess. In some cases the client wants to limit the
assessment or focus on critical components.
2. Run vulnerability detection tools against subnets and the critical
components.
3. Run policy enforcement assessments of components
– Policy enforcement assessments detect internal policy violations and vulnerabilities that
vulnerability detection scans don't detect
– Normally these violations are related to component configuration errors. For example, a
policy requiring that user passwords should be a minimum of eight characters is not
supported by a system configured to accept three character passwords
4. Review tool generated reports and run supplemental procedures to
detect vulnerabilities that the tool does not detect.
5. Produce and provide overall Technical Assessment and supplemental
reports to client
14 IT352 | Network Security |Najwa AlGhamdi
 Module2 - Technical Security
Assessment
• Deliverables
• Technical Vulnerability
Assessment and reports
generated by assessment tools.
• The report describes
vulnerabilities and how to
address them.
• External assessment :
concentrates on assessing the
security of perimeter
components of network
segments.
• Internal assessment : focuses on
system configurations and
security policies
15 IT352 | Network Security |Najwa AlGhamdi
16 IT352 | Network Security |Najwa AlGhamdi
17 IT352 | Network Security |Najwa AlGhamdi
 Module 3 - Site Assessment

• The objective of this step is to identify and report

site level environmental and operational
vulnerabilities.
• Process
1. Arrange site visit with the client and perform an
initial site data collection. Tailor checklists and
procedures for the client's environment.
2. Conduct assessment and prepare draft findings.
3. Debrief site personnel.
4. Analyze results and complete final report
 Module 3 - Site Assessment

• Deliverables
• a Site Assessment
Report that lists
vulnerabilities and
recommendations on
how to address them.
 Module 3 - Site Assessment

20 IT352 | Network Security |Najwa AlGhamdi

 Module 4 - Network Security Assessment and
Findings.
• The objective of this step is to provide a view of the
network's security recommendations to mitigate and
minimize risks.
• Process
1. Review assessment results from site assessments and
technical assessments.
2. Determine major findings and generate a summary
briefing of major findings (good and bad)
3. Generate a list of recommendations (further analyses,
actions they should take, etc.) and supporting rationale
4. Protect the report and findings as agreed upon with client
 Module 4 - Network Security Assessment and
Findings.

• The deliverables are

a. Network Security
Assessment Report.
b. Network Security
Assessment Briefing.