Securing a large internetwork remains a daunting challenge. Cloud computing and
ID: 3536805 • Letter: S
Question
Securing a large internetwork remains a daunting challenge. Cloud computing and social networks add to this complexity. In two to three (2-3) pages, and using the CISCO SAFE reference architecture, review the modules that afford an organization the foremost protection in evolving technologies and media. Write a two to three (2-3) page paper in which you:- Determine if the SAFE architecture has any limitations.
- Determine if the SAFE architecture has any limitations.
Explanation / Answer
We want to find a program that "fixes" the network security problem. Few of us want to write a paper on network security policies and procedures. However, a well-thought-out security plan will help you decide what needs to be protected, how much you are willing to invest in protecting it, and who will be responsible for carrying out the steps to protect it. 12.1.1 Assessing the Threat The first step toward developing an effective network security plan is to assess the threat that connection presents to your systems. RFC 1244 identifies three distinct types of security threats usually associated with network connectivity: Unauthorized access A break-in by an unauthorized person. Disclosure of information Any problem that causes the disclosure of valuable or sensitive information to people who should not have access to the information. Denial of service Any problem that makes it difficult or impossible for the system to continue to perform productive work. Assess these threats in relation to the number of users who would be affected, as well as to the sensitivity of the information that might be compromised. For some organizations, break-ins are an embarrassment that can undermine the confidence that others have in the organization. Intruders tend to target government and academic organizations that will be embarrassed by the break-in. But for most organizations, unauthorized access is not a major problem unless it involves one of the other threats: disclosure of information or denial of service. Assessing the threat of information disclosuredepends on the type of information that could be compromised. While no system with highly classified information should ever be directly connected to the Internet, systems with other types of sensitive information might be connected without undue hazard. In most cases, files such as personnel and medical records, corporate plans, and credit reports can be adequately protected by standard UNIX file security procedures. However, if the risk of liability in case of disclosure is great, the host may choose not to be connected to the Internet. Denial of service can be a severe problem if it impacts many users or a major mission of your organization. Some systems can be connected to the network with little concern. The benefit of connecting individual workstations and small servers to the Internet generally outweighs the chance of having service interrupted for the individuals and small groups served by these systems. Other systems may be vital to the survival of your organization. The threat of losing the services of a mission-critical system must be evaluated seriously before connecting such a system to the network. In his class on computer security, Brent Chapmanclassifies information security threats into three categories: threats to the secrecy, availability, and integrity of data. Secrecyis the need to prevent the disclosure of sensitive information. Availability means that you want information and information processing resources available when they are needed; a denial-of-service attack disrupts availability. The need for the integrity of information is equally obvious, but its link to computer security is more subtle.