What are the most important security elements? Each of the elements of an effective security system operates in conjunction with the others to ensure that an organization can communicate as efficiently as possible. The MouseOver below is a representation of the most important security elements and of the hierarchy into which these elements are organized.
Guide for Planning future Network Security Projects
How to apply good systems engineering principles to the development of information security systems
Recommendations concerning which standards and guidelines are most useful and that should be used in implementing and achieving required network security
How to implement organizational security policies and how to ensure that they are understood and institutionalized
How to make sure that the organization is prepared for a disaster
How to protect against possible future liability suits
How to plan for expanded, secure, remote access requirements
How to implement wireless security
How to protect against future attacks
How to handle future attacks
How to assess the effectiveness of proposed new security architectures
Through the use of activity logs, you can determine the effectiveness of your security system.
Administrators implement and enforce the security policy, audit user activity, and attempt to spot hackers.
Used for authentication, data confidentiality, data integrity, and non-repudiation, encryption methods are key for securing communications and data transfer.
Following access authentication, the use of valid IDs and passwords, as well as controls on software and protocols, governs what resources a user may access on your network.
Prior to allowing access to any part of your system, the identity of a system or user must take place.
Your security policy is the foundation for establishing an effective security system. Training of personnel is key to ensuring that security procedures are followed.
Combining security methods
When planning security, you will use a combination of
methods and
perimeter devices.
To provide access control and authentication, for instance, a system uses some combination of the methods and perimeter devices shown in the table below.
1)Application logic 2) Operating system permissions
Identification and authentication
Tokens
1) Remote Access Devices 2) Password Policy
The application of internal methods for security such as auditing and the use of screening routers[2] , firewalls, firewall tokens[3] and remote access devices[4] will be discussed in later modules.
[1]Firewall: A security system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.
[2]Screening router: Examines inbound and outbound packets based upon filter rules. Screening router is another term for a packet filter.
[3]Firewall token: A string of information that identifies a specific user as packets pass through the firewall. A token is usually encrypted.
[4]Remote access device: Devices that have access a network from a remote site.