Network SecurityAARON MUNOZ, JASON MCMILLAN, JESSON GIL, KRIS HESTER

Why is this topic important to the modern organization?

Lack of network security can impact the bottom line.Target data breach - $105M in net losses

Data breaches have contributed to the closing of businesses.Nortel Networks

Federal legislationHIPAA, FERPA, CALEA

Cost-Benefit AnalysisTarget breach was 6.4% of 2014's net loss of $1,636M

Why is this helpful to you?

Effects on the bottom lineUnderstanding how to properly fund network securityProtecting intellectual property that provides competitive

advantage.Proprietary designs and plans, Google's search

algorithm, customer data

The CIA FrameworkConfidentialit

y

IntegrityAvailability

Confidentiality: What is it and why does it matter?

What is it? Confidentiality refers to limiting information access and disclosure to

authorized users -- "the right people" -- and preventing access by or disclosure to unauthorized ones -- "the wrong people.“

Why does it matter? Protects sensitive/proprietary data Allows companies to do business over diverse geographic areas Industries previously limited by network security can be made more

efficient by the use of technology Provides consumers a sense of security when shopping online

Confidentiality: Current limitations

Simple/common/re-used passwords Phishing attacks & unsophisticated users Inexpensive super computing Encryption is a double-edged sword Developer knowledge is not ensured Political “hot-button” issue Who controls user data (bio-data)

Confidentiality: Overcoming the limitations

Two-factor authentication Bio-authentication “Always on” encryption Political reform Distributed user data storage (non-

centralized)

Integrity: What is it and why does it matter?

What is it?u Definition: Information is not tampered or transmitted in a different condition than its original form that the user had originally intended

Why does it matter?u Provides untampered informationu Allows users access to firm informationu Provides consistent information to make strategic decisions u Makes sure information does not accidentally get exposed

Integrity: Current Limitations

Disaster Recovery Hardware and software failure Amount of data that’s transmitted into the

network without loss of transmission Network Intrusions Trojans, worms, or internal breaches Network Administrator Control

Integrity: Overcoming the limitations

Limit & Update User Privileges Firewalls Employee Industry Seminars Employee Education Better Encryption: SSL Authentication Updating infrastructure

Availability: What is it and why does it matter?

Availability- Ensuring that IT systems are available for business use Preventing Denial of Service Attacks (DDOS) Disaster Recovery Business Continuity

Most enterprises are aiming to achieve five nines (99.999%) network availability

Why is it important? Harms employee productivity and delays IT projects A 2014 Avaya survey found that 80% percent of downtime from core

network outages resulted in revenue loss On average the price tag was $140,000 per incident 1/3 reported that issues with the network caused trouble for supply

chain management

Availability: Current Limitations Cisco Systems recently estimated that the so-called

Internet of Things could encompass 50 billion connected devices by 2020

Hacker, attacker, or intruders - seek to exploit weaknesses in software and computer systems for their own gain

Malicious code - Malicious code, sometimes called malware, includes any code that could be used to attack your computer

Bugs can exist even in security appliances: Example: Google researchers found a software flaw in

several of FireEye's security appliances that they say could give a cyber attacker full access to a company's network

Availability: Overcoming the limitations

GoalsPrevent Service OutagesQuickly analyze service issues and

determine the root causeAchieve fast Mean Time to Resolution

(MTTR)

How to overcome Network Availability Issues? (cont.)

7 Keys to Strong Network Availability Avoid the domino effect - be aware of devices and

dependencies Real time alerts and historical dashboards Automatic fix of known problems End-to-end integrated monitoring Speed to production Integrated system from proven industry leader User Education (IT personnel and end user)

Questions?

Bibliography

Rouse, Margaret. "What Is Integrity?" 01 Sept. 2005. Web. 23 Jan. 2016. <http://searchdatacenter.techtarget.com/definition/integrity>.

"Network Integrity Security Overview." Oracle Communicates Network Integrity Security Guide Release 7.1. Oracle, 01 Jan. 2012. Web. 23 Jan. 2016.

“Confidentiality, Integrity and Availability (CIA).” School of Medicine University of Miami. http://it.med.miami.edu/x904.xml

Gridelli, Stefano. “How to calculate network availability?” NetBeez. 30 September 2015. Web. 23 January 2016. <https://netbeez.net/2014/09/30/how-to-calculate-network-availability/>

Bibliography (cont.)

“Optimizing Network Performance and Availability.” Intermapper. 3 December 2015. Web. 23 January 2016. http://www.helpsystems.com/intermapper/resources/articles/optimizing-network-performance

Kirk, Jeremy. “Google researchers uncover a remote execution bug in FireEye appliances.” Computerworld. 15 December 2015. Web. 23 January 2016 http://www.computerworld.com/article/3015693/security/google-researchers-uncover-a-remote-execution-bug-in-fireeye-appliances.html

McDowell, Mindi and Allen Householder.  “Why is Cyber Security a Problem.” US-CERT. 6 February 2013. Web. 23 January 2016. <https://www.us-cert.gov/ncas/tips/ST04-001>

Bibliography (cont.)

Zack, Andrea. “Ixia Network Visibility Solution Troubleshoots Availability Problems.” Business Wire. 15 May 2014. Web. 23 January 2016. http://www.businesswire.com/news/home/20140515005442/en/Ixia-Network-Visibility-Solution-Troubleshoots-Availability-Problems

“Escape the Dark Ages of Poor Network Performance and Low Availability.” IPswitchblog. 18 February 2015. Web. 23 January 2016. <http://www.ipswitch.com/blog/escape-the-dark-ages-of-poor-network-performance-and-low-availability/>