network security aaron munoz, jason mcmillan, jesson gil, kris hester
DESCRIPTION
Why is this helpful to you? Effects on the bottom line Understanding how to properly fund network security Protecting intellectual property that provides competitive advantage. Proprietary designs and plans, Google's search algorithm, customer dataTRANSCRIPT
Network SecurityAARON MUNOZ, JASON MCMILLAN, JESSON GIL, KRIS HESTER
Why is this topic important to the modern organization?
Lack of network security can impact the bottom line.Target data breach - $105M in net losses
Data breaches have contributed to the closing of businesses.Nortel Networks
Federal legislationHIPAA, FERPA, CALEA
Cost-Benefit AnalysisTarget breach was 6.4% of 2014's net loss of $1,636M
Why is this helpful to you?
Effects on the bottom lineUnderstanding how to properly fund network securityProtecting intellectual property that provides competitive
advantage.Proprietary designs and plans, Google's search
algorithm, customer data
The CIA FrameworkConfidentialit
y
IntegrityAvailability
Confidentiality: What is it and why does it matter?
What is it? Confidentiality refers to limiting information access and disclosure to
authorized users -- "the right people" -- and preventing access by or disclosure to unauthorized ones -- "the wrong people.“
Why does it matter? Protects sensitive/proprietary data Allows companies to do business over diverse geographic areas Industries previously limited by network security can be made more
efficient by the use of technology Provides consumers a sense of security when shopping online
Confidentiality: Current limitations
Simple/common/re-used passwords Phishing attacks & unsophisticated users Inexpensive super computing Encryption is a double-edged sword Developer knowledge is not ensured Political “hot-button” issue Who controls user data (bio-data)
Confidentiality: Overcoming the limitations
Two-factor authentication Bio-authentication “Always on” encryption Political reform Distributed user data storage (non-
centralized)
Integrity: What is it and why does it matter?
What is it?u Definition: Information is not tampered or transmitted in a different condition than its original form that the user had originally intended
Why does it matter?u Provides untampered informationu Allows users access to firm informationu Provides consistent information to make strategic decisions u Makes sure information does not accidentally get exposed
Integrity: Current Limitations
Disaster Recovery Hardware and software failure Amount of data that’s transmitted into the
network without loss of transmission Network Intrusions Trojans, worms, or internal breaches Network Administrator Control
Integrity: Overcoming the limitations
Limit & Update User Privileges Firewalls Employee Industry Seminars Employee Education Better Encryption: SSL Authentication Updating infrastructure
Availability: What is it and why does it matter?
Availability- Ensuring that IT systems are available for business use Preventing Denial of Service Attacks (DDOS) Disaster Recovery Business Continuity
Most enterprises are aiming to achieve five nines (99.999%) network availability
Why is it important? Harms employee productivity and delays IT projects A 2014 Avaya survey found that 80% percent of downtime from core
network outages resulted in revenue loss On average the price tag was $140,000 per incident 1/3 reported that issues with the network caused trouble for supply
chain management
Availability: Current Limitations Cisco Systems recently estimated that the so-called
Internet of Things could encompass 50 billion connected devices by 2020
Hacker, attacker, or intruders - seek to exploit weaknesses in software and computer systems for their own gain
Malicious code - Malicious code, sometimes called malware, includes any code that could be used to attack your computer
Bugs can exist even in security appliances: Example: Google researchers found a software flaw in
several of FireEye's security appliances that they say could give a cyber attacker full access to a company's network
Availability: Overcoming the limitations
GoalsPrevent Service OutagesQuickly analyze service issues and
determine the root causeAchieve fast Mean Time to Resolution
(MTTR)
How to overcome Network Availability Issues? (cont.)
7 Keys to Strong Network Availability Avoid the domino effect - be aware of devices and
dependencies Real time alerts and historical dashboards Automatic fix of known problems End-to-end integrated monitoring Speed to production Integrated system from proven industry leader User Education (IT personnel and end user)
Questions?
Bibliography
Rouse, Margaret. "What Is Integrity?" 01 Sept. 2005. Web. 23 Jan. 2016. <http://searchdatacenter.techtarget.com/definition/integrity>.
"Network Integrity Security Overview." Oracle Communicates Network Integrity Security Guide Release 7.1. Oracle, 01 Jan. 2012. Web. 23 Jan. 2016.
“Confidentiality, Integrity and Availability (CIA).” School of Medicine University of Miami. http://it.med.miami.edu/x904.xml
Gridelli, Stefano. “How to calculate network availability?” NetBeez. 30 September 2015. Web. 23 January 2016. <https://netbeez.net/2014/09/30/how-to-calculate-network-availability/>
Bibliography (cont.)
“Optimizing Network Performance and Availability.” Intermapper. 3 December 2015. Web. 23 January 2016. http://www.helpsystems.com/intermapper/resources/articles/optimizing-network-performance
Kirk, Jeremy. “Google researchers uncover a remote execution bug in FireEye appliances.” Computerworld. 15 December 2015. Web. 23 January 2016 http://www.computerworld.com/article/3015693/security/google-researchers-uncover-a-remote-execution-bug-in-fireeye-appliances.html
McDowell, Mindi and Allen Householder. “Why is Cyber Security a Problem.” US-CERT. 6 February 2013. Web. 23 January 2016. <https://www.us-cert.gov/ncas/tips/ST04-001>
Bibliography (cont.)
Zack, Andrea. “Ixia Network Visibility Solution Troubleshoots Availability Problems.” Business Wire. 15 May 2014. Web. 23 January 2016. http://www.businesswire.com/news/home/20140515005442/en/Ixia-Network-Visibility-Solution-Troubleshoots-Availability-Problems
“Escape the Dark Ages of Poor Network Performance and Low Availability.” IPswitchblog. 18 February 2015. Web. 23 January 2016. <http://www.ipswitch.com/blog/escape-the-dark-ages-of-poor-network-performance-and-low-availability/>