Docstoc

Security Architecture Roadmap Tool

Document Sample
Security Architecture Roadmap Tool Powered By Docstoc
					                                                                                                                                                   Next Tab




Secure Network Design and Roadmap Tool
This tool evaluates security requirements for organizations and presents the optimal network designs and
implementation roadmaps that will meet the orgainzations' needs.

Instructions:
1) On the "Business Requirements Questionnaire" tab, answer all of the questions in the questionnaire. Use the drop
down menus to select appropriate responses.
2) The "Ideal Network Design Diagram" tab displays your ideal network diagram and explanation. Go to this tab after you
answer the questionnaire completely.
3) On the "Roadmap Input" tab. answer all of the questions in the questionnaire. Use the drop down menus to select
appropriate responses.Complete the questionnaire and review the suggested roadmap on the "Roadmap" tab.
4) The "Implementation Roadmap" tab displays the current status of all security tools in the organization. For the tools
that are required by the organizatiob but not yet implemented, it presents an ideal implementation roadmap, specifically
designed for your organization.


Info-Tech Research Group tools and template documents are provided for the free and unrestricted use of subscribers to Info-Tech Research
Group services. These documents are intended to supply general information only, not specific professional or personal advice, and are not
intended to be used as a substitute for any kind of professional advice. Use this document either in whole or in part as a basis and guide for
document creation. To customize this document with corporate marks and titles, simply replace the Info-Tech Information in the Header and Footer
fields of this document.
Business Requirements Questionnaire                                                                                 Prev. Tab   Next Tab



Please complete the questionnaire below as accurately as possible. Select your responses below from the
drop down menus.
Thank you for completing the security questionnaire. Please go to the Results Tab to review your ideal
network diagram.


                                                                                                      Please Select a
                                            Questions
                                                                                                         Response

1. Classify your organization’s risk tolerance level. Note that a low tolerance means the
enterprise is more concerned about security and that a high tolerance means the enterprise is              Low
less concerned about security.

2. Indicate whether the organization stores, processes or otherwise makes use of information
that could be classed as sensitive. Examples include intellectual property, personal identification        Yes
information, third-party financial records, etc.

3. Indicate whether the organization has a significant number of remote users that rarely
connect to the network directly and/or if third-parties are allowed access to internal network             Yes
resources (not resources located on the DMZ).

4. Indicate whether the organization is required to provide outbound connectivity to the Internet
                                                                                                           Yes
or other third party networks on a 24/7 basis.


5. Indicate whether the organization is required to provide inbound connectivity from the Internet
                                                                                                           Yes
or other third party networks on a 24/7 basis.
Ideal Network Design                                                                                                Prev. Tab   Next Tab



Based on the security questionnaire, here is the optimal network design for your organization's particular requirements.




Overall, your organization requires a high level of security protection. Protect endpoints with anti-malware software and
consider the use of strong authentication as well as encryption on laptops and sensitive servers. Provide network gateways
that have firewall, anti-malware, content filtering and intrusion detection and prevention capabilities. Provide internal
gateways that have firewall and intrusion detection and prevention capabilities. You categorized your business as an online
business, so dual routers are recommended to mitigate website and network downtime. Since your organization needs to
be available 24/7, dual firewalls should be implemented to maximize up-time. Organizations having a low tolerance for risk,
storing sensitive data, such as yours, will find that a tiered segmented network structure is required. Since your
organization has a medium tolerance for risk and stores sensitive data, internal gateways are recommended. Data
Leakage Protection is recommended to protect the sensitive data your organization houses from loss or theft. As your
organization has a significant number of remote users, VPN should be implemented to ensure that these employees have
adequate access to the company's internal network. Also, Network Access Control should be implemented to protect static
endpoints on the network given your organization's significant number of remote or external users. Your organization
houses sensitive data; it is therefore essential that Intrusion Detection and Prevention (IDP) tools are used to prevent
unauthorized or malicious parties access to this data.Encryption is required in your organizaiton due to the presence of
sensitive data.Advanced monitoring and reporting systems are required in your organization, a Management System
should therefore be used. This will allow the organization to properly track, monitor and maintain all security
systems.Content Filtering is necessary in your organization as it has a low tolerance for risk. Content Filtering will ensure
that no unauthorized websites or other material are viewed from company endpoints.
Roadmap Input Page

Please complete the questionnaire below as accurately as possible. Select your responses belo
drop down menus.

Thank you for completing the roadmap questionnaire. Please go to the Roadmap Tab to
review your suggested tool implementation roadmap.

1. Please rank the following in terms of importance to your organization:



Meeting compliance requirements
Providing the highest level of security possible
Keeping costs low

2. Select which of the following tools are already in use in your organization:

                                     Tool
Firewall
Endpoint Anti-Virus/Malware
Gateway Anti-Virus/Malware
Basic Segmented Network
Dual Firewalls
Dual Internet Connections
Network Access Control and VPN
Intrusion Detection and Prevention
Content Filtering
Data Leakage Protection
Endpoint Encryption
Enhanced Authentication
Tiered Segmented Network
Internal Firewalls
Management System
                                 Prev. Tab   Next Tab



sible. Select your responses below from the


go to the Roadmap Tab to



anization:

               Importance
                     2
             1- Most important
             3-Least important

r organization:
             Implemented/ Not
               Implemented
                    No
                    No
                    No
                    No
                    No
                    No
                    No
                    No
                    No
                    No
                    No
                    No
                    No
                    No
                    No
Implementation Roadmap Document                                                                                Prev. Tab




Current Tool Implementation Status

The tools that should be in use in your organization to ensure the highest level of security are as follows:

             Tool                Actual Status

Firewall                       Not Implemented

Endpoint Anti-Virus/Malware    Not Implemented

Gateway Anti-Virus/Malware     Not Implemented

Basic Segmented Network        Not Implemented

Dual Firewalls                 Not Implemented

Dual Internet Connections      Not Implemented
Network Access Control and
                               Not Implemented
VPN
Intrusion Detection and
                               Not Implemented
Prevention
Content Filtering              Not Implemented

Data Leakage Protection        Not Implemented

Endpoint Encryption            Not Implemented

Enhanced Authentication       Not Implemented

Tiered Segmented Network      Not Implemented

Internal Firewalls            Not Implemented

Management System             Not Implemented
Tool Implementation Roadmap

   Step 1
            Tool name:   Firewall
              Purpose:   Firewalls are a baseline security protection mechanism required by all organizations, regardless of their size of perceived
                         threats. Firewalls regulate the inbound and, in some cases, the outbound flow of traffic.



        How it works:    Firewalls evaluate whether traffic can be allowed to enter the network based on comparison to in-place rules. Creating a detailed
                         and specific ruleset that specifies what constitues appropriate traffic is they key to good firewall functionality.



                Cost:    Low to Moderate
                Time:    Low
                Skill:   Low


   Step 2
            Tool name:   Endpoint Anti-Virus/Malware
              Purpose:   Endpoint Anti-Virus/Malware is one of the most basic security technologies that an enterprise can deploy. The primary function
                         of this solution is to detect and block malware as it is received at the endpoint and thereby reduce the spread of threats.



        How it works:    Endpoint Anti-Virus/Malware is software that is installed directly on to endpoints such as servers and workstations. It scans the
                         files and applications for signatures that match known threats, quarantining or deleting them when discovered.



                Cost:    Low
                Time:    Low
                Skill:   Low


   Step 3
            Tool name:   Gateway Anti-Virus/Malware
              Purpose:   Gateway Anti-Virus/Malware is another one of the most basic security technologies that an enterprise can deploy. The primary
                         function of this solution is to detect and block malware as it attempts to enter the enterprise network. The solution can also be
                         configured to scan outbound traffic for malware threats which can limit distribution and eliminate the reputation hit associated
                         with spreading security threats.
        How it works:    Gateway Anti-Virus/malware is either integrated into gateway firewalls or deployed as separate device depending on the needs
                         of the organization. It scans incoming files and applications for signatures that match known threats, quarantining or deleting
                         them when discovered.

                Cost:    Low
                Time:    Low
                Skill:   Low


   Step 4
            Tool name:   Basic Segmented Network
              Purpose:   Basic network segmentation is the first step in network architecture complexity for those migrating from flat networks. At a
                         minimum, basic network segmentation should separate users from the servers. This allows servers to be protected at a higher
                         level without security tools having to be deployed across the entire network.

        How it works:    Uses configurational rules within network infrastructure to create virtual network segments that have different IP address ranges
                         from one another. For traffic to pass between these segments they must traverse the switch where security rules can be applied.



                Cost:    Low to Moderate
                Time:    Low to Moderate
                Skill:   Low to Moderate


   Step 5
            Tool name:   Dual Firewalls
              Purpose:   Firewalls are a baseline security protection mechanism required by all organizations, regardless of their size of perceived
                         threats. Firewalls aregulate the inbound, and in some cases, the outbound flow of traffic. Organizations that need access to
                         external networks all the time will need dual firewalls to ensure sufficient resiliency.

        How it works:    Firewalls evaluate whether traffic can be allowed to enter the network based on comparison to in-place rules. Creating a detailed
                         and specific ruleset that specifies what constitues appropriate traffic is they key to good firewall functionality. Dual firewalls
                         require some form of load-balancing or redundancy response configuring between them to ensure seamless transfer of
                         operations should one fail.
                Cost:    Low to Moderate
                Time:    Low
                Skill:   Low
Step 6
          Tool name:   Dual Internet Connections
            Purpose:   Dual Internet connections are essential for online businesses; those needing to provide access to their website 24/7. Providing
                       dual connections ensures a far greater uptime potential to ensure that clients that are looking for the enterprise's website are
                       always able to find it.

     How it works:     Dual Internet connections require dual front-end routers. Each connection should be fully capabale of handling all of the
                       enterprise's network traffic if one fails. If one router fails, the other will take over all of the functions seamlessly, preventing
                       downtime or latency. Specialized networking will be required to ensure appropriate distribution of traffic in this structure.

              Cost:    Moderate
              Time:    Low to Moderate
              Skill:   Moderate


Step 7
          Tool name:   Network Access Control and VPN
            Purpose:   Network Access Control (NAC) and Virtual Private Networks (VPN) help protect organizations from threats that might be
                       leverage by allowing inbound connections to internal networks by privileged devices (such as remote laptops). VPN allows
                       remote user to connect to the network while preventing session hijacking and sniffing type attacks. NAC ensures that remote
                       devices meet the security requirements of the network and are not injecting threats that bypass gateway controls.
     How it works:     NAC uses signature based scanning to determine the security configuration of a device that is attempting to connect to the
                       network. Where the configuration does not meet standards, devices can be quarantined for remediation. VPN creates encrypted
                       point-to-point communications channels through which remote users connect to internal network resources..

              Cost:    Low to Moderate
              Time:    Low to Moderate
              Skill:   Moderate to High


Step 8
          Tool name:   Intrusion Detection and Prevention
            Purpose:   Intrusion Detection and Prevention is a network alarm system. The solution monitors traffic for anomalous behaviour and
                       intrusion/attacks signatures and can issue alerts, or take independent corrective action in response. Generally configured to
                       monitor inbound traffic only, the solution can also monitor two-way traffic flow making it useful sometimes for the protection of
                       sensitive internal network segments.
     How it works:     IDP reviews all inbound traffic looking for threat signatures. As the system "learns" what constitutes appropriate network traffic, it
                       can also detect anomalous traffic patterns. Sensors can either issue alerts to administrative staff for manual intervention or can
                       initiate automated responses such as the termination of communications and the writing of new traffic shaping rules.

              Cost:    Moderate to High
              Time:    Moderate to High
              Skill:   Moderate to High


Step 9
          Tool name:   Content Filtering
            Purpose:   Content filtering helps businesses avoid legal issues such as potential sexual harassment lawsuits and copyright infringements
                       by blocking unauthorized inbound web content (websites, web applications, file sharing sites, etc.) from being accessed.
                       Secondarily, these tools block access to websites that may host malware and other threats, directly improving security.

     How it works:     Content filtering restricts the type of information, data, and code that can enter the organization via the Internet. Administrators
                       are able to specify what sites users are allowed to visit, what types of content they are permitted to view, and at what times they
                       are allowed to do so.

              Cost:    Low to Moderate
              Time:    Moderate
              Skill:   Moderate


Step 10
          Tool name:   Data Leakage Protection
            Purpose:   Data Leakage Protection is a security solution designed to monitor for and block the outbound distribution of sensitive data.
                       These solutions work best for protecting against the accidental loss of information and are especially valuable for organizations
                       that house confidential or otherwise sensitive data.

     How it works:     Analyzes files in transit for disallowed data by looking for keywords and data patterns and then enforces policy-based
                       restrictions. DLP solutions can scan all outbound messages as well as printer outputs and saves to removable media looking for
                       data that matches the set pattern. Any time the pattern is noted, the transmission can be quarantined or disallowed and alerts
                       issued to both users and administrators.
              Cost:    Moderate
              Time:    Moderate
              Skill:   Moderate
Step 11
          Tool name:   Endpoint Encryption
            Purpose:   Encryption is a "last line of defence" type security solution and is designed to ensure that even if systems are illicity or
                       inappropriately accessed, any information they house will not be subject to loss. Encryption is typically most often applied to
                       systems and media that can be easily accessed (laptops, backup tapes) or stores of particularly sensitive data (databases).

     How it works:     Encryption protects data by making it unreadable through the application of a complex mathematical alogorithm. Without the
                       appropriate key, the algorithm cannot be reversed and the data cannot be converted into a usable form.



              Cost:    Moderate
              Time:    Moderate to High
              Skill:   Moderate


Step 12
          Tool name:   Enhanced Authentication
            Purpose:   Enhanced Authentication is necessary when passwords are not sufficient to protect an organization's systems and is used to
                       establish a greater level of confidence that authenticating users are who they claim to be.



     How it works:     Multiple formats for enhanced authentication exist but all supplement the first factor of authentication (something you know -
                       typically a password) with either a second factor authenticator (something you have, such as a token or smartcard) or a third
                       factor authenticator (something you are or biometrics). Supplying two different types of authenticator is harder to do illicitly.

              Cost:    Moderate to High
              Time:    Moderate to High
              Skill:   Moderate to High


Step 13
          Tool name:   Tiered Segmented Network
            Purpose:   Tiered network segmentation takes basic network segmentation one step further, increasing the granularity with which the
                       network is divided. Tiered segmented networks increase security by providing better isolation of resources that host sensitive
                       data and/or processes.

     How it works:     Uses configurational rules within network infrastructure to create virtual network segments that have different IP address ranges
                       from one another. For traffic to pass between these segments they must traverse the switch where security rules can be applied.
                       For higher levels of security, segments can be hosted by additional hardware allowing for the deployment of inline security
                       protection tools such as internal firewalls.
              Cost:    Low to Moderate
              Time:    Low to Moderate
              Skill:   Moderate


Step 14
          Tool name:   Internal Firewalls
            Purpose:   Internal firewalls work in exactly the same manner as gateway firewalls except that they are used to filter internal network traffic
                       only. They are generally deployed to protect particularly sensitive network segments.



     How it works:     Firewalls evaluate whether traffic can be allowed to enter the network segment based on comparison to in-place rules. Creating
                       a detailed and specific ruleset that specifies what constitues appropriate traffic is they key to good firewall functionality.



              Cost:    Low to Moderate
              Time:    Low
              Skill:   Low to Moderate


Step 15
          Tool name:   Management System
            Purpose:   A number of different types of Security Management systems exist including Security Information Management (SIM), Identity &
                       Access Management (IAM) and Governance, regulation & Compliance (GRC) software. Collectively these tools offer heightened
                       monitoring and response capabilities into user and system activity and can also block inappropriate actions in some cases.

     How it works:     Management systems consolidate the reporting, notification and maintenance functions of all of the security tools within the
                       organization and provide one interface to control them. Generally these can be from a security vendor or from a third party
                       provider.

              Cost:    High
              Time:    High
              Skill:   High

				
DOCUMENT INFO
Categories:
Tags:
Stats:
views:4
posted:3/8/2012
language:
pages:10