Cisco Cisco IPS 4255 Sensor 백서
security attacks and the punitive actions that will be taken should a security attack be detected.
Lastly, create an administrator acceptable use statement to explain the procedures for user account
administration, policy enforcement, and privilege review. If your company has specific policies concerning
user passwords or subsequent handling of data, clearly present those policies as well. Check the policy against
the partner acceptable use and the user acceptable use policy statements to ensure uniformity. Make sure that
administrator requirements listed in the acceptable use policy are reflected in training plans and performance
evaluations.
administration, policy enforcement, and privilege review. If your company has specific policies concerning
user passwords or subsequent handling of data, clearly present those policies as well. Check the policy against
the partner acceptable use and the user acceptable use policy statements to ensure uniformity. Make sure that
administrator requirements listed in the acceptable use policy are reflected in training plans and performance
evaluations.
Conduct a Risk Analysis
A risk analysis should identify the risks to your network, network resources, and data. This doesn't mean you
should identify every possible entry point to the network, nor every possible means of attack. The intent of a
risk analysis is to identify portions of your network, assign a threat rating to each portion, and apply an
appropriate level of security. This helps maintain a workable balance between security and required network
access.
should identify every possible entry point to the network, nor every possible means of attack. The intent of a
risk analysis is to identify portions of your network, assign a threat rating to each portion, and apply an
appropriate level of security. This helps maintain a workable balance between security and required network
access.
Assign each network resource one of the following three risk levels:
Low Risk Systems or data that if compromised (data viewed by unauthorized personnel, data
corrupted, or data lost) would not disrupt the business or cause legal or financial ramifications. The
targeted system or data can be easily restored and does not permit further access of other systems.
corrupted, or data lost) would not disrupt the business or cause legal or financial ramifications. The
targeted system or data can be easily restored and does not permit further access of other systems.
•
Medium Risk Systems or data that if compromised (data viewed by unauthorized personnel, data
corrupted, or data lost) would cause a moderate disruption in the business, minor legal or financial
ramifications, or provide further access to other systems. The targeted system or data requires a
moderate effort to restore or the restoration process is disruptive to the system.
corrupted, or data lost) would cause a moderate disruption in the business, minor legal or financial
ramifications, or provide further access to other systems. The targeted system or data requires a
moderate effort to restore or the restoration process is disruptive to the system.
•
High Risk Systems or data that if compromised (data viewed by unauthorized personnel, data
corrupted, or data lost) would cause an extreme disruption in the business, cause major legal or
financial ramifications, or threaten the health and safety of a person. The targeted system or data
requires significant effort to restore or the restoration process is disruptive to the business or other
systems.
corrupted, or data lost) would cause an extreme disruption in the business, cause major legal or
financial ramifications, or threaten the health and safety of a person. The targeted system or data
requires significant effort to restore or the restoration process is disruptive to the business or other
systems.
•
Assign a risk level to each of the following: core network devices, distribution network devices, access
network devices, network monitoring devices (SNMP monitors and RMON probes), network security devices
(RADIUS and TACACS), e−mail systems, network file servers, network print servers, network application
servers (DNS and DHCP), data application servers (Oracle or other standalone applications), desktop
computers, and other devices (standalone print servers and network fax machines).
network devices, network monitoring devices (SNMP monitors and RMON probes), network security devices
(RADIUS and TACACS), e−mail systems, network file servers, network print servers, network application
servers (DNS and DHCP), data application servers (Oracle or other standalone applications), desktop
computers, and other devices (standalone print servers and network fax machines).
Network equipment such as switches, routers, DNS servers, and DHCP servers can allow further access into
the network, and are therefore either medium or high risk devices. It is also possible that corruption of this
equipment could cause the network itself to collapse. Such a failure can be extremely disruptive to the
business.
the network, and are therefore either medium or high risk devices. It is also possible that corruption of this
equipment could cause the network itself to collapse. Such a failure can be extremely disruptive to the
business.
Once you've assigned a risk level, it's necessary to identify the types of users of that system. The five most
common types of users are:
common types of users are:
Administrators Internal users responsible for network resources.
•
Privileged Internal users with a need for greater access.
•
Users Internal users with general access.
•
Partners External users with a need to access some resources.
•
Others External users or customers.
•
The identification of the risk level and the type of access required of each network system forms the basis of
the following security matrix. The security matrix provides a quick reference for each system and a starting
the following security matrix. The security matrix provides a quick reference for each system and a starting