Network Security Systems Plus (NSSPlus) understands the information system security challenges that organizations face today. Our knowledge of best in-class security solutions enables us to empower organizations to safely deploy information systems by validating security solutions. Information systems today are critical business assets. Not only do they allow the smooth running of business applications but they also enable the seamless delivery of voice, video and data.

As a result of the critical role of information systems in business operations, organizations are concerned with keeping these systems running and applications on-line while protecting one of their most critical assets, their information.

In recent years, not only has the number of network and computer attacks been on the rise, but also the level of complexity and sophistication with which they strike. In order to protect information systems from these threats, a security system must be able to protect against both known and unknown attacks. This calls for an integrated security solution that is both flexible and pervasive, providing collaboration between networking and computing security services to deliver comprehensive coverage across the enterprise. State of the art information systems security solutions are based on defense-in-depth methods designed to provide effective security through a comprehensive layered approach. These systems employ end-to-end coverage and collaboration between security systems across multiple layers of an enterprise.

Defense in Depth Technologies
The defense in depth model is comprised of layers of protection throughout the enterprise. The objective of information systems security is to protect systems against attacks, ensuring information availability, confidentiality and integrity. When organizations design their enterprise security architectures to meet this objective, they must consider a number of factors. Not all networks and their associated applications have the same risks of attacks or possible costs of repairing attack damages. Therefore, organizations must perform cost-benefit analyses to evaluate the potential returns on investment for various network security technologies and components versus the opportunity costs of not implementing those items.

Security Policy
Usually, the primary prerequisite for implementing information system security, and the driver for the security design process, is the security policy. A security policy is a formal statement, supported by an organization's highest levels of management, regarding the rules by which members who have access to any information resource abide. The security policy should address two main issues: the security requirements as driven by the business needs of the organization, and the implementation guidelines regarding the available technology. In addressing these issues, the security policy typically includes several elements. For example, the security policy usually includes an authentication policy that defines the levels of passwords and rights required for each type of user (corporate, remote, dial-in, VPN, administrators, and so forth). Because business requirements and security technologies are always evolving, the security policy should be a living document that is updated regularly (at least once per year).

Security Architecture
Both the network design and the IT security teams should develop the security architecture. It is typically integrated into the existing enterprise network and is dependent on the IT services that are offered through the network infrastructure. The access and security requirements of each IT service should be defined before the network is divided into modules with clearly identified trust levels. Each module can be treated separately and assigned a different security model. The goal is to have layers of security so that a "successful" intruder's access is constrained to a limited part of the network. Just as the bulkhead design in a ship can contain a leak so that the entire ship does not sink, the layered security design limits the damage a security breach has on the health of the entire information system. In addition, the architecture should define common security services to be implemented across the network. Typical services include:

• Password authentication, authorization, and accounting (AAA)
• Confidentiality provided by virtual private networks (VPNs)
• Access (trust model)
• Security monitoring by intrusion detection systems (IDSs)

After the key decisions have been made, the security architecture should be deployed in a phased format, addressing the most critical areas first.

Security Technologies
As noted earlier, network security design requires that organizations determine the level of implementation investment and the total cost of intrusion they can withstand. Then organizations must decide how to allocate their available network security budgets to adequately secure their networks. To ensure the most comprehensive level of protection possible, every information system should include security components that address the following five aspects of network security.

Identity
Identity is the accurate and positive identification of network users, hosts, applications, services and resources. Identity mechanisms are important because they ensure that authorized users gain access to the enterprise computing resources they need, while unauthorized users are denied access.

Perimeter Security
Perimeter security solutions control access to critical network applications, data, and services so that only legitimate users and information can pass through the network. This access control is handled by routers, switches and firewalls inside the network and inside operating systems on servers and desktop computers. Complementary tools, including virus scanners and content filters, also help control network perimeters. Firewalls are generally the first security products that organizations deploy to improve their security postures.

Host and Application Security
In today's computing environment applications and operating systems running on host systems have unique security requirements. Host systems are subject to a number of malicious software attacks commonly referred to as malware. Malware includes viruses, worms, buffer overflows and other software based attacks targeted at applications and their underlying operating systems. Host Intrusion Detection Systems (HIDS) provide functionality to protect against many malware attacks. HIDS delivers this functionality by profiling the normal behavior of a given host system. Activity outside of the normal behavior of the system is detected, prevented and logged appropriately. Unlike anti-virus systems HIDS are not signature based which allow them to respond to day-zero attacks. Day-zero attacks are attacks that are not yet known to an enterprise or attacks that do not have an anti-virus or network intrusion detection system signature available.

HIDS combined with anti-virus software provides a strong defense for host systems from security attacks. In addition to these tools proper configuration of applications and operating systems is also important to deliver effective security to hosts. Although security features and tools may be available in applications and operating systems they must be implemented and configured properly to provide the best results. NSSP's solid understanding of DISA's STIGs allows us to ensure that host systems are configured according to accepted security guidelines.

Secure Connectivity
Companies must protect confidential information from eavesdropping or tampering during transmission. By implementing Virtual Private Networks (VPNs) enterprises can establish private, secure communications across a public network-usually the Internet-and extend their networks to remote offices, mobile users, telecommuters, and extranet partners. Encryption technology ensures that messages traveling across a VPN cannot be intercepted or read by anyone other than the authorized recipient by using advanced mathematical algorithms to "scramble" messages and their attachments.

Security Monitoring
To ensure that their enterprises remain secure, organizations should continuously monitor for attacks and regularly test the state of their security infrastructures. Network vulnerability scanners can proactively identify areas of weakness, and intrusion detection systems can monitor and reactively respond to security events as they occur. Intrusion detection systems and vulnerability scanners provide an additional layer of network security.

While firewalls permit or deny traffic based on source, destination, port, or other criteria, they do not actually analyze traffic for attacks or search the network for existing vulnerabilities. In addition, firewalls typically do not address the internal threat presented by "insiders." Intrusion Detection Systems (IDS) can protect the network perimeter, extranets, and increasingly vulnerable internal networks. These systems use sensors to analyze individual packets to detect suspicious activity. If the data stream in a network exhibits unauthorized activity or a network attack, the sensors can detect the misuse in real time, forward alarms to an administrator, and remove the offender from the network.

Security Policy Management
As networks grow in size and complexity, the requirement for centralized security policy management tools that can administer security elements is paramount. Sophisticated tools that can specify, manage, and audit the state of security policy through browser-based user interfaces enhance the usability and effectiveness of network security solutions. Enterprises today require a centralized, policy-based, security management approach. These systems ensure a comprehensive consistent implementation of security policy. Using these systems organizations can define, distribute, enforce, and audit security policies for a number of devices from one central location.

Information Assurance
Information assurance (IA) is an important pro-active component of an organization's security posture. IA involves the process of certifying and accrediting information systems according to document security guidelines. By making use of information assurance methodologies organizations can ensure the implementation of their security policy meets the policy's stated objectives in addition to the guidelines of certifying authorities.

Property of Network Security Systems Plus (NSSPlus), LLC