CCSP SelfStudy CCSP CSI: Exam Certification Guide, Second Edition [Electronic resources] نسخه متنی

Foundation Summary

The "Foundation Summary" section of each chapter lists the most important facts from the chapter. Although this section does not list every fact from the chapter that will be on your CSI exam, a well-prepared CSI candidate should at a minimum know all the details in each "Foundation Summary" section before taking the exam.

The heart of SAFE is the inclusion of security throughout the network and within the end systems themselves. To that end, the original SAFE Enterprise document used several design objectives to meet that criteria. This is SAFE's design philosophy.

The embodiment of this design philosophy can be summed up in the six design objectives SAFE is based upon

• Security and attack mitigation based on policy

• Security implementation throughout the infrastructure

• Secure management and reporting

• Authentication and authorization of users and administrators to critical network resources

• Intrusion detection for critical resources and subnets

• Support for emerging networked applications

The following points outline the purpose and the need for a security policy:

• Allows network administrators and security personnel to deploy security systems and software throughout the infrastructure

• Defines how attack mitigation will occur

• Defines the role of firewalls and routers in attack mitigation

• Defines the role of the IDS in attack mitigation

The SAFE blueprint calls for the secure management of network device and end systems. This can be achieved in one of two ways:

• Using an OOB management network

• Using encrypted protocols such as SSH, HTTPS, and SNMPv3

There are two primary methods of access control:

• Authentication ensures the user or administrator has the necessary credentials to access a device or system.

• Authorization ensures that the user or administrator has sufficient privileges to execute a command or a process.

Intrusion detection has emerged as one of the critical network technologies necessary to properly secure a network. There are two general categories of IDSs:

• A HIDS is software installed and running on end systems such as servers, desktops, and laptops. The function of a HIDS is to provide a last line of defense should an attack be missed by the network IDS.

• A NIDS works by monitoring network traffic for patterns of attack and then responding accordingly.

Deployment is critical to maximizing the success of the IDS. Properly placing the IDS at strategic locations throughout the network maximizes its effectiveness and helps ensure that an attack will not go undetected.

All network attacks can be categorized according to the following classifications:

• Structured threats are created by attackers who are more highly motivated and technically competent.

• Unstructured threats primarily consist of random attackers using various common tools, such as malicious shell scripts, password crackers, credit card number generators, and dialer daemons.

• Internal threats are typically from disgruntled former or current employees. Internal threats can be structured or unstructured in nature.

• External threats consist of structured and unstructured threats originating from an external source.