While implementing a functional network design that meets an organization’s business and technical goals is critical, it is imperative that the design is properly secured.

Even today, many companies consider security in an overly simplified manner, thinking that the implementation of a firewall or a few strategically placed access lists will mitigate almost all potential risks. Unfortunately, implementing a secure network is about much more than the deployment of a few pieces of dedicated hardware and some basic configuration settings. Instead, it involves a commitment to risk management and risk assessment that goes far beyond any piece of equipment, involving the creation of policies, procedures, and ultimately, a plan.

Cisco has developed an approach to securing networks that it calls SAFE. SAFE is not so much a specific set of steps that must be followed in order to secure a network, but rather a set of design suggestions and configuration guidelines that should be followed when attempting to design a secure network. The SAFE methodology follows an approach known as defense-in-depth, where the security of individual modules in the Enterprise Composite Network Model is considered individually, with distinct suggestions made for securing these modules based on potential threats and risks.

This article takes a look at the importance of developing a comprehensive security policy, as well as some of the potential threats that a network designer needs to consider as part of any network design project.

Developing a Security Policy

Implementing a secure network always begins with the same step, namely the development of a comprehensive security policy. In far too many companies, securing a network is looked at as a series of steps that involve configuring equipment, strategic placement of security devices, and so on. Although these elements have their role in helping to secure a network, at the end of the day they should only be the tools used to implement a defined policy.

A security policy is not a set of firewall rules or access control list entries either. A true security policy is comprised of many different elements, but is focused on first assessing the potential risks to not only a network but also a business, and then appropriately managing the assessed risks using various methods. To that end, the development of a security policy within an organization is not a single event but rather an iterative process that never ends. Even after a security policy is developed and implemented, it must constantly be reviewed and revised to ensure that it takes new risks into consideration.

Any good security policy begins with a look at the potential risks to an organization from a high-level perspective. This does not mean the risk of a hacker compromising the network, but rather the specific threats that an organization faces. For example, if the company is engaged in electronic commerce activities with partners or customers, the data that is stored and transferred between the parties must be properly secured. If this information were somehow compromised, it could not only impact system availability and thus productivity, but also the reputation of the organization. By the same token, if a hacker modified critical data on internal servers, this could impact any number of business processes in a negative manner. Quite simply, a security policy begins by attempting to assess all potential security risks, including how those risks might impact the organization. Sometimes these risks impact a specific technical area and represent no more than an annoyance, while other times, the risk might impact an organization’s core ability to conduct business.

In a perfect world, any assessed security risks could be eliminated through the implementation of various security features in a good network design. Unfortunately, the best a network designer can hope for, as part of implementing any security policy, is that risks will be reduced to the greatest possible extent. It is simply not possible to eliminate security risks – these evolve over time, and are constantly changing. A network designer needs to be aware of this, and understand that managing risk, not eliminating it, it truly the nature of the beast.

The design of a security policy in any organization needs to be well documented as a starting point. Some of the different areas that should be considered as part of the design of a security policy include:

Physical security. Although it is among the most important elements of any security policy, physical security is all-too-commonly overlooked. Examples of physical security measures include ensuring that all equipment rooms are locked, access to any wiring closets is restricted, and so on. Many companies now implement locks with pass cards in order to track who has physically accessed equipment.

Authentication. Authentication is also a critical factor with in any network security policy. While many companies still rely upon traditional username and password systems to validate network users using protocols like PAP and CHAP, other implement token-based systems that provide two-factor authentication (username/password plus one-time token password) using the Extensible Authentication Protocol (EAP) for a higher degree of security.

Authorization. Where authentication is used to validate network users, authorization controls the level of privilege associated with a user account. For example, a network management system can be configured to allow only certain users the ability to configure systems via SNMP, while another group of users can only read SNMP information for troubleshooting purposes.

Access control. Access control is used to limit a user’s ability to access resources. For example, in a Windows Server 2003 environment, access to resources can be controlled by user account or group membership. On a Cisco router or firewall, techniques like access control lists can be used to limit the types of traffic that can pass from one network to another.

Data confidentiality. Data confidentiality needs to be considered as part of any security policy. In most cases, data is passed across a network using plain text, which can be captured and read by other users. As necessary, different encryption techniques are generally implemented on a network in order to ensure data confidentiality.

Data integrity. Data integrity relates to the process of ensuring that corporate data has not been tampered with in any way, whether while stored on a server or while in transit across a network. For example, an organization would want to ensure that records in a database are not being tampered with to suit the ends of a particular user.

Network Management. The method used to manage network systems is a critical consideration in any security policy. Although an NMS will help to facilitate centralized management, factors like authentication, authorization, and data confidentiality also need to be considered from a security point of view. If the network management systems and protocols in use are not properly secured, this represents a huge potential threat to the entire network.

Although many of the areas listed above relate to specific technical ideas, remember that the development of any security policy considers these elements with respect to the assessed risks for an organization.

Dan DiNicolo is a technical trainer, consultant, author, and the managing editor of the free IT learning web site 2000Trainers.com. When he’s not busy traveling the world as an IT volunteer with organizations like Geekcorps, Dan makes his home in the snowy northern backwoods of Canada.