Сигурност на компютърните мрежи - основни стъпки за изпълнение

Guidance
10 Steps: Network Security

From: UK CESG, Department for Business, Innovation & Skills, Cabinet Office and Centre for the Protection of National Infrastructure
First published: 5 September 2012
Last updated: 16 January 2015 
Part of: Cyber security

1.Summary
Connecting to untrusted networks (such as the Internet) exposes corporate networks to attacks that seek to compromise the confidentiality, integrity and availability of Information and Communications Technologies (ICT) and the information they store and process. This can be prevented by developing policies and risk management approaches to protect corporate networks by applying security controls that are commensurate with the risks that have been identified and the organisation’s risk appetite.

2.What is the risk?
Corporate networks need to be protected against both internal and external threats. The level to which networks are protected should be considered in the context of the organisation’s risk appetite, risk assessment and corporate security policies.
Businesses that fail to protect their networks appropriately could be subject to a number of risks, including:
Leakage of sensitive corporate information
Poor network design could be exploited by both internal and external attackers to compromise information or conduct unauthorised releases of sensitive information resulting in compromises in confidentiality, integrity and availability
Import and export of malware
Failure to put in place appropriate boundary security controls could lead to the import of malware and the compromise of business systems. In addition, users could deliberately or accidentally release malware or other malicious content to business partners or the general public via network connections that are poorly designed and managed
Denial of service
Networks that are connected to untrusted networks (such as the Internet) are vulnerable to denial of services attacks, where access to services and information is denied to legitimate users, compromising the availability of the system or service
Exploitation of vulnerable systems
Attackers will exploit poorly protected networks to gain unauthorised access to compromise the confidentiality, integrity and availability of systems, services and information
Damage or defacement of corporate resources
Attackers that have successfully compromised the network can damage internal and externally facing systems and information (such as defacing corporate websites), harming the organisation’s reputation and customer confidence

3.How can the risk be managed?
Produce, implement and maintain network security policies that align with the organisation’s broader information risk management policies and objectives. Follow recognised network design principles (ie ISO/IEC 27033-1:2009) to help define the necessary security qualities for the perimeter and internal network segments and ensure that all network devices are configured to the secure baseline build.

3.1Police the network perimeter
Limit access to network ports, protocols and applications filtering and inspecting all traffic at the network perimeter to ensure that only traffic which is required to support the business is being exchanged. Control and manage all inbound and outbound network connections and deploy technical controls to scan for malware and other malicious content.
Install firewalls
Firewalls should be deployed to form a buffer zone between the untrusted external network and the internal network used by the business. The firewall rule set should deny traffic by default and a whitelist should be applied that only allows authorised protocols, ports and applications to communicate with authorised networks and network addresses. This will reduce the exposure of ICT systems to network based attacks.
Prevent malicious content
Deploy antivirus and malware checking solutions to examine both inbound and outbound data at the perimeter in addition to antivirus and malware protection deployed on internal networks and on host systems. The antivirus and malware solutions used at the perimeter should be different to those used to protect internal networks and systems in order to provide some additional defence in depth.

3.2Protect the internal network
Ensure that there is no direct network connectivity between internal systems and systems hosted on untrusted networks (such as the Internet), limit the exposure of sensitive information and monitor network traffic to detect and react to attempted and actual network intrusions.
Segregate network as sets
Identify, group and isolate critical business information assets and services and apply appropriate network security controls to them.
Secure wireless devices
Wireless devices should only be allowed to connect to trusted wireless networks. All wireless access points should be secured. Security scanning tools should have the ability to detect and locate unauthorised wireless access points.
Protect internal Internet Protocol (IP) addresses
Implement capabilities (such as Network Address Translation) to prevent internal IP addresses from being exposed to external networks and attackers and ensure that it is not possible to route network traffic directly from untrusted networks to internal networks.
Enable secure administration
Administrator access to any network component should only be carried out over dedicated network infrastructure and secure channels using communication protocols that support encryption.
Configure the exception handling processes
Ensure that error messages returned to internal or external systems or users do not include sensitive information that may be useful to attackers.
Monitor the network
Tools such as network intrusion detection and network intrusion prevention should be placed on the network and configured by qualified staff to monitor traffic for unusual or malicious incoming and outgoing activity that could be indicative of an attack or an attempt. Alerts generated by the system should be promptly managed by appropriately trained staff.
Assurance processes
Conduct regular penetration tests of the network infrastructure and undertake simulated cyber attack exercises to ensure that all security controls have been implemented correctly and are providing the necessary levels of security.