Network Management

This chapter covers the following topics:

■ The Need for Network Security

■ Security Policy Characteristics, Goals, and Components

■ The Security Wheel

C H A P T E R 5

Defining a Security Policy

The first step in implementing security in a networked environment is to determine how that security will be defined and enforced. A security policy provides the overall framework for the network security implementation and provides the rationale and the motive for the guidelines and procedures that will be used. The security policy is the blueprint, or constitution, that describes in broad terms how security will be conducted in the network. Without a security policy, efforts to implement and enforce security in a networked environment can be haphazard and uncoordinated.

“Do I Know This Already?” Quiz

The purpose of the “Do I Know This Already?” quiz is to help you decide if you really need to read the entire chapter. If you already intend to read the entire chapter, you do not necessarily need to answer these questions now.

The 11-question quiz, derived from the major sections in the “Foundation Topics” portion of the chapter, helps you determine how to spend your limited study time.

Table 5-1 outlines the major topics discussed in this chapter and the “Do I Know This Already?”

quiz questions that correspond to those topics.

Table 5-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping

Foundations Topics Section Questions Covered in This Section

The Need for Network Security 1–3

Security Policy Characteristics, Goals, and Components 4–9

The Security Wheel 10–11

CAUTION The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark this question wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

1. Why is network security becoming increasingly important?

a. Information is more important today than it has been in the past.

b. Vendors do not provide sufficient security in their products.

c. Attackers are posing an increasing threat to the capabilities of businesses to function efficiently and securely.

d. Network attacks are launched not only from external sources but also increasingly from within the network.

e. b and c are correct.

f. c and d are correct.

2. What are the two primary reasons for the increasing threat to network systems?

a. Network administrators are not diligent in securing their networks.

b. The Internet is ubiquitous.

c. Vendors are not diligent in eliminating software bugs.

d. Easy-to-use operating systems and development environments have become pervasive.

e. b and d are correct.

f. a and c are correct.

3. Within the scope of network security, what does CIA stand for?

a. Common information assurance

b. Confidentiality, identification, and assurance

c. Core Internet attacks

d. Confidentiality, integrity, and availability 4. What does a network security policy do?

a. Describes the procedures to secure a network

b. Defines the framework used to protect the assets connected to a network

c. Provides legal and financial guidance to secure a network

d. Describes a network’s level of security

“Do I Know This Already?” Quiz 69

5. What is the main goal of a network security policy?

a. To ensure that system users, staff, and managers are informed of their responsibilities for protecting corporate technology and information assets

b. To secure the network so that attackers cannot gain access

c. To provide a framework that is used to protect computers on a network and ensure that users authenticate their identity

d. To provide legal protection to the IT staff

6. What three characteristics should a network security policy have?

a. It should be implementable, capable of defining roles, and enforceable

b. It should be administrative, managerial, and understandable

c. It should be definable, restrictive, and enforceable

d. It should be implementable, understandable, and enforceable 7. What are the two types of network security policies?

a. Administrative

b. Restrictive

c. Managerial

d. Permissive

8. What are some of the elements of a network security policy?

a. Acceptable-use policy

b. Download policy

c. Encryption policy

d. Extranet policy

e. All of the above 9. What is a risk assessment?

a. A process of determining the vulnerabilities on a network

b. The reduction of the level of risk in a network

c. The ability to verify that risk exists

d. A verification that no risk exists in the network

e. A method that allows the level of risk inherent in a system to be quantified

10. What is the Security Wheel?

a. It defines network security as a continuous process that is built around the corporate security policy.

b. It is a system whereby once the network is secured according to the outline of the security policy, the network is considered secure.

c. It defines the method that is used to secure a network.

d. None of the above.

11. Which of the following are phases of the Security Wheel? Select all that apply.

a. Security policy implementation

b. Testing

c. Monitoring and detection

d. Improvement

e. Analysis

f. All of the above

The answers to the “Do I Know This Already?” quiz are found in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes and Q&A Sections.” The suggested choices for your next step are as follows:

■ 9 or less overall score—Read the entire chapter. This includes the “Foundation Topics” and

“Foundation Summary” sections, and the “Q&A” section.

■ 10 or more overall score—If you want more review on these topics, skip to the “Foundation Summary” section and then go to the “Q&A” section. Otherwise, move to the next chapter.