INTRODUCTION TO NETWORK SECURITY 1.3 (NETWORK SECURITY TRENDS (WIRELESS…
INTRODUCTION TO NETWORK SECURITY 1.3
NETWORK SECURITY TRENDS
The increasing use of wireless LAN connections and the rapid
rise of Internet access from cell phones in Europe and Asia are
requiring entirely whole new approaches to security.
Radio frequency (RF) connections do not respect firewalls the
way wired connections do.
IT STAFFING SHORTAGE
To solve this problem, many enterprises are increasingly
outsourcing day-to-day security management tasks.
The application service provider (ASP) business model will
become increasingly common in the security world.
there is a demand for skilled network security professionals.
THE NEED FOR SPEED
The number of broadband connections to the Internet from
homes is exceeding projections.
Many businesses are finding that multiple T1 or E1 connections
to the Internet no longer suffice.
ISO/IEC 17799, Information technology—Code of practice for
information security management, is an information security
standard that is published by the International Organization for
Standardization (ISO) and the International Electrotechnical
ISO/IEC 17799 is intended to be a common basis and practical
guideline for developing organizational security standards and
effective security management practices.
SECURITY ORGANIZATIONS ROLES
The United States Computer Emergency Readiness Team (US-
CERT) is a partnership between the Department of Homeland
Security and the public and private sectors.
US-CERT was established in 2003 to protect the nation’s
Internet infrastructure by coordinating defense against and
responses to Internet security threats.
US-CERT is responsible for the following:
-Analyzing and reducing cyber threats and vulnerabilities
-Disseminating cyber threat warning information
-Coordinating incident-response activities
International Information Systems Security Certification Consortium (ISC2)
Is a nonprofit organization that maintains a collection of industry
best practices for information security.
The ISC2 has created five certifications that align to these best
practices, the Systems Security Certified Practitioner (SSCP),
and the Certified Information Systems Security Professional
The Common Criteria is an international standard for evaluating
It was developed by a consortium of 14 countries to replace a
number of existing country-specific security assessments and
was intended to establish a single high-quality standard for
ICSA Labs tests firewalls against a standard set of functional
and assurance criteria elements.
ICSA Labs is presently testing firewalls and VPN devices on
ICSA certification exists to provide a set of measurable, public-
domain standards for commercial security products.
SECURITY ORGANIZATIONS ROLES
The CERT Coordination Center (CERT/CC) is a reporting center for Internet security issues.
The CERT/CC plays a major role in coordinating responses to Internet security threats.
The CERT/CC is located at the Software Engineering Institute (SEI) operated by Carnegie Mellon University.
The SysAdmin, Audit, Network, Security (SANS) Institute was established in 1989 as a cooperative research and education organization.
The SANS Institute develops and maintains research documents about various aspects of information security.
These documents are available at no cost. SANS also operates the Internet Storm Center, an early warning system for Internet security issues.
The Federal Information Processing Standard (FIPS)
FIPS 140 has four levels of assurance: Level 1 is the lowest, and Level 4 is the most stringent.
Each level builds upon the one below it, so a Level 2 certification means that a product meets the requirements for both Level 1 and Level 2.