Appendix B:Designing Policies for Managing Networks

Overview

Analyzing Risks to Managing Networks

Designing Security for Network Administrators

Lesson 1: Analyzing Risks to Managing Networks

What Is a Network Management Policy?

Why Network Management Policies Are Important

Common Threats to Network Management

A network management policy defines:A network management policy defines:

What Is a Network Management Policy?

Tools for managing the network

Users who can manage a network

Procedures for managing the network

Tools for managing the network

Users who can manage a network

Procedures for managing the network

Policy

Administrator

Tools

Procedures

Why Network Management Policies Are Important

External Attacker Internal Attacker

Attacker Threat Example

External Social engineering

An attacker calls the helpdesk of a company posing as a newly hired network administrator who needs to reset the password of a company official. The attacker uses the official’s account to steal company secrets.

Internal Unlocked workstation

An administrator logs on to a computer by using his administrator account, then leaves the computer unlocked before going to a meeting. An attacker uses the administrator’s computer to attack the network.

Common Threats to Network Management

Area Vulnerabilities

Network management model

Poor decisions about security

Accounts that have excessive administrative rights

Incomplete background checks of a prospective administrator

Access to information

Social engineering attacks that manipulate administrators

Sensitive information found by sifting through garbage

Diligence

Failure to lock unattended workstations and servers

Critical resources in unsecured physical locations

Failure to perform security tasks in a timely manner

ToolsUse of unapproved tools to manage a network

Failure to secure communication channels that are used to manage a network

Lesson 2: Designing Security for Network Administrators

Process for Designing Secure Management of Networks

Common Network Management Models

Guidelines for Delegating Administrative Control

Guidelines for Acceptable Use of Network Management Tools

Guidelines for Network Management Security

Guidelines for Protecting Against Social Engineering

When planning an audit policy, you must:When planning an audit policy, you must:

Optimize the network management model.

Determine who can manage the network.

Predict threats to managing the network.

Create a list of approved tools and techniques.

Design and create policies and procedures for managing the network.

Optimize the network management model.

Determine who can manage the network.

Predict threats to managing the network.

Create a list of approved tools and techniques.

Design and create policies and procedures for managing the network.

11

33

44

22

Process for Designing Secure Management of Networks

55

Common Network Management Models

Model Characteristics

Centralized

A small group makes all network management decisions

Network administration is performed from a central location

Strong security is provided at the expense of flexibility

Decentralized

Autonomous groups make many network management decisions

Network administration is performed at multiple locations

May be required by medium and large-sized networks that have geographical, geopolitical, or language complexities

OutsourcedTrusted third parties perform network management

Outsourcing can provide expertise that your organization may lack

HybridCentralize, decentralized, or outsourced models are combined

The most common network management model

Guidelines for Delegating Administrative Control

Task Guideline

Before you delegate administrative control to a new administrator

Perform a background check on the administrator during the hiring process

Educate the administrator about how to carry out the required administrative tasks

Ensure that the administrator understands the security policies and procedures of your organization

When you delegate administrative control

Always delegate the fewest privileges necessary to complete administrator tasks

Always audit network administration and review audit logs regularly

Consider job rotation and mandatory vacations for administrators who have Access to sensitive data

Define:Define:

Which tools will be used to manage the network.

How the tools will be used.

How the network will be managed remotely.

Which tools will be used to manage the network.

How the tools will be used.

How the network will be managed remotely.

Guidelines for Acceptable Use of Network Management Tools

Guidelines for Network Management Security

Function Guideline

Use of Administrator accounts

Place limits on administrator authority

Prohibit use of administrator account for daily use

Prohibit use of administrator rights to monitor employees

Use of administration tools

Specify how to use remote administration tools securely

Prohibit using attacker tools on the network without approval

Performance of daily tasks

Follow policies and procedures when completing frequently occurring tasks

Create and update log files for change management

Guidelines for Protecting Against Social Engineering

Ensure that administrators:Ensure that administrators:

Follow defined processes and procedures.

Are on alert for suspicious or unusual events.

Use caution when working with other employees whom they do no know personally.

Follow defined processes and procedures.

Are on alert for suspicious or unusual events.

Use caution when working with other employees whom they do no know personally.

Security Policy Checklist

Create policies and procedures for determining:Create policies and procedures for determining:

Network management models.

Who can manage the network.

Tools to manage the network.

How personnel will manage the network.

Network management models.

Who can manage the network.

Tools to manage the network.

How personnel will manage the network.