Security Structure  «Prev  Next»

Lesson 2Security elements
Objective Most important security elements

Most important Security Elements

What are the most important security elements?
Each of the elements of an effective security system operates in conjunction with the others to ensure that an organization can communicate as efficiently as possible.
The MouseOver below is a representation of the most important security elements and of the hierarchy into which these elements are organized.

Guide for planning future network security projects

  1. How to apply good systems engineering principles to the development of information security systems
  2. Recommendations concerning which standards and guidelines are most useful and that should be used in implementing and achieving required network security
  3. How to implement organizational security policies and how to ensure that they are understood and institutionalized
  4. How to make sure that the organization is prepared for a disaster
  5. How to protect against possible future liability suits
  6. How to plan for expanded, secure, remote access requirements
  7. How to implement wireless security
  8. How to protect against future attacks
  9. How to handle future attacks
  10. How to assess the effectiveness of proposed new security architectures

Guide to Network Security

Security elements

  1. Through the use of activity logs, you can determine the effectiveness of your security system.
  2. Administrators implement and enforce the security policy, audit user activity, and attempt to spot hackers.
  3. Used for authentication, data confidentiality, data integrity, and non-repudiation, encryption methods are key for securing communications and data transfer.
  4. Following access authentication, the use of valid IDs and passwords, as well as controls on software and protocols, governs what resources a user may access on your network.
  5. Prior to allowing access to any part of your system, the identity of a system or user must take place.
  6. Your security policy is the foundation for establishing an effective security system. Training of personnel is key to ensuring that security procedures are followed.

Combining security methods

When planning security, you will use a combination of
  1. methods and
  2. perimeter devices.
To provide access control and authentication, for instance, a system uses some combination of the methods and perimeter devices shown in the table below.

Security Element Perimeter Devices Internal Methods
Authorization and access control 1) Filtering router
2) Firewall[1]
1)Application logic
2) Operating system permissions
Identification and authentication Tokens 1) Remote Access Devices
2) Password Policy

The application of internal methods for security such as auditing and the use of screening routers[2] , firewalls, firewall tokens[3] and remote access devices[4] will be discussed in later modules.
[1]Firewall: A security system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.
[2]Screening router: Examines inbound and outbound packets based upon filter rules. Screening router is another term for a packet filter.
[3] Firewall token: A string of information that identifies a specific user as packets pass through the firewall. A token is usually encrypted.
[4]Remote access device: Devices that have access a network from a remote site.