Modern Network Architecture

Nov 19 2011   6:03PM GMT

information Security

James Murray James Murray Profile: James Murray

There seems to be a boring side to Information security and an almost sexy side to data security.  Don’t forget to change your password, backup your data, disaster recovery is the boring side.  Ok these are interesting subjects, but talk to a client about countering international gangs of hackers

and virus attacks and it’s exciting.  Try to convince a manager to get everyone together regularly to develop a disaster recovery plan for medium size business and there’s very little excitement.  The modern networks are much more complicated to secure today.  The modern network architect has a lot to think about. 

The three core principles I was originally trained to think in terms of were 

Confidentiality – Preventing disclosure of information to unauthorized individuals inside or outside the system. 

Integrity - Integrity systems confirm whether a data packet has been modified. 

Availability – practices that ensure availability of the data 

In 2002 the international policy organization OECD (Organization for Economic Co-operation and development) expanded these to include: 

Authenticity – Authentication of data passed between two known identities. 

Non-Repudiation – Systems that allow online contractual obligations can be enforced 

When strategizing information security we can think about the life cycle of the data.  The life cycle starts with the creation of the data and ends with the disposal of the data.  During the cycle there are points in the cycle when the data is in motion and when the data is at rest.  At each point or management point requires an administrative control, logical control and/or a physical control.  At each management point a new control is added or subtracted from the data.  Controls are packed and then unpacked throughout the life cycle of the data. 

When discussing this with a management team I’ve found that writing out a process diagram helps me understand and better explain the process.  By doing this, I’ve found that management teams better understand and will even begin contributing to the security process.

These controls are made up of security mechanisms.  Some of the physical controls include

Disk Encryption – Encrypting a data on a physical drive or piece of hardware

Backups - Copying data to a separate location

Data masking – Obscuring specific data in a database table or cell

Data erasure – Overwriting specific sections of the media where data has been erased 

Other controls affect data in transit

Checksum – a fixed-sized component of the packet used to detect errors

Packet signing – Simple hash in the packet that identifies a packet that has been opened

Data encryption – Encrypting the data portion of the packet

Tunneling encryption – A data packet security strategy that encrypts the entire packet.  At the same time, provides a layer 3 address that allows passage across public and private routers. 

Network security is mostly about understanding your tools.  Physical mechanisms can be a simple as locking the door to the server room.  The day to day transactions of fixing forgotten passwords and managing security groups can be a little boring.  Yet that’s really what you want.  As system become more complex, we need to understand the holes in the packets we send as well as the access control holes that keep the bad guys out or the employees in the right places

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: