A Multidimensional Approach to Network Security

Fred Avolio

This can be taught as a 2 hour, half day, 1 day, or 2 day course.

You will learn:

The challenges of internetwork security
The methods and mechanisms to be applied for securing a computer network
How to go about assessing your network’s security posture
The importance of security plans, policies, and procedures.
How to chose security products and where you should deploy them.
The different types of security products, and how they fit together.

You will leave with:

Information about common attacks
White papers on security technologies and types of products
Clear ideas about how to conduct a security survey and risk analysis
Contact information for keeping up with security advisories and vendor patches
Pointers to free and commercial solutions to security
Directory of security sites, servers, and mailing list

The Internet, and Internet use, has grown dramatically over the past 10 years. What used to be a community “where everybody knows your name” has become a world wide web of millions of users touching nearly every country on the planet. Because of the Internet revolution, security is now recognized as essential, computer and network security is becoming ubiquitous, security perimeters are becoming dynamic, and the paradigms for security that were established a few short years ago must metamorphose in order to meet the challenges of these changes.

In the beginning, there were no firewalls. And at the time, we “saw that it was good.” But just as the change of a community from small town to city brings changes in lifestyle, particularly in personal and home security, the growth of the Internet has required changes in network security mechanisms and methods. We’ve moved from defensive solutions, to the need for enabling solutions. This course will give an overview of a multidimensional model for security, looking at three levels in three areas. We will explore the realms of security (prevention, detection, response), the steps in security management (planning, policy, and production), and the arenas of security deployment (perimeter, servers, and desktops).

Course Outline

	Internet and Computer Threats, Issues, and Concerns
		Things that make networks insecure
		Threat agents
		Avenues of threat
		Famous and infamous incidents
	Single Layer, Single Dimension Security
		Examples
		The first firewalls
		Growing user "requirements"
	Multilayer, Single Dimension Security
		Added strengths
		Residual weaknesses
	Multilayer, Multidimensional Security
		Steps in security management
			Planning, policy, and procedures
			Products and Practice
			Persistent research and analysis
		Types of Security
			Prevention devices
			Detection devices
			Response devices
		Places to Deploy
			Perimeter devices
			Server devices
			Desktop devices
	Putting it Together
	Results and Conclusions