1. Field of the Invention
This invention relates in general to network security, and more particularly to a method for providing network perimeter security assessment.
2. Description of Related Art
Computer security and network security are very important today to prevent attacks by others, particularly when the computer and network are connected to the Internet or other untrusted network. These attacks can be in the form of computer viruses, worms, denial of service, improper access to data, etc. There is a standard security model known as CIA, or Confidentiality, Integrity, and Availability. This three-tiered model is a generally accepted component to assessing risks to sensitive information and establishing security policy.
Confidentiality refers to the fact that sensitive information must be available only to a set of pre-defined individuals. Unauthorized transmission and usage of information should be restricted. For example, confidentiality of information ensures that an unauthorized individual does not obtain a customer's personal or financial information for malicious purposes such as identity theft or credit fraud.
Integrity means that information should not be altered in ways that render it incomplete or incorrect. Unauthorized users should be restricted from the ability to modify or destroy sensitive information.
Availability refers to the concept that information should be accessible to authorized users any time that it is needed. Availability is a warranty that information can be obtained with an agreed-upon frequency and timeliness. This is often measured in terms of percentages and agreed to formally in Service Level Agreements (SLAs) used by network service providers and their enterprise clients.
Traditionally, Internet security has concentrated on setting up a perimeter to keep unauthorized people out. Modern information security requires a focus on enabling business and creating a perimeter that can give customers, suppliers and partners access. There are software tools for security evaluations, hardware tools for protection (firewalls), and consulting services (manual checks). These tools are useful to find technology specific vulnerabilities.
The widely accepted paradigm of the CIA triad discussed above is a basic framework for a secure environment. There are tools that individually provide network security according to the CIA triad; however these tools are generally specific to only one discipline, e.g., analyzing security policies, performing architectural reviews, reviewing components of a system, performing system vulnerability analysis, or performing application reviews. More particularly, manual architecture review processes have been developed for providing a high-level analysis of the security infrastructure, the integration of applications, systems and network infrastructure and the overall system security. However, such approaches are generally focused on specific network component vendor's products and compatible devices rather than providing a broad framework for architectural security review. An example of such an approach is Cisco Systems' SAFE Blueprint for designing and implementing secure networks based on the Cisco Architecture for Voice, Video and Integrated Data (AVVID). Furthermore, there are tools to assist in performing vulnerability reviews. Examples of such tools for providing vulnerability review include Nessus, security products from Internet Security Systems (ISS), Network Security Assessment (NSA), Retina® just to name a few.
There are also tools for providing component review, application review and policy review. Examples of such tools for providing component review include Symantec ESM and Tivoli JAC. Examples of such tools for providing application review include research-based components that might also involve using a protocol analyzer to sniff the wire. Examples of protocol analyzers are ethereal and tcpdump. Policy review includes analyzing and developing company security policies. Examples of such frameworks include company proprietary ones and various government publications such as the National Institute of Standards and Technology (NIST) “Guidelines on Firewalls and Firewall Policy,” and the NIST “Security Guide for Interconnecting Information Systems Technology.” As mentioned, some of these review tools are proprietary and some open source. Further, there are various published methodologies discussing what is referred to as “defense in depth,” which is a way to create a secure network and perimeter.
It can be seen then that there is a need for a method for providing a comprehensive network perimeter security assessment.