Network Security Design and Implementation

This document is based on "Designing Secure Networks Based on the Software Process Model" by Paul Innella, Tetrad Digital Integrity LLC, without permission.

Many people try to secure their network by installing a single tool, a "silver bullet" or "universal cure" to all their problems. They often install such a tool without much planning. It doesn't matter if the tools is a firewall, PKI system, smart cards, or other such tools. Without proper planning, testing, and maintenence, no such tool can present a true defense, or provide true security.

Principles of Secure Network Design

Prior to implementing a network security solution, several fundamental ideas must be considered. Some of these ideas are:

  • Integrity means that the security measures must be preservative. They must not corrupt data. They must not lose data. They must protect the data in a consistent way at all times. They must protect confidentiality and sensitivity of data.
  • Availability means that the security measures must be available at all times, and that the systems and data they are protecting must be available at all times.
  • Adequate protection means that what you are protecting must be protected to a degree commensurate with their value. Computer items must be protected only until they lose their value and they must be protected to a degree consistent with their value.
  • Effectiveness means that any controls that are implemented must be effective in securing the network and its component parts. However, they must be also be efficient, easy to use and appropriate to the size and type of organization in which they operate.
  • Depth protection means that it must be assumed that an intruder will attempt to use any available means of penetration. This does not necessarily entail the most obvious means, nor is it necessarily the one against which the most solid defense has been installed.
  • Due Diligence means that ensuring network security is an ongoing, evolving process. The network must be perpetually monitored and managed to ensure security.

Network Security Development

The following 8 phases of development should be followed in designing network security.

Phase 1: Systems Requirements

The systems requirements phase consists of recognizing the security needs of your network and defining the goals of addressing those needs. This includes:

  1. assessing the need for and overall level of network security required in your environment;
  2. evaluating the value on information within your network and determining the level of security necessary to protect that information. This measure, along with step one, will satisfy the principle of adequate protection; and,
  3. measuring any foreseeable weaknesses in the current network, thereby partially identifying any needs for depth protection.

Also, while focusing on the principle of adequate protection, network designers must decide whether the need for an increased level of network security exists and is practical. The network security policy should be driven by defined and quantifiable needs -- not by fear or laziness.

Phase 2: Concept Formulation

This phase entails considering the different methods of attaining the goals that were identified in the systems requirements phase. Positive and negative aspects of each possible plan of attack must be determined. Finally, the chosen course of action should be transformed into a detailed plan for providing security across your network.

Risk Analysis

Risk analysis is a critical task that occurs during the initial two phases of the process model. Risk analysis is divided into three different stages: sensitivity assessment, risk assessment, and economic assessment.

  • Sensitivity assessment defines the various needs determined in the systems requirement phase as they relate to the value of your network's assets.
  • Risk assessment is the most significant activity of the overall risk analysis. It is used to define threats against the network, vulnerability of the network, and the risk levels that result from the postulated exploitation of network vulnerabilities by the defined threats against the network. Certain simple inquiries facilitate the assessment of a network's susceptibility to a risk becoming a reality. For example, risks to your network include the lack of a daily backup and disaster recovery plan, anti-virus software, intrusion detection methods, access control software, firewalls, password practices, encryption and strong authentication.
  • Economic assessment approximates the expected value of a loss, in the case that any of the defined risks become a reality and the network's security is compromised.

Phase 3: Systems Definition

During this stage, actual system specifications are created that detail the exact operation of the system. Tailored to meet the needs of developing a secure network, this phase explains the behavior of the network under any foreseeable circumstances. Using the information gathered from risk analysis, network designers must further predict its actions in an unforeseeable scenario. Based upon the information collected in the previous stages and the system specifications designed here, designers must decide to proceed or discontinue the network security development.

Phase 4: Engineering Design

During this phase, the specifications produced in the previous phase will be used to create a design that explains in detail the means by which each specification will be realized. For example, the engineering design should detail how the network would repel a hacker attempting an IP spoof by utilizing circuit-level gateways, a threat whose effect would have been described in the systems definition phase.

Phase 5: Design Verification

The design must be substantiated in the design verification phase. This phase constitutes a testing period, which will scrutinize the system's usability, security, and sustainability. Using the previous example of the hacker attempting an IP spoof, this stage would test the feasibility or the likelihood of that hacker circumventing the circuit-level gateway. Network designers may elect to discontinue the process if the system is incomplete or vulnerable, or proceed and fully develop the designed secure network.

Phase 6: Production and Installation

During this phase, the secure network is installed and prepared to go operational. Prior to flipping the switch, designers will examine the network to see that it still meets all of the objectives laid out in the systems requirements phase. Provided that the previous phases have been completed thoroughly, this phase will be the rewarding stage in which the design and development becomes a reality - the result being a network that can be considered secure. Nevertheless, as stated earlier, the process of securing a network is evolutionary and ongoing and, as such, compels the need for the following phase.

Phase 7: Operations

In the operations phase, network designers and managers will manage the deployed system and focus on identifying any points that need improvement, so that the network remains secure and effective. Using penetration tests and various hacking and intrusion tools, they must continuously challenge the security of the network to find its weak points. Once any of these vulnerabilities are discovered, they must perform the necessary updates to the network. Due to the increasing number of new threats to network security, this process must be continual.

Phase 8: Retirement

Eventually, systems that can no longer benefit from modifying or enhancing their design must be retired. The network, for example, that cannot be improved to prevent against external threats must be resigned. It is here where the cyclical nature of the process returns to the systems requirements phase to refortify the network and keep it effective.