09-22-2011 12:16 PM - edited 03-08-2019 06:42 PM
Jazib Frahim (CCIE 5459) is is a technical leader in world wide security Services Practise of Cisco Advanced services for network security. He was previously a Technical Leader for Cisco TAC Security Team, leading engineers in resolving complicated security and VPN technologies. He hold two CCIE certifications, one is routing and switching and the other in security. He has presented on Cisco Live on multiple occasions and has written numerous technical documents and books, including Cisco ASA: All-in-Firewall, IPS, Anti-X, and VPN Adaptive Security Appliance (1st and 2nd Edition); Cisco Network Admission Control, Volume 2 and Cisco SSL VPN Solutions.
The following experts were helping Frahim to answer few of the questions asked during the session: Omar Santos and Larry Edie. Omar and Larry are top security experts and have vast knowledge in security topics..
The related Ask The Expert sessions is available here. The Complete Recording of this live Webcast can be accessed here.
A. Enterprises that do not have IT metrics can engage someone who can define these metrics for them. Incase they have the processes in place then they can start evaluating and auditing those processes and also they need to decide on how frequently they need to conduct these audits. Another aspect to consider is, so many enterprises have the processes in place but they don’t really follow them for several department like IT. Hence they need to ensure that processes should be followed in all departments.
A. Basic idea here is Start having the processes in place and once you have processes then make metrics out of it. For instance, you have a process of receiving alerts and notification from your vendor if they come across any vulnerability in your product or OS. So once you are aware that there is a vulnerability in your network then how long will it take you to find a work around and implement the same
A. There are number of IT frameworks available. For example, When Cisco Advance services do security assessments, they follow Cisco Security Control Frame (SCF) which evaluate infrastructure from identification monitoring and correlation perspective, to gain visibility on who is logging into network, which devices are getting access on network and do they have full monitoring and correlation capability deployed. And once they have greater visibility in their infrastructure then how well they are enforcing control in their network. Tthere are other couple of frameworks like CIA confidentiality, integrity and availability etc.
A. It is not just about focusing on key network devices, Its mainly about defining the processes and operation and follow them properly. Hence it can be any network devices like router, switch or any security device like , AAA servers, firewall.
A. First of all we need to understand what type of DDOS attack it is, for example is it focused on some protocol, like is it tcp based attack or a udp based attack. So somehow you need to classify these attacks. Then you can deploy infrastructure access list or transient access list to start dropping these packets.
Have in mind that DDoS attacks also are often bandwidth consuming and may require a scrubbing service from your Service Provider. Also look at using hardware based enforcement routers at your internet edge with Control plane policing and iACL.
A. Yes, all incidents we spoke about are real and lot of enterprises miss on the basics while implementing securities1
A. Like we discussed earlier we cannot have 100 percent secured network. However by ensuring that we are following all the leading security policies and have the processes and metrics in place, we regularly audit our processes, we can ensure that our network is protected.
A. There is no list as such, but Based on your vertical or based on function of company, there will be a number of metrics that are solely focused around your enterprise. Hence, there is no such list that you download and start comparing your network against it.
A. Yes, however you can use source based real time blackhole to drop a small DDoS based on the source of the traffic.
A. A password policy should require that a password:
In addition, you should be performing regular password auditing to check the strength of passwords; this should also be documented in the passowrd policy.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: