Planning for Security

Probably the most difficult task when dealing with security is the planning stage, in which you need to develop a solution to meet your company's business and security needs. When examining your network and identifying critical and insecure areas and components, you need to approach a security plan from various perspectives:

• Business goals and user needs
• People and politics
• Technical issues

First, you have to remember that your company has business goals outlined in a business plan. These are used as a roadmap to increase your company's success. A good security solution should help, not hinder, a company in reaching its business goals. The company's users have needs that are related to the company's business plan. Whereas the business plan is a general guideline, users have specific needs to reach the company's business goals.

You must deal with all kinds of users from different departments and divisions when determining what assets and resources your company is using to reach its business goals. This means that you need to be intimate with the corporate organization ladder and have political savvy when dealing with various users and departments, as well as their diverse needs.

When you understand what resources either are being used by or are required by users to reach the company's business goals, you need to determine what kind of security solution should be implemented that will protect your company yet allow it to achieve its goals. A solution that is completely secure yet prevents a company from reaching its goals is counterproductive and useless.

Security Threats

With the increase of hacking attacks, worms, viruses, and other networking threats, security is a major problem in today's networks. 10 to 15 years ago, security was a simple problem requiring simple solutions; in those days, the Internet was small and had only a small number of universities and government agencies connected to it. Aging passwords were used to protect accounts, and simple packet-filtering firewalls were used to restrict traffic flows. However, today is a different world from more than a decade ago. With the explosion of the Internet, the proliferation of software applications, and the ingenuity of hackers, security has become a complex problem that requires a well-thought-out security solution to deal with it. The security solution must be capable of dealing with the security threats that your network will face, but it also must allow your company to reach its business goals and must be flexible enough to adapt to network topology and technology changes.

This chapter contains a brief overview of the kinds of threats that you will face in securing your network, as well as some generic solutions that you can use to deal with these threats. Understanding these topics will greatly help you choose and implement the correct Cisco security feature on your router. The main purpose of this book is to explain how to use a Cisco perimeter router as a complete firewall solution or as a component of a firewall solution. The end of the chapter explains the Cisco Security Model, which is used to implement security solutions.

Most hackers are intimate with UNIX operating systems; thus, most hacking, as well as security tools, is done in UNIX. Many tools are available for Windows platforms, but most of these are expensive commercial products. Therefore, if you are interested in becoming a security specialist, I highly recommend that you become familiar with the UNIX operating system, network administration with UNIX, and how to use many of the different security tools in a UNIX environment. At a minimum, most security job positions require this level of expertise. One of my favorite UNIX system administration books is Unix Systems Administration Handbook (3rd Edition), by Evi Nemeth, Garth Snyder, Scott Seebass, and Trent T. Hein (Prentice Hall PTR, August 2000). I used the first edition of this book to help me with my UNIX skills more than a decade ago; it is simple to read and easy to understand.