information security management. security solutions copy
DESCRIPTION
Information Security Management. Introduction. By Yuliana Martirosyan, Based on Bell G. Reggard, Information Security Management. Concepts and Practices.TRANSCRIPT
Information Security Management
Security Solutions
By Yuliana MartirosyanBased on Bell G. Reggard, Information Security
Management. Concepts and Practices.
13. Security Solutions
Information protection is not a goal in itself but rather the reduction of owner’s harm resulting from it.
American Bar association reported a decade ago that hackers caused harm as high as $10 million.
FBA reports that business lose $7.5 billion a year to attacks.
13.1 Introduction
13. Security Solutions
13.2 Security Solutions
Organization of security solutions
Security Solution
Cryptography
Access Control
Traffic Control PhysicalSecurity Analysis
Hash
Symmetric Cryptograph
y
Public-Key Cryptograph
y
DS
VPN
Passwords
Authentication
Biometrics
VPN
IP Packet Filter
Firewalls
IP App Level Firewalls
Hybrid Firewall
Cyberwall
Statefull Insp. Firewall
VPN
Audit
Penetration
Security Plan
Reviews
Risk Analysis
VulnerabilityAssessment
Intrusion Detection
Locks
Disconnect
Backup
Higher Availability Clusters
Security Mngmt
13. Security Solutions
13.2.1 Security Management13.2.1.1 Information Security ManagementThis is the most important class of security solutions. It is related to organizational security of the company.
There are two main components:1. Effectiveness in securing the system (ISO 27002)2. Information Security Management system (ISO 27001)
13.2 Security Solutions
13. Security Solutions
13.2.1 Security Management13.2.1.2 Simple Network ManagementMajor components used in networking are routers, switches, firewalls and access servers. (Network topology)Routers draw a hierarchy of LANs and autonomous systems to find optimal paths to information recourses worldwide.
13.2 Security Solutions
Network Management
Data CentersUnicenter from IBM
Network Management System tools
Open View from HP
Enterprise System Management
ESM
13. Security Solutions
13.2.2 Cryptographic Solutions
13.2.2.1 Cryptography
Hash Functions
Symmetric Cryptography
Public-Key Cryptography
Digital Signatures
Virtual Private Networks
13.2.2.1 The Main Cryptographic Mechanisms
Symmetric Cryptography: Private Key (AES)
Asymmetric Cryptography: Public Key (RSA)
13.2 Security Solutions
13. Security Solutions
13.2.2 Cryptographic Solutions
13.2.2.3 Block and Stream Ciphers in Symmetric Cryptography
Symmetric ciphers are now usually implemented using:
• Block ciphers: a fixed-length block of plain text is converted into cipher text of the same length
• Stream ciphers: data is encrypted bit/byte at a time
13.2.2.4 Digital Signatures
Used to or demonstrating the authenticity of a digital message or document.
DS algorithms: RSA, DSS, Elliptic Curves
Crypto-systems : PGP, S/MIME
13.2 Security Solutions
13. Security Solutions
13.2.2 Cryptographic Solutions
13.2.2.5 Virtual Private Networks (VPN)
A virtual private network (VPN) is a computer network that uses a public telecommunication infrastructure such as the Internet to provide remote offices or individual users with secure access to their organization's network.Intranet VPN:
several buildings may be connected to a data center (strong encryption)
Remote Access VPN
laptops that connect intermittently from different locations (authentication)
Extranet VPN
access corporate resources across various network architectures
13.2 Security Solutions
13. Security Solutions
13.2.2 Cryptographic Solutions
13.2.2.5.1 Dial-Up VPN (PPTP VPN)
13.2 Security Solutions
Firewall
Intranet
13.2.2 Cryptographic Solutions: PPP VPN implementation
13. Security Solutions13.2 Security Solutions
Firewall
Firewall
13. Security Solutions
13.2.2 Cryptographic Solutions
13.2.2.5.2 Layer Two Tunnel Protocol (L2TP)
Layer Two Tunneling Protocol (L2TP) is a combination of PPTP and Layer 2 Forwarding.
The main rival to PPTP for VPN tunneling was Cisco’s L2F.
13.2.2.5.1 Internet Protocol Security (IPSEC)
IPsec is a collection of protocols that provide low-level network security.
IPsec exists at the network layer.
13.2 Security Solutions
13. Security Solutions
13.2.3 Access Control
Access control is a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system.
The three most widely recognized models are:• Discretionary Access Control (DAC)• Mandatory Access Control (MAC)• Role Based Access Control (RBAC)
13.2 Security Solutions
13. Security Solutions
13.2.3 Access Control
Access Control Technologies:• Passwords, tokens, smart cards, encrypted keys• Authentication• Biometrics• VPN
13.2 Security Solutions
13. Security Solutions
13.2.3 Access Control
AuthenticationEncryption can be used not only to hide data from prying eyes. For example, cryptographic method, Tripwire. It build database of cryptographic checksums for selected files. Attempts to unauthorized access to data will be detected by TripwireBiometricsFingerprints, Facial Recognition, Hand geometry, DNA
13.2 Security Solutions
13. Security Solutions
13.2.4 Data Traffic Control
Security Rules:
Rule1: Trust Inside
Rule 2: Least privilege
Rule 3: Selective blocking Opposite of Rule 2
Firewalls:
Network firewalls
Application firewalls
Stateful inspection firewalls
13.2 Security Solutions
13. Security Solutions
13.2.5 Security Analysis
Security Testing: Penetration testing
External Source Penetration Test
Internal source penetration Test
Target system penetration test
Vulnerability Assessment
The process of identifying and quantifying weaknesses of the system, and determine their effect.
Analyze threats that potentially can cause compromise, spoofing, or denial of service.
13.2 Security Solutions
13. Security Solutions
13.2.5 Security Analysis: Security Review• System, Network and Topology evaluation
• Administration checklist
• File servers and workstations
• Individual accountability
• Disaster recovery
• Connectivity
• E-mail Controls
• Policy Review
• Logical Security
• Managerial security
• Physical Security
13.2 Security Solutions
13. Security Solutions
13.2.5 Security Analysis
Forensic Investigation• Use of sterile media• Hardware investigation• Original data• Write protected media• Deleted, hidden or recored files• File revision documentation• Data manipulation• Files’ organization• Potential evidence• Report generation
13.2 Security Solutions
13. Security Solutions
13.2.5 Security Analysis
Security Audit• Planning the audit• Auditing• Report and post-mortem• Action
13.2 Security Solutions
Security Control Management Class, Family and Identifier
Class Family IdentifierManageme
ntRisk Assessment RA
Management
Planning PL
Management
System and Services Acquisition
SA
Management
Certification, Accreditation, and Security Assessment
CA
13. Security Solutions13.3 The NIST Security Solution Taxonomy
Class Family Identifier
Operational Personnel Security PS
OperationalPhysical and Environmental Protection
PE
Operational Contingency Planning CP
Operational Configuration Management CM
Operational Maintenance MA
OperationalSystem and Information Integrity
SI
Operational Media Protection MP
Operational Incident Response IR
Operational Awareness and Training AT
13. Security Solutions
13.3 The NIST Security Solution Taxonomy
Security Control Technical Class, Family and Identifier
Security Control Technical Class, Family and Identifier
Class Family Identifier
OperationalIdentification and Authentication
IA
Operational Access Control AC
Operational Audit and Accountability AU
OperationalSystem and Communications Protection
SC
13. Security Solutions13.3 The NIST Security Solution Taxonomy
1 Risk Assessment and Treatment2 Security Policy3 Organization of Information Security4 Asset Management5 Human Resources Security6 Physical Security7 Communications and Ops Management8 Access Control9 Information Systems Acquisition, Development, Maintenance10 Information Security Incident management11 Business Continuity12 Compliance
13. Security Solutions13.4 The ISO Security Taxonomy