Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Next-Generation Secure Computing Base wikipedia , lookup
Deep packet inspection wikipedia , lookup
Wireless security wikipedia , lookup
Airport security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
IT risk management wikipedia , lookup
Mobile security wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Information security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Distributed firewall wikipedia , lookup
A 24x7x365 Secure Government Internet Portal by Gavin Longmuir [email protected] 1 5 November 2001 What are the objectives of Information Security Availability Confidentiality Integrity [email protected] 2 5 November 2001 A Secure AND Available Portal? A secure highly available Government Internet portal needs to not only ensure availably of the resources but to ensure the integrity of the resources and prevent opportunities for malicious misuse of the resource. [email protected] 3 5 November 2001 Guidelines that must be followed National Office for the Information Economy (NOIE) – Online Security Requirements for Commonwealth Agencies Commonwealth Privacy Act (Public Sector) 1998 [email protected] 4 5 November 2001 Guidelines … Protective Security Manual (PSM) Part C: Information Security Part E: Physical Security Defence Signals Directorate (DSD)’s ACSI 33 HB HB HB HB HB HB HB 2: Evaluated Products 3: Risk Management 4: Security Management 8: Network Security 10: Web Security 13: Intrusion Detection and Audit Analysis 14: Physical Security [email protected] 5 5 November 2001 Guidelines … DSD’s Gateway Certification Guide DSD/NOIE Commonwealth Agency Online Security Checklist [email protected] 6 5 November 2001 Industry guidelines ISO 17799:2001 - Code of practice for Information Security Management Formally AS/NZS 4444.1 or BS 7799.1 AS/NZS 4360:1999 – Risk Management [email protected] 7 5 November 2001 Building a Secure High Availability Environment Physical Security – Computer Rooms Firewalls Intrusion and Misuse Detection Security Awareness and Training Building It Secure – Evaluated Products Availability Denial of Service Attacks Incident Handling [email protected] 8 5 November 2001 Physical Security – Computer Rooms Standards developed by DSD and ASIO T4 Group Access Control/All Physical access secured (including ducts and wall/roof tiles) Alarm Systems (Certification to be undertaken by ASIO T4 Group) Secure Containers/Racks Extensive UPS Systems (including testing) [email protected] 9 5 November 2001 Firewalls Implemented as security enforcing points of the network Filtering device Application Filtering Stateful Inspection IP Header Restriction (eg. Source IP address) Application Restriction (eg. Only FTP get/recv) Content To have verbose logging and reporting apparatus [email protected] 10 5 November 2001 Intrusion and Misuse Detection Intrusion Detection Systems (IDS) Network (Promiscuous) Tap - NIDS Host based with additional system activity as inputs – HIDS Based on expert ‘pattern’ matching – not 100% Placement is vital – event could occur in non-monitored environment Monitoring and correlation with other logs (routers/firewalls) can give essential foresight Logs provide legal forensic evidence for any possible prosecution [email protected] 11 5 November 2001 SSL and Intrusion Detection Encryption protocols are blind spots for any NIDS – they are tunnels Use of HIDS could be used at the end points Typical encryption technologies are SSL, IPSec, and VPNs Other protocols such as SNA may not be understood by the IDS [email protected] 12 5 November 2001 Vulnerability Monitoring Vulnerability testing of the security enforcing functions of the environment must be done to ensure correct configuration Automatic scanning and manual invoking after every major configuration change Host based integrity checking is also to be undertaken [email protected] 13 5 November 2001 Security Awareness and Training Staff must understand their responsibilities for security and why it is enforced Operations staff are to have a full understanding of the security enforcing functions of the environment along with the functionality of the enforcing devices [email protected] 14 5 November 2001 Building It Secure – Evaluated Products Building a secure environment requires the use of a evaluated or trusted system Evaluated systems have been evaluated against a number of criteria to test the functionality of the system Criteria describe strength of the security system, the security features provided, confidence in systems design, and confidence in system implementation DSD’s Evaluated Product List (EPL) The use of Evaluated Firewalls is mandated [email protected] 15 5 November 2001 Avoiding Single Points of Failure Multiple geographic separate sites Multiple broadband carriers Traffic load-balancing or management tools Clustering – horizontal (parallel) scaling Increases availability Increases bandwidth Decreases integrity? – content replication Failover/High-Availability of ALL networking devices [email protected] 16 5 November 2001 Calculating Availability Replication of any component within the environment increases availability Most manufactures provide availability information with devices such as mean time to failure Serial Availability – the product of component reliability for all devices between two locations in a network Parallel Availability – the inverse of the product of component unreliability for all mirrored devices in a network [email protected] 17 5 November 2001 Load-Balancing Firewalls Firewall’s are traditionally seen as traffic bottlenecks Newer Firewalls now come with load-balancing features Software implementations pass state information between ‘nodes’ – but don’t scale Hardware implementations pass state but not information like CPU load or memory utilisation Highly Protected information must be protected by multiple serially implemented Firewalls (of different manufacture) Placement of smart load-balancing traffic management devices ‘in-front’ of these serial-paired Firewalls [email protected] 18 5 November 2001 Denial of Service Attacks Use modern and patched networking devices Data Flood Attacks Infrastructure Attacks Distributed Denial of Service Attacks Logical access filtering SYN flood throttling Connection rate throttling Data rate throttling Still need multiple sites and defence in depth – greatest defence is redundancy [email protected] 19 5 November 2001 Incident Handling Part of the Business Continuity Plan Identification and Analysis of the event Reporting Procedures and resultant actions documented in detail Confirmation of system(s) and data/information integrity Collection and integrity of audit logs and other evidence used for forensics [email protected] 20 5 November 2001 Ensuring Integrity of the Resource How to tell a Fake? Quality Management [email protected] 21 5 November 2001 How to tell a Fake? An intruder (possibility only says) accesses restricted components of the environment Has the data/information been tampered with? Has malicious code been placed? Have to prove it – otherwise treat as it has Malicious network traffic redirection Digital signatures – verification of content SSL certificates – verification of destination [email protected] 22 5 November 2001 Quality Management Mandated change control, peer review and testing procedures Information/data protection from newly developed rogue application functionality Including reassessment of threats and risk Development and testing to occur in non-production environment Backups of non-replicated/non-redundant data [email protected] 23 5 November 2001 Threat and Risk Assessment DSD’s Risk Assessment Methodology Based on AS/NZS 4360:1999 [email protected] 24 5 November 2001 Risk Assessment Methodology Asset Identification (Estimated) Threat to Asset (Estimated) Threat Likelihood (Estimated) Harm, if Realised (Resultant) Risk Assessment (Estimated) Required Risk (Resultant) Counter-measure Priority Rating Counter-measures (Policy, Procedures, Design) Identification (and Acceptance) of Residual Risk [email protected] 25 5 November 2001 Example TRA Entry Asset – Loss or Corruption of Government data/information Resources and supporting systems Threat to the Asset – Unavailable or bogus service from IP service hijacking or infiltration [email protected] 26 5 November 2001 Example TRA … Threat Likelihood – High Harm, if Threat is Realised – Serious Resultant Risk – Critical (4) Required Risk – Nil (0) Counter-measure Priority Rating - 4 [email protected] 27 5 November 2001 Example TRA … Counter-measures Deployment of NIDS and HIDS Controlled and ‘hardened’ system OS Ensure that security enforcing devices deny all this is not specifically allowed TCP/IP Ingress and Egress filtering Residual Risk New attack mechanism which is not picked up by IDS In-band attack via permitted communication paths enforced by Security enforcing mechanisms Standard Operating Procedures are not followed – patches not applied [email protected] 28 5 November 2001 To recap The shown outlined infrastructure is for supporting Government customers for secure and highly availably application hosting. Topics covered included: Portal Integrity Portal Availability Guidelines and Monitory requirements Analysis of Threats and Risks And proposed counter-measures [email protected] 29 5 November 2001 Recommendation A suitable architecture can be shaped that can not only provide the capacity and scalability required but also the security needed for mission critical systems Creation of a project team to finalise design, select products and create/document procedures is required as the next step in this project [email protected] 30 5 November 2001