* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Cyber Security in Evolving Enterprise
Survey
Document related concepts
Cross-site scripting wikipedia , lookup
Deep packet inspection wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Information security wikipedia , lookup
Unix security wikipedia , lookup
Cyberwarfare wikipedia , lookup
Airport security wikipedia , lookup
Security printing wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Wireless security wikipedia , lookup
Distributed firewall wikipedia , lookup
Security-focused operating system wikipedia , lookup
Mobile security wikipedia , lookup
Transcript
Cyber Security in Evolving Enterprise Environments TechNet International 09 Adrian R Hartman, PhD Senior Manager & Architect LGS Innovations, Bell Labs 29 October 2009 • LGS is an independent entity of Alcatel-Lucent • Focused on serving U. S. Government • 500+ experienced professionals across varied disciplines • Government R&D • Direct access to the world-class innovation of Bell Labs • LGS & Alcatel-Lucent (ALU) provide a comprehensive portfolio of Government Enterprise Security Products / Services 29 October 2009 All Rights Reserved © LGS Innovations, LLC 2 Agenda • The Cyber Security Problem • Cyber Security Vision & Technologies 29 October 2009 All Rights Reserved © LGS Innovations, LLC 3 Evolution in Government Enterprise Networks & Services FROM TO Separated switched circuit voice/video & IP data networks Broadband converged, All IP, multimedia next generation networks Location-centric interconnected enterprise services & perimeter defenses Regionalized Network Service Centers (using virtual architectures) including military systems In house managed applications, data storage & IT services Networked / Cloud Computing (SaaS, PaaS, IaaS) & Web 2.0+ Services Enterprise services with limited extranet collaboration / sharing Global collaboration with customers / partners including social networking web sites, wikis & blogs Separate vertical industry networks and infrastructure control systems Global networked Information Systems encompassing: infrastructure, e-Gov, health care, finance, commercial, etc Wired networks with mobile extensions Ubiquitous user centric services with diverse terminals & 3G/4G Mobility 29 October 2009 All Rights Reserved © LGS Innovations, LLC 4 Faster Exploitation, Propagation, Botnets, DDOS - SPAM on the Rise Vulnerabilities Exploited Faster Threats Propagating Faster Exploits Now at Zero Day Months Hours Weeks Minutes Days Seconds 2006 2007 2008 2004 2005 2006 2008 2008 Botnet Launched DDOS on the Rise SPAM: 90% of Emails in 12/08 Government agencies Reported ~13,000 cyber security incidents to DHS in FY08, triple the number from two years earlier. Sources: CERT/CC, Symantec, NVD, Cisco 29 October 2009 All Rights Reserved © LGS Innovations, LLC 5 Why is the Problem So Hard? • The Enemy is Everywhere – Nation-State Actors – Non-State Actors • Terrorists & Organized Crime • Ad-Hoc Networks of “Hactivist” – Cyber Threat now “Business” driven – Barriers to Entry are low globally • Complicated multinational law enforcement • There are plenty of added perimeter Security Solutions – Firewalls, IDS, IPS – But are the boxes configured properly? • Do they work together? • The Government has Special Requirements & Regulations – Multiple levels of security / coalition sharing Government Networks are becoming more complex / vulnerable Incursions on Military Networks were up 55% Last Year 29 October 2009 All Rights Reserved © LGS Innovations, LLC 6 The Current Approach Adds Perimeter & Defense-in-Depth Protection • Current Government approaches are limited – Can we continue to address the increasing threats • Growing numbers of vulnerabilities & patches? • Is signature based virus / malware detection enough – How are out sourced services protected? – How are insider threats dealt with? • Some deliberate and • Some unintentional (memory sticks) – Where is the perimeter in mobile networking? – How does this approach address malicious code embedded in software? • There are known problems with the supply chain Perimeter Protection add on security will not be sufficient 29 October 2009 All Rights Reserved © LGS Innovations, LLC 7 Agenda • The Cyber Security Problem • Cyber Security Vision & Technologies 29 October 2009 All Rights Reserved © LGS Innovations, LLC 8 How Do You Get Ahead of the Curve? Cyber Security Vision 1. Holistic Approach to Security Security Throughout the Security Life Cycle 2. Threat Tolerant Network Design Networks that Operate in the Presence of Malicious Software 3. Application Security and Web 2.0+ Approaches Protect the Privacy and Integrity of Consumer Generated Data 29 October 2009 All Rights Reserved © LGS Innovations, LLC 9 1. Holistic Approach to Security • Security Throughout Life Cycle – Lowers Life Cycle Cost • The cost of security incidents are often enormous • Risk Based Assessments (solutions needs to be affordable) – Automated Certification and Accreditation • Recognizes Inherent Need for Mobility – Apply wireless security technology • Behavior-Based Monitoring of Network Operations – Detection of sophisticated zero day targeted attacks – Security Event Management (SEM) • Identifies Network Anomalies (Dynamic Behavior Analysis) • Determines if Requirements (Policies) are being met The Perimeter is in New Places… Threats Come From the Inside This Requires a System Level View of Vulnerabilities 29 October 2009 All Rights Reserved © LGS Innovations, LLC 10 Applying value-chain thinking to security Increasing Lifecycle Value with Built in, Standards Compliant Security Increased Security Transparency and Reduced Risk to the Buyer & End-User 29 October 2009 All Rights Reserved © LGS Innovations, LLC 11 Human Environment Hardware Networks Policy End Security EndUser User Security Control/Signaling Security Control/Signaling Security Security Planes Security Planes Management Security Management Security Data Confidentiality Infrastructure Security Non-repudiation Vulnerabilities Can Exist In Each Layer, Plane, Dimension Authentication Services Security VULNERABILITIES Management Access Control Security Layers Applications Security THREATS Privacy Payload Availability Software Integrity Integrity Data Power Communication Security Comprehensive Security Analysis Applying the X.805 Security Model ATTACKS 8 Security Dimensions Comprehensive End-to-End View of Network Security Existing International Industry Standard Framework Security Perspective (3 Layers 3 Planes 8 Dimensions) 29 October 2009 All Rights Reserved © LGS Innovations, LLC 12 Security Event Management Dynamic Behavior Analysis Alarms Viewing Descriptions Customer / Mission Data (Requirements & Policies) Correlation Asset Request Additional Data, Take Action Topology Data Analyze and Suppress 1 2 3 4 Domain A OL OMS LU BB B A OMS OMS C D AL BB OMS E F H G OL 5 6 7 8 Domain Z Thresholder Rate, Value, Time Filter, Pattern Match, Message Map Local to Global Name Mapping, Grouping Network IDS Host IDS Firewalls AAA OS logs Routers Vulnerability Scanners Anti-Virus 29 October 2009 All Rights Reserved © LGS Innovations, LLC 13 2. Inherent Threat Tolerance • Design Networks to Tolerate Inevitable Malware / Backdoors / Timebombs – Software Assurance Technology • Protect Enterprise Office Applications / Operating Systems – Ability to Operate Networks in Degraded Mode • Graceful Degradation of Prioritized Traffic – Behavior-Based Monitoring of Network Operations • BotNet Detection and Mitigation • Tight Access Control to Identify Sources of Malware • Wireless Network Protection Technology • Protect 3G/4G Wireless Networks – users share limited RF bandwidth • Minimize client security software on the mobile terminals Technologies Resistant to the Effects of Malware / Threats are Needed 29 October 2009 All Rights Reserved © LGS Innovations, LLC 14 Software Diversity • Protect networks against large-scale attacks – Construct diverse instances (“shuffles”) of a program that are: • Not all vulnerable to the same attack • But are functionally equivalent – Make it hard to design a successful attack: • Prevent an attack that is successful against one computer from spreading to other computers – Extend polymorphic code shuffling research to consider program structure • Formal mathematical methods used to change code signature by: – Identifying independent code blocks – Rearranging the blocks – While maintaining functionality 29 October 2009 All Rights Reserved © LGS Innovations, LLC 15 BotNet Detection and Mitigation Infection Report for 10.10.2.10 slowdown (t1) symptoms roles reputation untrusted download (t2) •Detects symptoms / behaviors –Not signatures Owner: Jon Doe Virulence: 0.87 Symptoms: Host slowed down at t1 - Downloaded exe from untrusted hosts Infection Detection role of host changed (t3) (t1 > t3 > t2) -- at time t2 from 192.168.1.10 (30KB) -- at time t2’ from 192.168.3.12 (194KB) - Change in host role Retroactive Query Results Downloaded: - 10.10.2.10 from 192.168.1.10 at time t2 Containment Restrict all network access Restrict outbound access Uploaded: recover evidence -- role changed from web/mail client to p2p-node at time t3 - 10.10.2.34 from 192.168.52.26 at time t4 - 10.10.2.34 from 192.168.52.26 at time t5 •Utilizes existing forensic analysis technology developed / operational at Polytechnic University - 10.10.2.54 uploaded to 192.168.52.26 at time t3 29 October 2009 Direct link to packet data Manual download from source All Rights Reserved © LGS Innovations, LLC •Detects Botnets using current & historical network traffic / host data •Provides multiple Botnet detection and collaboration mechanisms Retroactive Query Which hosts downloaded or uploaded the payload? –Hierarchical Bloom filter technology permits months of data to be stored for queries OR •Provides targeted mitigation recommendations 16 Wireless Network Security (Aware) Aware Detector BTS Aware Detector RNC RNC RNC RNC RNC PDSN Aware Central Wireless Core Home Agent Internet Aware Central • Provides traffic assessment to assist in network & • Security Event Viewer for reports, end user service quality protection alarms, network awareness and forensics • Wireless 3G/4G Network Anomaly Behavior Detector (Bell Labs algorithms) • Element / configuration manager for Detectors & Mitigation Appliances for • Monitors individual subscriber session behavior Security Event Management • Calculates “cost” of behavior relative to real-time • Mitigation plan through IPS/Firewall, capacity in the network Mobile Quarantine of abusive users • Observes Mobile-to-Mobile & Internet-to-Mobile traffic 29 October 2009 All Rights Reserved © LGS Innovations, LLC 17 Laptop Guardian •Protects the mobile laptop & applications with hardened wireless agent •Automates VPN connection to the Enterprise • • • • Agent: Intelligent data card, plugs into the end-user mobile host, terminates IPsec tunnel to Gateway, includes 3G interface (HSDPA, EV-DOrA) for ubiquitous connectivity Gateway: Enhanced remote access server, deploys at the edge of the enterprise network Driver: Software package, installs on the end-user mobile host Management Server: Management software platform, installs on general-purpose enterprise server 29 October 2009 All Rights Reserved © LGS Innovations, LLC 18 3. Application Security & Web 2+ Approaches • Secure the Applications – Security Concerns: • RSS, AJAX (Asynchronous JavaScript and XML), Instant Messaging, Widgets / Gadgets • Web 2.0 apps might initially have higher vulnerabilities than above • Provide a “platform in the cloud” that makes proprietary data stored in applications securely accessible across Web 2.0 interfaces – In Government private cloud computing • Meet Government Information Assurance requirements – In Government public cloud computing • Provide security standards transparency & SLAs audit support • Establish how Government customer data integrity & privacy will be assured • Consider segregating Government domains in the cloud 29 October 2009 All Rights Reserved © LGS Innovations, LLC 19 The Bottom Line… • Today’s Networks are Different – – – – Voice & Data -> Converged, Multimedia, All IP Enterprise -> Web 2.0+ & Cloud Computing Standard Content -> Consumer Generated Content Fixed Users -> Mobile Users 1. NETWORK 2.PEOPLE • Today’s Adversaries are More Sophisticated – Threats extended to all networks connected to the Global Information System • Security Paradigm Shifts are Needed – Parameter Security -> Holistic Security – Threat Intolerance ->Threat Tolerance – Signature Based -> Behavior Based 29 October 2009 All Rights Reserved © LGS Innovations, LLC 4. KNOWLEDGE 3.PROCESS 20 Thank You… Any Questions? Adrian R Hartman Senior Manager and Architect Solution Engineering LGS, Bell Labs Innovations 15 Vreeland Road Florham Park, NJ 07932 mobile: 908-578-3679 phone: 973-437-9868 www.lgsinnovations.com [email protected] 29 October 2009 All Rights Reserved © LGS Innovations, LLC 21 Backup Alcatel-Lucent Security Solutions A Comprehensive Enterprise Portfolio 29 October 2009 All Rights Reserved © LGS Innovations, LLC 23 Security Innovations for Next Generation Networks Bell Labs Security Framework X.805, ISO 18028 Security Consulting Secure ALU COTS Networking Products Security Assessments Third Party Partner Relationships ALU VPN/Firewall (aka The Brick) Vital ISA for Security Event Management 29 October 2009 Software Diversity Bot Detection Laptop Guardian All Rights Reserved © LGS Innovations, LLC 24 Network Reconnaissance for Penetration Testing Internet Probing, Mapping and Analysis Remotely probe Internet connected networks – – – – • Low probability of network disruption Determine target network exposure, vulnerabilities and weaknesses Produce detailed analyses, network maps and collected data Propose Remediation Identify machines with vulnerabilities in the target network – Network Reconnaissance Process Web Servers, DNS Servers, Vulnerable Hosts Provided as Output – Potential Targets, Paths to Target Machines, Server Types, Vulnerabilities i.e. Open Ports 29 October 2009 All Rights Reserved © LGS Innovations, LLC 25 Kiviat Diagram X.805 Example: High Risk Zones / Plans for Remediation Access control X.805 Dimension % of Risk to Remediate 1.00 0.90 0.80 •Privacy 0.70 0.91 0.94 Authentication 0.71 0.92 0.60 0.47 0.30 0.42 Non 0.10 0.52 0.00 0.90 0.53 0.41 Non-repudiation 0 Data confidentiality Communication Security Data Integrity 8 Availability 7 Privacy 14 repudiation 0.52 0.60 0.65 0.95 0.92 •Low Priority •Medium priority 12 0.35 0.20 Data integrity Authentication 0.61 0.40 0.59 0.90 10 0.50 0.56 Availability Access control 0.75 Data confidentiality 10 0 0.93 Communication Security Area of high risk gaps •High priority •Current Levels - High The red areas show high risk gaps for X.805 dimensions. Purple indicates the implementation status of high priority security capabilities. 29 October 2009 All Rights Reserved © LGS Innovations, LLC 26