* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download PowerPoint Presentation - IF-MAP
Survey
Document related concepts
Access control wikipedia , lookup
Deep packet inspection wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Information security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Airport security wikipedia , lookup
Network tap wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Mobile security wikipedia , lookup
Wireless security wikipedia , lookup
Unix security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Transcript
IF-MAP: Open Standards for Coordinating Security Presentation for SAAG IETF 72, July 31, 2008 Steve Hanna [email protected] 1 Information Security Past - Isolation Server/Service Security Identity Management Network Intrusion Detection & Prevention Network Security Data Loss Prevention Host Intrusion Host Security Detection & Prevention Server Security Network Anti-Virus Vulnerability Scanners Host Firewall Web Services Security Network Firewall Virtual Private Networks Host Anti-Virus 2 Information Security Present – Partial Coordination Server/Service Security Identity Management Server Security Network Intrusion Network Anti-Virus Detection & Prevention Network Access Control (NAC) Network Security Data Loss Prevention Host Intrusion Host Security Detection & Prevention Vulnerability Scanners Host Firewall Web Services Security Network Firewall Virtual Private Networks Host Anti-Virus 3 Information Security Future – Full Coordination Server/Service Security Identity Management Network Intrusion Detection & Prevention Network Security Data Loss Prevention Host Intrusion Host Security Detection & Prevention Server Security Network Anti-Virus NAC with IF-MAP Vulnerability Scanners Host Firewall Web Services Security Network Firewall Virtual Private Networks Host Anti-Virus 4 Basic NAC Architecture Access Requestor (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) VPN 5 Integrating Other Security Systems Access Policy Requestor Enforcement (AR) Point (PEP) Policy Decision Point (PDP) Metadata Sensors, Flow Access Controllers Point (MAP) VPN 6 TNC Architecture Access Requestor t Integrity Measurement Collector Collector Collectors (IMC) Policy Enforcement Point IF-M Policy Decision Point IF-IMV IF-TNCCS TNC Server (TNCS) Sensor IF-MAP Metadata Access IF-MAP Point Flow Controller IF-PTS IF-T Platform Trust Service (PTS) TSS Sensors and Flow Controllers IF-MAP Integrity Measurement Verifiers Verifiers Verifiers (IMV) IF-IMC TNC Client (TNCC) Metadata Access Point Network Access Requestor Policy Enforcement Point (PEP) IF-PEP Network Access Authority IF-MAP IF-MAP IF-MAP TPM 7 What is IF-MAP? • Standard Published by Trusted Computing Group – https://www.trustedcomputinggroup.org/groups/network • Standard Requests & Responses – Publish, Search, Subscribe, Poll • Standard Identifiers – device, identity, ip-address, mac-address, access-request • Standard Metadata – device-attribute, event, role, capability, layer2-information • Standard Links (marked with metadata) – access-request-device, access-request-ip, access-request-mac, authenticated-as, authenticated-by, ip-mac • Protocol Binding for SOAP • Ability to define optional vendor-specific extensions 8 Example IF-MAP Graph identity = john.smith macaddress= 00:11:22:3 3:44:55 access-request-mac ip-mac role=finance and employee ip-address = 192.0.2.7 authenticated-as accessrequest = 111:33 layer2-information VLAN=1234 Port=12 capability = accessfinanceserverallowed ip-address = 192.0.2.55 device-attribute = anti-virus-running access-requestdevice device = 111:55 authenticated-by ip-address = 192.0.2.60 9 IF-MAP Benefits • More Informed Sensors – Sensors can tune by role and other things – Should reduce false alarms • Policy and Reports in Business Terms – User identity and role vs. IP address – Simpler, easier to manage • Automated Response (if desired) – Faster response = stronger security – Less expense due to automation • Customer Choice and Flexibility – No need to buy all security products from one vendor – Can reuse and integrate existing security systems 10 Security and Privacy Considerations • MAP = Storehouse of Sensitive Data, Critical Nerve Center – MUST • TLS with mutual auth for IF-MAP clients • publisher-id and timestamp to track changes – SHOULD • authorization, DOS protection, anomaly detection, physical and operational security, hardening, etc. • not keep historical data 11 Discussion 12