Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
Document related concepts

Next-Generation Secure Computing Base wikipedia , lookup

Deep packet inspection wikipedia , lookup

Wireless security wikipedia , lookup

Airport security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

IT risk management wikipedia , lookup

Mobile security wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Information security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Distributed firewall wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
A 24x7x365
Secure Government
Internet Portal
by Gavin Longmuir
[email protected]
1
5 November 2001
What are the objectives of
Information Security



Availability
Confidentiality
Integrity
[email protected]
2
5 November 2001
A Secure AND Available
Portal?
A secure highly available Government
Internet portal needs to not only ensure
availably of the resources but to ensure
the integrity of the resources and prevent
opportunities for malicious misuse of the
resource.
[email protected]
3
5 November 2001
Guidelines that must be
followed


National Office for the Information
Economy (NOIE) – Online Security
Requirements for Commonwealth
Agencies
Commonwealth Privacy Act (Public
Sector) 1998
[email protected]
4
5 November 2001
Guidelines …

Protective Security Manual (PSM)



Part C: Information Security
Part E: Physical Security
Defence Signals Directorate (DSD)’s ACSI 33







HB
HB
HB
HB
HB
HB
HB
2: Evaluated Products
3: Risk Management
4: Security Management
8: Network Security
10: Web Security
13: Intrusion Detection and Audit Analysis
14: Physical Security
[email protected]
5
5 November 2001
Guidelines …


DSD’s Gateway Certification Guide
DSD/NOIE Commonwealth Agency Online
Security Checklist
[email protected]
6
5 November 2001
Industry guidelines

ISO 17799:2001 - Code of practice for
Information Security Management


Formally AS/NZS 4444.1 or BS 7799.1
AS/NZS 4360:1999 – Risk Management
[email protected]
7
5 November 2001
Building a Secure High
Availability Environment








Physical Security – Computer Rooms
Firewalls
Intrusion and Misuse Detection
Security Awareness and Training
Building It Secure – Evaluated Products
Availability
Denial of Service Attacks
Incident Handling
[email protected]
8
5 November 2001
Physical Security – Computer
Rooms





Standards developed by DSD and ASIO T4
Group
Access Control/All Physical access secured
(including ducts and wall/roof tiles)
Alarm Systems (Certification to be undertaken
by ASIO T4 Group)
Secure Containers/Racks
Extensive UPS Systems (including testing)
[email protected]
9
5 November 2001
Firewalls

Implemented as security enforcing points of the
network




Filtering device




Application
Filtering
Stateful Inspection
IP Header Restriction (eg. Source IP address)
Application Restriction (eg. Only FTP get/recv)
Content
To have verbose logging and reporting
apparatus
[email protected]
10
5 November 2001
Intrusion and Misuse
Detection

Intrusion Detection Systems (IDS)






Network (Promiscuous) Tap - NIDS
Host based with additional system activity as inputs – HIDS
Based on expert ‘pattern’ matching – not 100%
Placement is vital – event could occur in non-monitored
environment
Monitoring and correlation with other logs
(routers/firewalls) can give essential foresight
Logs provide legal forensic evidence for any possible
prosecution
[email protected]
11
5 November 2001
SSL and Intrusion Detection




Encryption protocols are blind spots for any
NIDS – they are tunnels
Use of HIDS could be used at the end points
Typical encryption technologies are SSL, IPSec,
and VPNs
Other protocols such as SNA may not be
understood by the IDS
[email protected]
12
5 November 2001
Vulnerability Monitoring



Vulnerability testing of the security
enforcing functions of the environment
must be done to ensure correct
configuration
Automatic scanning and manual invoking
after every major configuration change
Host based integrity checking is also to
be undertaken
[email protected]
13
5 November 2001
Security Awareness and
Training


Staff must understand their
responsibilities for security and why it is
enforced
Operations staff are to have a full
understanding of the security enforcing
functions of the environment along with
the functionality of the enforcing devices
[email protected]
14
5 November 2001
Building It Secure – Evaluated
Products





Building a secure environment requires the use of a
evaluated or trusted system
Evaluated systems have been evaluated against a number
of criteria to test the functionality of the system
Criteria describe strength of the security system, the
security features provided, confidence in systems design,
and confidence in system implementation
DSD’s Evaluated Product List (EPL)
The use of Evaluated Firewalls is mandated
[email protected]
15
5 November 2001
Avoiding Single Points of
Failure




Multiple geographic separate sites
Multiple broadband carriers
Traffic load-balancing or management tools
Clustering – horizontal (parallel) scaling




Increases availability
Increases bandwidth
Decreases integrity? – content replication
Failover/High-Availability of ALL networking
devices
[email protected]
16
5 November 2001
Calculating Availability




Replication of any component within the
environment increases availability
Most manufactures provide availability
information with devices such as mean time to
failure
Serial Availability – the product of component
reliability for all devices between two locations
in a network
Parallel Availability – the inverse of the product
of component unreliability for all mirrored
devices in a network
[email protected]
17
5 November 2001
Load-Balancing Firewalls


Firewall’s are traditionally seen as traffic bottlenecks
Newer Firewalls now come with load-balancing features




Software implementations pass state information between
‘nodes’ – but don’t scale
Hardware implementations pass state but not information
like CPU load or memory utilisation
Highly Protected information must be protected by
multiple serially implemented Firewalls (of different
manufacture)
Placement of smart load-balancing traffic management
devices ‘in-front’ of these serial-paired Firewalls
[email protected]
18
5 November 2001
Denial of Service Attacks




Use modern and patched networking devices





Data Flood Attacks
Infrastructure Attacks
Distributed Denial of Service Attacks
Logical access filtering
SYN flood throttling
Connection rate throttling
Data rate throttling
Still need multiple sites and defence in depth –
greatest defence is redundancy
[email protected]
19
5 November 2001
Incident Handling





Part of the Business Continuity Plan
Identification and Analysis of the event
Reporting Procedures and resultant actions
documented in detail
Confirmation of system(s) and data/information
integrity
Collection and integrity of audit logs and other
evidence used for forensics
[email protected]
20
5 November 2001
Ensuring Integrity of the
Resource


How to tell a Fake?
Quality Management
[email protected]
21
5 November 2001
How to tell a Fake?

An intruder (possibility only says) accesses
restricted components of the environment






Has the data/information been tampered with?
Has malicious code been placed?
Have to prove it – otherwise treat as it has
Malicious network traffic redirection
Digital signatures – verification of content
SSL certificates – verification of destination
[email protected]
22
5 November 2001
Quality Management

Mandated change control, peer review and
testing procedures


Information/data protection from newly
developed rogue application functionality


Including reassessment of threats and risk
Development and testing to occur in non-production
environment
Backups of non-replicated/non-redundant data
[email protected]
23
5 November 2001
Threat and Risk Assessment
DSD’s Risk Assessment Methodology
Based on AS/NZS 4360:1999
[email protected]
24
5 November 2001
Risk Assessment Methodology









Asset Identification
(Estimated) Threat to Asset
(Estimated) Threat Likelihood
(Estimated) Harm, if Realised
(Resultant) Risk Assessment
(Estimated) Required Risk
(Resultant) Counter-measure Priority Rating
Counter-measures (Policy, Procedures, Design)
Identification (and Acceptance) of Residual Risk
[email protected]
25
5 November 2001
Example TRA Entry


Asset – Loss or Corruption of
Government data/information Resources
and supporting systems
Threat to the Asset – Unavailable or
bogus service from IP service hijacking or
infiltration
[email protected]
26
5 November 2001
Example TRA …





Threat Likelihood – High
Harm, if Threat is Realised – Serious
Resultant Risk – Critical (4)
Required Risk – Nil (0)
Counter-measure Priority Rating - 4
[email protected]
27
5 November 2001
Example TRA …

Counter-measures





Deployment of NIDS and HIDS
Controlled and ‘hardened’ system OS
Ensure that security enforcing devices deny all this is not
specifically allowed
TCP/IP Ingress and Egress filtering
Residual Risk



New attack mechanism which is not picked up by IDS
In-band attack via permitted communication paths enforced
by Security enforcing mechanisms
Standard Operating Procedures are not followed – patches
not applied
[email protected]
28
5 November 2001
To recap

The shown outlined infrastructure is for
supporting Government customers for secure
and highly availably application hosting. Topics
covered included:





Portal Integrity
Portal Availability
Guidelines and Monitory requirements
Analysis of Threats and Risks
And proposed counter-measures
[email protected]
29
5 November 2001
Recommendation


A suitable architecture can be shaped that can
not only provide the capacity and scalability
required but also the security needed for
mission critical systems
Creation of a project team to finalise design,
select products and create/document
procedures is required as the next step in this
project
[email protected]
30
5 November 2001
Related documents
PRESS RELEASE FOR IMMEDIATE RELEASE
PRESS RELEASE FOR IMMEDIATE RELEASE
Your eBook
Your eBook
Government Agencies
Government Agencies
Webinar on EDCs in Health Care
Webinar on EDCs in Health Care
T Low Interest Rates Have Yet To Spur Job Growth
T Low Interest Rates Have Yet To Spur Job Growth
One Year Countdown to Opening
One Year Countdown to Opening
The Post-Winter Solstice Period: the Great One
The Post-Winter Solstice Period: the Great One
Limonium ramosissimum - San Francisco Bay Joint Venture
Limonium ramosissimum - San Francisco Bay Joint Venture
PhD position: Quantum information processing with single electron spins
PhD position: Quantum information processing with single electron spins
What`s new in orthodontics
What`s new in orthodontics
Is It a Noun or Is It a Verb? - Normanton On Soar Primary School
Is It a Noun or Is It a Verb? - Normanton On Soar Primary School
PhD Position: Dynamic Nuclear Polarization using Electron-Nuclear Double Resonance
PhD Position: Dynamic Nuclear Polarization using Electron-Nuclear Double Resonance