1 Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP
2 Security Security is recognized as essential to protect vital processes and the systems that provide those processes Security is not something you buy, it is something you do
3 What is Security? Security is no longer just controlling the perimeter or layered Transactions use all of the network, from DMZ to Database ALL of the network and resident systems have to be secured
4 What Securing All of the Enterprise Really Means.. Firewalls, routers, applications, passwords Intrusion detection NIDS and HIDS Proactive scanning, pen testing System Configuration Monitoring Health Checking VoiP, Wireless, Embedded Systems 24x7 Monitoring Analytical review and correlation Policies, Procedures, Personnel
5 What Is Effective Security Combination of appliances, software, alarms, and vulnerability scans working together in a wellthought out architecture Extends to policies, procedures, and people Monitored 24x7 Designed to support the security goals of the Enterprise
6 The Security Framework The Security Framework is a coordinated system of security tools Similar to the Enterprise management framework Extends end to end of the customer enterprise architecture Security data centrally monitored 24x7 in a Security Operations Center Data analyzed using correlation tools
7 Security Framework Considerations Mapped to the customer s architecture to provide end to end security Uses existing commercial and open source tools Leverages existing security infrastructure to quickly build out the security framework
8 Benefits of a Security Framework Provides Enterprise security that is : Consistent Constant Covers everything Characteristics of Good Enterprise Security are: Reliable Robust Repeatable
9 Benefits of a Security Framework (continued) An Effective Security Framework is: Monitored Managed Maintained This is the raison d être for a Security Framework
10 Security Frameworks Using the Framework Approach
11 Map Security Framework to Enterprise Architecture The Security framework follows structure of Open Systems Interconnect (OSI) 7-Layer Network Reference Model 1. Physical 2. Data Link 3. Network 4. Transport 5. Session 6. Presentation 7. Application
12 Additional Layers of the Security Framework The security framework adds the financial and political layer (8 & 9)
13 The Security Framework -- Physical Layer Physically secure and mange the cable plant Wiring closets WAN connections CSU/DSU Physically secure and control access to networking equipment Routers Hubs Switches Physically secure and control access to servers, mainframes Provide redundant power and WAN connections
14 The Security Framework-- Data Link and Network Layers VPNs protecting the links between networks Network Intrusion Detection Systems (NIDS) watching traffic for attacks Host Intrusion Detection Systems (HIDS) protecting connections to critical servers/hosts Virus scanning taking place on traffic coming in from outside the customer s network.
15 The Security Framework-- Network and Transport Layer Firewall performing stateful inspection of incoming and outgoing packets Router Access Control Lists (ACLs) filtering packets bound between networks Virus scanning of attachments at the gateways
16 The Security Framework-- Session, Presentation and Application Layers OS and application hardening at the system level Conduct security health checking to determine if security polices for types of applications allowed to run, password composition and length, services allowed on hosts, etc. are being followed Provide vulnerability scanning to test the configuration of applications and systems, looking for vulnerabilities, missing patches, etc. Conduct penetration tests to determine if machines can be exploited and privileged access gained
17 The Security Framework-- Presentation and Application Layers User account management on the network User account management on individual systems User account management for specific applications, RDBMS, etc. Virus scanning and updates on individual machines and user desktops Role & Rules Based Access Control (RBAC) PKI and digital certificates
18 The Security Framework-- Financial Layer Leverages existing security infrastructure to reduce costs Provides an operational framework for conducting regular security checks Lends itself to outsourcing to a managed security service provider New technologies can be incorporated into the security framework Security costs are easier to identify, budget, and control.
19 Security Framework the Political Layer Provides a platform to align security with business goals just as enterprise system management normalizes the enterprise Framework is extensible to and modular, flexible to meet changing business objectives.
20 Security Frameworks A More Detailed Technical Look
21 Mapping Security Framework Components to the Architecture Security Component Service Delivery Center (SDC) Virtual Private Networks (VPN) Architecture Layer Layer 1 - Physical Layer Layer 2/3 Data Link and Network Layers Architecture Component Description The Data Center controls physical cable pant connecting architecture together in a network. Provides physical security to networking components and hardware. Provides physical security to server hardware. Redundant power and WAN connections. VPN tunnels encrypt data flowing over the data link to protect it from outside scrutiny. Bit stream is encrypted, sent over the wire, and unencrypted at the far end. Network Intrusion Detection (NIDS) Host Intrusion Detection Layer 2/3 Data Link and Network Layers Layer 2/3 Data Link and Network Layers Monitor network traffic and system logs to compare what's happening in real-time to known methods of hackers. When a suspicious event is detected, an alarm is kicked off. In addition the Intrusion Detection system may suspend or drop the offending connection, all while recording as much information as possible HIDS Sensor scans bit streams as they reach the host system to match patterns and signatures that are indicative of an attack against the host or its applications. When a malicious pattern is detected the HID sends out an alert.
22 Mapping Security Framework Components to the Architecture Security Component Architecture Layer Architecture Component Description Virus Scanning Layer 2 & 3 Data Link and Network Layers Virus canning software looks at bit streams flowing across data link to match signature patterns that indicate malicious code and viruses. Firewalls and firewall appliances Routers Layer 3 & 4 Network and Transport Layers Layer 3 & 4 Network and Transport Layers A device or software that blocks Internet communications access to a private resource. The resource can be a network server running a firewall as an application or an appliance with firewall application running as firmware. Use Cisco IOS to create access control lists (ACLs) to filter IP packets. ACLs on routers can shape traffic and restrict traffic flow between network segments. IP address schemes can segment the architecture by network, making ACLS and firewalls rules easier to manage. Virus scanning of attachments Layer 3 & 4 Network and Transport Layers Virus scanning software opens attachments entering and leaving the network to check for patterns and signatures the would indicate malicious code.
23 Mapping Security Framework Components to the Architecture Security Component Legacy Access Control Architecture Layer Layer 5 Session Layer for Legacy systems Architecture Component Description Mechanisms used by legacy systems to control access to secure resources. These can include RACF, Top Secret, ACF2 and NT Domain Security. Legacy access controls can also be used as part of credential synchronization (single sign-on) systems. OS & system Hardening Layer 5, 6, 7 Session, Presentation, Application Layers Process of ensuring OS patches are up to date, unnecessary services are turned off, unneeded applications and tools are removed, and applications are patched. Vulnerability Scanning Layer 5, 6, 7 Session, Presentation, Application Layers Tool to scan for vulnerabilities, missing patches, new known vulnerabilities and exploits. Tools are updated regularly from CERT advisories, bug lists, and new exploit notices. Vulnerability Assessment Layer 5, 6, 7 Session, Presentation, Application Layers Team of trained ethical hackers attempt to gain access to target machine, simulating a real world attack as a malicious intruder would to test the security architecture.
24 Mapping Security Framework Components to the Architecture Security Component Architecture Layer Architecture Component Description User account management on the network Layers 6 & 7, Presentation and Application Layers Managing user accounts on and access to the network. Uses Network NOS, Active Directory, LDAP, etc. to authenticate. User account management on systems Layers 6 & 7, Presentation and Application Layers User account management on individual system. Management of privileged accounts, separation of duties between administrators User account management on applications Layers 6 & 7, Presentation and Application Layers Manage access to software and applications such as RDBMS, etc. Virus scan engine and signature updates Layers 6 & 7, Presentation and Application Layers Updates to anti-virus applications, scan engines, virus signatures, etc.
25 Mapping Security Framework Components to the Architecture Security Component Architecture Layer Architecture Component Description PKI & Credential Management Layer 6 & 7 Presentation and Application Layers Provides capabilities for the management of user credential information. This information can be a user id, password, PKI, digital certificate or biometric information. Role Based Access Control (RBAC) Layer 6 & 7 Presentation and Application Layers The security engine responsible for definition and decision making around all security policies. Applications delegate security decision making to the security engine. This delegation occurs through existing security extension points within the application domain. Security is seamless and non-intrusive from the application's point of view Security Operations Center (SOC) Layer 8 - Financial Layer 24 x 7 security management using SOC to manage and monitor security architecture. Ensures real time monitoring of the security of the network.
26 Mapping Security Framework Components to the Architecture Security Component Using Existing Security Infrastructure Architecture Layer Layer 8 Financial Layer Architecture Component Description Security tools, connections, trained personnel are leveraged to provide security services and build a security framework for less than the cost to duplicate the same services as point security solutions Provides an operational framework for regular security checks Layer 8 Financial Layer Security becomes part of the enterprise operations, providing consistent security management in the same fashion as enterprise system management. In the same way, the security framework reduces the total cost of security. Lends itself to outsourced managed security services Layer 8 Financial Layer A security framework can be implemented by using managed security services that build, monitor, and manage security across the enterprise.
27 Mapping Security Framework Components to the Architecture Security Component Extensible to new networks and technologies Architecture Layer Layer 8 Financial Layer Architecture Component Description As network grow and merge, the framework can extend into these new segments. New technologies such as wireless, VoIP, smart HVAC systems can also be managed and monitored by the security framework. Security cost are more predictable Layer 8 Financial Layer The cost of providing security becomes more predictable and manageable. Security costs are consolidated into the framework, facilitating budget and planning. Provides a platform to align security with business goals Security Framework is modular, quickly extensible Layer 9 Political Layer Layer 9 Political Layer Security framework can be used to manage security consistently to meet business goals just as the enterprise system management manages the IT infrastructure to meet the company objectives. If new technology such as wireless networks are adopted, security controls can be added to the framework to manage the new initiatives. Networks added through acquisitions can be quickly added to the security framework.
28 Security Framework by Services Application Presentation Session Transport Network Data Link Wiring closets, cable plant, building access control, power, HVAC Physical
29 Security Framework by Services Application Presentation Session Transport Network Data Link NIDS, HIDS Virus Scanning Physical
30 Security Framework by Services Application Presentation Session Transport Network Firewall, Routers, Access Control Lists (ACLs), IP schemes, Attachment Scanning Data Link Physical
31 Security Framework by Services Application Presentation OS Hardening, Security Health Checking, Vulnerability Scanning, Pen-Testing, Session Transport Network Data Link Physical
32 Security Framework by Services Application Presentation User Account Management on Systems, Role/Rule Bases Access Control, Application Security, Virus Updates, Virus Signatures Session Transport Network Data Link Physical
33 Security Frameworks - Summary To sum it all up Security Frameworks provide end to end security from the DMZ to the Database Security is managed and monitored consistently and continually The security framework becomes the technology that turns security policies into practice New technologies and new networks can plug into the security framework Security costs become more predictable and manageable
Report Number: I332-016R-2005 Security Guidance for Deploying IP Telephony Systems Systems and Network Attack Center (SNAC) Released: 14 February 2006 Version 1.01 SNAC.Guides@nsa.gov ii This Page Intentionally
A COALFIRE WHITE PAPER Using s Cloud & Data Center Security Solution to meet PCI DSS 3.0 Compliance Implementing s Deep Security Platform in a Payment Card Environment April 2015 Page 1 Executive Summary...
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
Reducing the Cyber Risk in 10 Critical Areas Information Risk Management Regime Establish a governance framework Enable and support risk management across the organisation. Determine your risk appetite
FOREWORD A key component in protecting a nation s critical infrastructure and key resources (CIKR) is the security of control systems. WHAT ARE CONTROL SYSTEMS? Supervisory Control and Data Acquisition
White Paper: Managed Network Services Trends for Today s Enterprise Organizations Released December 2010 Spacenet Inc 1750 Old Meadow Road McLean, VA 22102 www.spacenet.com 866-480-2263 1 Table of Contents
Standard: Version: 2.0 Date: June 2011 Author: PCI Data Security Standard (PCI DSS) Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
Invensys is now White Paper Cyber Security Authors: Ernest Rakaczky, Director of Process Control Network Security, Invensys Paul Dacruz, Vice President, Power Industry Solutions What s Inside: 1. Introduction
PCI DSS PCI Prioritized DSS Approach for for PCI DSS.0 The Prioritized Approach to Pursue PCI DSS Compliance The Payment Card Industry Data Security Standard (PCI DSS) provides a detailed, 1 requirements
PeopleSoft Red Paper Series Securing Your PeopleSoft Application Environment July 2010 Including: How to Plan for Security How to Secure Customized System Exposing PeopleSoft outside the Firewall Securing
Trend Micro Deep Security Server Security Protecting the Dynamic Datacenter A Trend Micro White Paper August 2009 I. SECURITY IN THE DYNAMIC DATACENTER The purpose of IT security is to enable your business,
Special Publication 800-41 Guidelines on Firewalls and Firewall Policy Recommendations of the National Institute of Standards and Technology John Wack, Ken Cutler, Jamie Pole NIST Special Publication 800-41
Firewall Strategies June 2003 (Updated May 2009) 1 Table of Content Executive Summary...4 Brief survey of firewall concepts...4 What is the problem?...4 What is a firewall?...4 What skills are necessary
A GUIDE TO Security and privacy in a Hosted Exchange environment What s inside this white paper: A two-page checklist for comparing the security of hosted Exchange providers Definitions for each element
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
CHAPTER 9 Firewalls and Virtual Private Networks Introduction In Chapter 8, we discussed the issue of security in remote access networks. In this chapter we will consider how security is applied in remote
Special Publication 800-41 Revision 1 Guidelines on Firewalls and Firewall Policy Recommendations of the National Institute of Standards and Technology Karen Scarfone Paul Hoffman NIST Special Publication
Cyber-Security Essentials for State and Local Government Best Practices in Policy and Governance Operational Best Practices Planning for the Worst Case Produced by with content expertise provided by For
Securing Enterprise Applications Version 1.1 Updated: November 20, 2014 Securosis, L.L.C. 515 E. Carefree Highway Suite #766 Phoenix, AZ 85085 T 602-412-3051 firstname.lastname@example.org www.securosis.com Author
WHITE PAPER Staying Secure in the Cloud Considerations for Migrating Communications Solutions to Cloud Services Table of Contents 1. Overview...3 2. Introduction...3 3. Privacy vs. security... 3 4. What
Siebel Security Guide Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
Mobile Security Reference Architecture May 23, 2013 Product of the Federal CIO Council and Department of Homeland Security National Protection and Program Directorate Office of Cybersecurity and Communications
Continuous Cyber Situational Awareness Continuous monitoring of security controls and comprehensive cyber situational awareness represent the building blocks of proactive network security. A publication
WHITE PAPER Network Security: A Simple Guide to Firewalls CONTENTS Why a Firewall Am I Really at Risk?................... 1 What Is a Firewall?......... 2 Types of Attack............ 2 Firewall Technologies........
A Websense White Paper ADVANCED PERSISTENT THREATS AND OTHER ADVANCED ATTACKS: THREAT ANALYSIS AND DEFENSE STRATEGIES FOR SMB, MID-SIZE, AND ENTERPRISE ORGANIZATIONS REV 2 ADVANCED PERSISTENT THREATS AND