1 Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP
2 Security Security is recognized as essential to protect vital processes and the systems that provide those processes Security is not something you buy, it is something you do
3 What is Security? Security is no longer just controlling the perimeter or layered Transactions use all of the network, from DMZ to Database ALL of the network and resident systems have to be secured
4 What Securing All of the Enterprise Really Means.. Firewalls, routers, applications, passwords Intrusion detection NIDS and HIDS Proactive scanning, pen testing System Configuration Monitoring Health Checking VoiP, Wireless, Embedded Systems 24x7 Monitoring Analytical review and correlation Policies, Procedures, Personnel
5 What Is Effective Security Combination of appliances, software, alarms, and vulnerability scans working together in a wellthought out architecture Extends to policies, procedures, and people Monitored 24x7 Designed to support the security goals of the Enterprise
6 The Security Framework The Security Framework is a coordinated system of security tools Similar to the Enterprise management framework Extends end to end of the customer enterprise architecture Security data centrally monitored 24x7 in a Security Operations Center Data analyzed using correlation tools
7 Security Framework Considerations Mapped to the customer s architecture to provide end to end security Uses existing commercial and open source tools Leverages existing security infrastructure to quickly build out the security framework
8 Benefits of a Security Framework Provides Enterprise security that is : Consistent Constant Covers everything Characteristics of Good Enterprise Security are: Reliable Robust Repeatable
9 Benefits of a Security Framework (continued) An Effective Security Framework is: Monitored Managed Maintained This is the raison d être for a Security Framework
10 Security Frameworks Using the Framework Approach
11 Map Security Framework to Enterprise Architecture The Security framework follows structure of Open Systems Interconnect (OSI) 7-Layer Network Reference Model 1. Physical 2. Data Link 3. Network 4. Transport 5. Session 6. Presentation 7. Application
12 Additional Layers of the Security Framework The security framework adds the financial and political layer (8 & 9)
13 The Security Framework -- Physical Layer Physically secure and mange the cable plant Wiring closets WAN connections CSU/DSU Physically secure and control access to networking equipment Routers Hubs Switches Physically secure and control access to servers, mainframes Provide redundant power and WAN connections
14 The Security Framework-- Data Link and Network Layers VPNs protecting the links between networks Network Intrusion Detection Systems (NIDS) watching traffic for attacks Host Intrusion Detection Systems (HIDS) protecting connections to critical servers/hosts Virus scanning taking place on traffic coming in from outside the customer s network.
15 The Security Framework-- Network and Transport Layer Firewall performing stateful inspection of incoming and outgoing packets Router Access Control Lists (ACLs) filtering packets bound between networks Virus scanning of attachments at the gateways
16 The Security Framework-- Session, Presentation and Application Layers OS and application hardening at the system level Conduct security health checking to determine if security polices for types of applications allowed to run, password composition and length, services allowed on hosts, etc. are being followed Provide vulnerability scanning to test the configuration of applications and systems, looking for vulnerabilities, missing patches, etc. Conduct penetration tests to determine if machines can be exploited and privileged access gained
17 The Security Framework-- Presentation and Application Layers User account management on the network User account management on individual systems User account management for specific applications, RDBMS, etc. Virus scanning and updates on individual machines and user desktops Role & Rules Based Access Control (RBAC) PKI and digital certificates
18 The Security Framework-- Financial Layer Leverages existing security infrastructure to reduce costs Provides an operational framework for conducting regular security checks Lends itself to outsourcing to a managed security service provider New technologies can be incorporated into the security framework Security costs are easier to identify, budget, and control.
19 Security Framework the Political Layer Provides a platform to align security with business goals just as enterprise system management normalizes the enterprise Framework is extensible to and modular, flexible to meet changing business objectives.
20 Security Frameworks A More Detailed Technical Look
21 Mapping Security Framework Components to the Architecture Security Component Service Delivery Center (SDC) Virtual Private Networks (VPN) Architecture Layer Layer 1 - Physical Layer Layer 2/3 Data Link and Network Layers Architecture Component Description The Data Center controls physical cable pant connecting architecture together in a network. Provides physical security to networking components and hardware. Provides physical security to server hardware. Redundant power and WAN connections. VPN tunnels encrypt data flowing over the data link to protect it from outside scrutiny. Bit stream is encrypted, sent over the wire, and unencrypted at the far end. Network Intrusion Detection (NIDS) Host Intrusion Detection Layer 2/3 Data Link and Network Layers Layer 2/3 Data Link and Network Layers Monitor network traffic and system logs to compare what's happening in real-time to known methods of hackers. When a suspicious event is detected, an alarm is kicked off. In addition the Intrusion Detection system may suspend or drop the offending connection, all while recording as much information as possible HIDS Sensor scans bit streams as they reach the host system to match patterns and signatures that are indicative of an attack against the host or its applications. When a malicious pattern is detected the HID sends out an alert.
22 Mapping Security Framework Components to the Architecture Security Component Architecture Layer Architecture Component Description Virus Scanning Layer 2 & 3 Data Link and Network Layers Virus canning software looks at bit streams flowing across data link to match signature patterns that indicate malicious code and viruses. Firewalls and firewall appliances Routers Layer 3 & 4 Network and Transport Layers Layer 3 & 4 Network and Transport Layers A device or software that blocks Internet communications access to a private resource. The resource can be a network server running a firewall as an application or an appliance with firewall application running as firmware. Use Cisco IOS to create access control lists (ACLs) to filter IP packets. ACLs on routers can shape traffic and restrict traffic flow between network segments. IP address schemes can segment the architecture by network, making ACLS and firewalls rules easier to manage. Virus scanning of attachments Layer 3 & 4 Network and Transport Layers Virus scanning software opens attachments entering and leaving the network to check for patterns and signatures the would indicate malicious code.
23 Mapping Security Framework Components to the Architecture Security Component Legacy Access Control Architecture Layer Layer 5 Session Layer for Legacy systems Architecture Component Description Mechanisms used by legacy systems to control access to secure resources. These can include RACF, Top Secret, ACF2 and NT Domain Security. Legacy access controls can also be used as part of credential synchronization (single sign-on) systems. OS & system Hardening Layer 5, 6, 7 Session, Presentation, Application Layers Process of ensuring OS patches are up to date, unnecessary services are turned off, unneeded applications and tools are removed, and applications are patched. Vulnerability Scanning Layer 5, 6, 7 Session, Presentation, Application Layers Tool to scan for vulnerabilities, missing patches, new known vulnerabilities and exploits. Tools are updated regularly from CERT advisories, bug lists, and new exploit notices. Vulnerability Assessment Layer 5, 6, 7 Session, Presentation, Application Layers Team of trained ethical hackers attempt to gain access to target machine, simulating a real world attack as a malicious intruder would to test the security architecture.
24 Mapping Security Framework Components to the Architecture Security Component Architecture Layer Architecture Component Description User account management on the network Layers 6 & 7, Presentation and Application Layers Managing user accounts on and access to the network. Uses Network NOS, Active Directory, LDAP, etc. to authenticate. User account management on systems Layers 6 & 7, Presentation and Application Layers User account management on individual system. Management of privileged accounts, separation of duties between administrators User account management on applications Layers 6 & 7, Presentation and Application Layers Manage access to software and applications such as RDBMS, etc. Virus scan engine and signature updates Layers 6 & 7, Presentation and Application Layers Updates to anti-virus applications, scan engines, virus signatures, etc.
25 Mapping Security Framework Components to the Architecture Security Component Architecture Layer Architecture Component Description PKI & Credential Management Layer 6 & 7 Presentation and Application Layers Provides capabilities for the management of user credential information. This information can be a user id, password, PKI, digital certificate or biometric information. Role Based Access Control (RBAC) Layer 6 & 7 Presentation and Application Layers The security engine responsible for definition and decision making around all security policies. Applications delegate security decision making to the security engine. This delegation occurs through existing security extension points within the application domain. Security is seamless and non-intrusive from the application's point of view Security Operations Center (SOC) Layer 8 - Financial Layer 24 x 7 security management using SOC to manage and monitor security architecture. Ensures real time monitoring of the security of the network.
26 Mapping Security Framework Components to the Architecture Security Component Using Existing Security Infrastructure Architecture Layer Layer 8 Financial Layer Architecture Component Description Security tools, connections, trained personnel are leveraged to provide security services and build a security framework for less than the cost to duplicate the same services as point security solutions Provides an operational framework for regular security checks Layer 8 Financial Layer Security becomes part of the enterprise operations, providing consistent security management in the same fashion as enterprise system management. In the same way, the security framework reduces the total cost of security. Lends itself to outsourced managed security services Layer 8 Financial Layer A security framework can be implemented by using managed security services that build, monitor, and manage security across the enterprise.
27 Mapping Security Framework Components to the Architecture Security Component Extensible to new networks and technologies Architecture Layer Layer 8 Financial Layer Architecture Component Description As network grow and merge, the framework can extend into these new segments. New technologies such as wireless, VoIP, smart HVAC systems can also be managed and monitored by the security framework. Security cost are more predictable Layer 8 Financial Layer The cost of providing security becomes more predictable and manageable. Security costs are consolidated into the framework, facilitating budget and planning. Provides a platform to align security with business goals Security Framework is modular, quickly extensible Layer 9 Political Layer Layer 9 Political Layer Security framework can be used to manage security consistently to meet business goals just as the enterprise system management manages the IT infrastructure to meet the company objectives. If new technology such as wireless networks are adopted, security controls can be added to the framework to manage the new initiatives. Networks added through acquisitions can be quickly added to the security framework.
28 Security Framework by Services Application Presentation Session Transport Network Data Link Wiring closets, cable plant, building access control, power, HVAC Physical
29 Security Framework by Services Application Presentation Session Transport Network Data Link NIDS, HIDS Virus Scanning Physical
30 Security Framework by Services Application Presentation Session Transport Network Firewall, Routers, Access Control Lists (ACLs), IP schemes, Attachment Scanning Data Link Physical
31 Security Framework by Services Application Presentation OS Hardening, Security Health Checking, Vulnerability Scanning, Pen-Testing, Session Transport Network Data Link Physical
32 Security Framework by Services Application Presentation User Account Management on Systems, Role/Rule Bases Access Control, Application Security, Virus Updates, Virus Signatures Session Transport Network Data Link Physical
33 Security Frameworks - Summary To sum it all up Security Frameworks provide end to end security from the DMZ to the Database Security is managed and monitored consistently and continually The security framework becomes the technology that turns security policies into practice New technologies and new networks can plug into the security framework Security costs become more predictable and manageable
NETASQ & PCI DSS Is NETASQ compatible with PCI DSS? We have often been asked this question. Unfortunately, even the best firewall is but an element in the process of PCI DSS certification. This document
JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA To purchase Full version of Practice exam click below; http://www.certshome.com/jk0-022-practice-test.html FOR CompTIA JK0-022 Exam Candidates
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
MANAGED SECURITY SERVICES Security first Safety first! Security is becoming increasingly important for companies, especially for the extension of networking to mission-critical environments, with new intranet
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
Industrial Security Solutions Building More Secure Environments From Enterprise to End Devices You have assets to protect. Control systems, networks and software can all help defend against security threats
For Public Use G/On Basic Best Practice Reference Guide Version 6 Make Connectivity Easy 2006 Giritech A/S. 1 G/On Basic Best Practices Reference Guide v.6 Table of Contents Scope...3 G/On Server Platform
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus
Utility Modernization Cyber Security City of Glendale, California Cyber Security Achievements Cyber Security Achievements (cont) 1. Deploying IT Security Awareness training program Q4 2012 2. Purchased
FIREWALLS & CBAC firstname.lastname@example.org Implementing a Firewall Personal software firewall a software that is installed on a single PC to protect only that PC All-in-one firewall can be a single device that
How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements I n t r o d u c t i o n The Payment Card Industry Data Security Standard (PCI DSS) was developed in 2004 by the PCI Security Standards
Cisco PIX vs. Checkpoint Firewall Introduction Firewall technology ranges from packet filtering to application-layer proxies, to Stateful inspection; each technique gleaning the benefits from its predecessor.
Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
Best Practices For Department Server and Enterprise System Checklist INSTRUCTIONS Information Best Practices are guidelines used to ensure an adequate level of protection for Information Technology (IT)
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
Fundamentals of Network Security Graphic Symbols Overview Router Figure 1: IOS Router icon and photos A Router is an internetworking device which operates at OSI Layer 3. A Router interconnects network
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
IT Security and OT Security Understanding the Challenges Security Maturity Evolution in Industrial Control 1950s 5/4/2012 # 2 Technology Sophistication Security Maturity Evolution in Industrial Control
Things I can do to protect my network from getting Hacked!!!!!! Jazib Frahim, Technical Leader Cisco Support Community Expert Series Webcast Today s featured expert is Cisco Technical Leader Ask him questions
Industrial Security for Process Automation SPACe 2012 Siemens Process Automation Conference Why is Industrial Security so important? Industrial security is all about protecting automation systems and critical
Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and
Mobile security and your EMR Presented by: Shawn Tester & Allen Cornwall Date: October 14, 2011 Overview General Security Challenges & best practices Mobile EMR interfaces - EMR Access - Today & Future
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
BAE Systems PCI Essentail PCI Requirements Coverage Summary Table Introduction BAE Systems PCI Essential solution can help your company significantly reduce the costs and complexity of meeting PCI compliance
DEPARTMENT OF PUBLIC SAFETY POLICIES & PROCEDURES SUBJECT: IT OPERATIONS MANAGEMENT POLICY NUMBER EFFECTIVE DATE: 09/09/2008 ADM: 49 REVISION NO: ORIGINAL ORIGINAL ISSUED ON: 09/09/2008 1.0 PURPOSE The
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population
PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute
Network Security: 30 Questions Every Manager Should Ask Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting Network Security: 30 Questions Every Manager/Executive Must Answer in Order
Industrial Control Systems Joint Working Group 2012 Fall Meeting 13 Ways Through A Firewall Andrew Ginter Director of Industrial Security Waterfall Security Solutions Proprietary Information -- Copyright
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
Securing Your Business Investments IT Security NCS GROUP OFFICES Australia Bahrain China Hong Kong SAR India Korea Malaysia Philippines Singapore Sri Lanka Securing Your Business Investments! Information
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
Lesson 5: Network perimeter security Alejandro Ramos Fraile email@example.com Tiger Team Manager (SIA company) Security Consulting (CISSP, CISA) Perimeter Security The architecture and elements that provide
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
SaaS vs. COTS Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)? Unlike COTS solutions, SIMCO s CERDAAC is software that is offered as a service (SaaS). This offers several
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks Dale Peterson Director, Network Security Practice Digital Bond, Inc. 1580 Sawgrass Corporate Parkway, Suite 130 Sunrise, FL 33323
White Paper Secure, Scalable and Reliable Cloud Analytics from FusionOps A FusionOps White Paper FusionOps 265 Santa Ana Court Sunnyvale, CA 94085 www.fusionops.com World-class security... 4 Physical Security...
Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router
INTRUSION DETECTION SYSTEM INTRUSION DETECTION AND PREVENTION using SAX 2.0 and WIRESHARK Cain & Abel 4.9.35 Supervisor Dr. Akshai Kumar Aggarwal Director School of Computer Sciences University of Windsor
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
IP Telephony Management How Cisco IT Manages Global IP Telephony A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge Design, implement, and maintain a highly available, reliable, and resilient
NEW YORK INSTITUTE OF TECHNOLOGY School of Engineering and Technology Department of Computer Science Old Westbury Campus CSCI - 440 Network Security and Perimeter Protection 3-0-3 CATALOG DESCRIPTION This
GE Measurement & Control Cyber Security for NERC CIP Compliance GE Proprietary Information: This document contains proprietary information of the General Electric Company and may not be used for purposes
New possibilities in latest OfficeScan and OfficeScan plug-in architecture Märt Erik AS Stallion Agenda New in OfficeScan 10.5 OfficeScan plug-ins» More Active Directory support» New automated client grouping
Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation Agenda Problem Description Issues for Consideration Mitigation of the Issues Options
Credit Card Secure Architecture for Interactive Voice Response (IVR) Applications What You Will Learn This whitepaper describes how to meet the Payment Card Industry Data Security Standard (PCI DSS) for
SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria
DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)
1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and
C E N T R I F Y D E P L O Y M E N T G U I D E Centrify Cloud Connector Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 3 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT TUGeneral TUSecurity TURequirements TUDesign TUIntegration