-
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:231
-
2 l Bay Computing Newsletter l 8th Issue
EDITORS NOTE & CONTENTS
Newsletter
Guardium Database Security Guardium
Bay Computing 2552 (The 9 th - Cyber Defense
InitiativeConference 2009 : CDIC) 10-11 2552
zzzzz ,
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:232
-
Bay Computing Newsletter l 8th Issue l 3
NEWS UPDATE
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:233
-
4 l Bay Computing Newsletter l 8th Issue
() SAP
IT Security
Firewall,IDS, IPS ISAACS (InternetService And Authentication
Control System)
ISAACS (Identity) .. 2550 bandwidth Log (Authentication)
() 2 ... .. 2550 (ISP) bandwidth
Log ...
()
ISAACS
SUCCESS STORY
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:234
-
Bay Computing Newsletter l 8th Issue l 5
bandwidth
bandwidth bandwidth bandwidth bandwidth 400 Mbps 100-200 Mbps
Bit Torrent 70-80
TOR e-Auction 1-2
.. 2556 ISAACS 3-4
... - (Bandwidth) Bit Torrent bandwidth
ISAACS (Bandwidth) Bit Torrent Drill-down (Alert)
()
SUCCESS STORY
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:235
-
6 l Bay Computing Newsletter l 8th Issue
IT SECURITY
z
(Human Interaction)
Contacts (Contents)
contacts (Compromised)
account
(Post)
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:236
-
Bay Computing Newsletter l 8th Issue l 7
IT SECURITY
URL Filtering
Trend Micro Threat Resource Centre
http://us.trendmicro.com/us/trendwatch/
Contacts Contact Phishing Login (Social Engineering)
(Keyloggers)
KOOBFACE 1 KOOBFACE
http://us.trendmicro.com/us/trendwatch/research-and-analysis/index.html
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:237
-
8 l Bay Computing Newsletter l 8th Issue
ISMS STANDARD
ISO 27001:2005Annex A
6 ISO 27001:2005 1 5
Introduction, Definitions Section 4-8 6 Annex A Annex A Section
4-8 Section 4-8 Annex A Annex A SoA Statement of Applicability
Annex A 11 5 5 7
A.5 (Security policy)
A.5.1 (Information security policy) :
A.5.1.1 (Information security policy document) :
A.5.1.2 (Review of theinformation security policy) :
A.6 (Organization of information security)
A.6.1 (Internal organization) :
A.6.1.1 (Management commitment toinformation security) :
A.6.1.2 (Information securityco-ordination) :
A.6.1.3 (Allocation ofinformation security responsibilities)
:
A.6.1.4 (Authorizationprocess for information processing
facilities) :
A.6.1.5 (Confidentiality agreements) :
z , Senior Network and Security Engineer,
6
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:238
-
Bay Computing Newsletter l 8th Issue l 9
ISMS STANDARD
A.6.1.6 (Contact with authorities) :
A.6.1.7 (Contact with special interest groups) :
A.6.1.8 (Independent review of information security) :
A.6.2 (External parties) :
A.6.2.1 (Identification of risks related to external parties)
:
A.6.2.2 (Addressing security when dealing withcustomers) :
A.6.2.3 (Addressing security in third party agreements) :
A.7 (Asset management)
A.7.1 (Responsibility for assets) :
A.7.1.1 (Inventory ofassets) :
A.7.1.2 (Ownership of assets) :
A.7.1.3 (Acceptable use of assets) :
A.7.2 (Information classification) :
A.7.2.1 (Classification guidelines) :
A.7.2.2 (Information labelingand handling) :
ISO 27001:2005 Annex A SoA (Statement of Applicability) ISO
27001:2005 5 7
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:239
-
10 l Bay Computing Newsletter l 8th Issue
TECHNOLOGY UPDATE
(Virtualization Technology)
Virtualization TechnologyFundamental Part II
Virtualization
Virtualization1. Server consolidation 2. Green-IT initiative 3.
Availability 4. Utility computing
Virtualization 1. Virtual Appliance2. Data center virtualization
Cloud computing
Virtual Appliance Virtualization Appliance Server Hardware
(Operating System) Patch, Configuration, Maintenance Server
Hardware Server Hardware Virtual Platform
Appliance Appliance
Virtual Platform
inventory
z Enterprise Solution Manager,
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2310
-
Bay Computing Newsletter l 8th Issue l 11
TECHNOLOGY UPDATE
Appliance IBM, HP, Dell 3 stand-byAppliance warranty
Appliance
Appliance CD DVD 10 Scalability Appliance
lock (hardware configuration) CPU Memory Virtual Appliance (RAM)
(Storage HDD)
Virtualization Virtual Appliance VMWare Novell SUSELinux
Appliance Symantec Trend Micro Appliance VirtualAppliance
Virtual Datacenter/Cloud ComputingSAAS Software As A Service
Cloud computing (on-demand network access) Network, Server,
Storage, Application Services
(Internal/Private) (External / Internet / Public) (Hybrid)
Virtual Datacenter Cloud Computing
Applicationa. Communications (HTTP, XMPP)b. Security (OAuth,
OpenID, SSL/TLS)c. Syndication (Atom)Clienta. Browsers (AJAX)b.
Offline (HTML)Implementationsa. Virtualization (OVF)Platforma.
Solution stacks (LAMP)Servicea. Data (XML, JSON)b. Web Services
(REST, SOAP)Storagea. SNIA Cloud Data Management Interface
Service Management Provisioning
Virtualization
maps.google.com Gartner Cloud Computing E-Business
Image migrate Image
1 www.vmware.com2 www.citrix.com3 www.wikipedia.org
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2311
-
12 l Bay Computing Newsletter l 8th Issue
SOLUTION UPDATE
Guardium 7
Guardium
(monitoring) Oracle
E-Business Suite, PeopleSoft, SAP
(multi-tier architecture) (compliance)
Guardium 7 (compliance lifecycle) (back-end data store)
(workflow automation) :
Configuration
Configuration
Guardium
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2312
-
Bay Computing Newsletter l 8th Issue l 13
SOLUTION UPDATE
tamper-proof audittrail
(complianceauditing process) (pre-configured reports) SOX,
PCI-DSS (data privacy)
(centralized audit repository)
(single database) (distributed data centers)
(locate) (classify) (sensitive information)
(legacy systems)
:
( )
Guardium (databaseauto-discovery) (information classification)
(customizable classification labels)
(regular basis)
Guardium
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2313
-
14 l Bay Computing Newsletter l 8th Issue
SOLUTION UPDATE
Guardium (a comprehensive library ofpreconfigured tests)
(industry best practices) (platform-specific vulnerabilities)
(subscription service) Guardium (flags) (reserved) (database table)
Oracle EBS SAP SOX and PCI-DSS
2 :
Configuration
(security health reportcard) (weightedmetrics)
(recommended actions) (vulnerability assessment) (secured
configuration baseline) (change audit system) Guardium
Guardium (multi-tier applications) Oracle EBS,PeopleSoft,
Siebel, SAP IBM WebSphere, BEA WebLogic OracleAS
(information security personnel) (databaseadministrators)
(specific tables)
Guardium (linguistic analysis) (contextual information) (SQL
transaction) (false positives)
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2314
-
Bay Computing Newsletter l 8th Issue l 15
SOLUTION UPDATE
(false negatives) (pattern) (signature)
SQL Injection (custom policies) (intuitive drop-down menus)
Guardium (arsenal of real-time controls) (policy-basedactions)
SMTP, SNMP Syslog ( TCP In-line Data) (Perimeter IDS/IPS)
Guardium
(business userinterface) (workflow automation) (graphical
dashboard)
Guardium (contextually analyzedand filtered) (proactive
controls)
(resulting reports) :
DDL Create, Drop Alter
SOX SELECT
PCI DML (Insert, Update, Delete)
(bind variables) DCL
(GRANT, REVOKE) (procedural languages)
DBMS PL/SQL (Oracle) SQL/PL (IBM) XML
Guardium (preconfigured policies) 100 Global 1000 4
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2315
-
16 l Bay Computing Newsletter l 8th Issue
SOLUTION UPDATE
SOX, PCI
Guardium (drag-and-drop interface) PDF HTML
Compliance Workflow Automation Guardium ComplianceWorkflow
(local access) DBMS
(black box appliances)
Host-based SPANport Network TAP
SNMP, SMTP, Syslog, LDAP,Kerberos, RSA SecureID,
(change ticketing systems) BMCRemedy, CEF SIEM Guardium
(aggregate) (normalize) (repository)
(web console)
100 Flat file-based
(Tamper-Proof Audit Repository)
Guardium
Master Aggregation Server&
Central Manager in HQ
Remote Locations
S-TAPs
Internet
Customers,Partners,
Outsourcers
European Data Centers
Asia Pacific Data Centers
AmericaData Centers
DatabaseFirewall
CollectorAppliance
S-TAPsS-TAPs
S-TAPs
S-TAPs
Z-TAPs
CollectorAppliance
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2316
-
Bay Computing Newsletter l 8th Issue l 17
SOLUTION UPDATE
DBMS Guardium DBMS Windows, UNIX, Linux z/OS
Host-BasedS-TAP (local databaseprotocol) shared memory named
pipes S-TAP Guardium log S-TAP S-TAP (dedicatedhardware appliance)
(remote location) SPANport
GuardiumGuardium
Guardium 350 Grobal 500 Fortune 1000 60 Guardium 3 4 3
Guardium Oracle, Microsoft, IBM, Sybase,BMC, EMC, RSA,
Accenture, NetApp, McAfee NEON Cisco Strategic Investor
DataGovernance Council IBM PCI Security Standards Council
2002 (core data security gap) (scalable)
Pooling () (generic application accountname) Guardium
Guardium (tables) Connection
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2317
-
18 l Bay Computing Newsletter l 8th Issue
(Data Center)
Tier I, Tier IITier III Tier IV
Tier Classification Uptime Institute Uptime (Certify) Uptime 3 1
Design Certificate (prerequisite) 2 Constructed Facility
Certification 3 Operational Sustainability Rating
4 Tier I,Tier II, Tier III Tier IV
Tier Classification
Tier IIIConcurrently Maintainable SiteInfrastructure 1980 N+1
Tier II Distribution Part IT Load 2 Active-Standby
Tier IVFault Tolerant SiteInfrastructure 1994 UnitedParcel
Service Windward Single Point of Failure Active 2 CriticalLoad
90
(Total Cost of Owner Ship)
Uptime Institute Tier
Tier IBasic Site Infrastructure 1960
Tier IIRedundant CapacityComponents Site Infrastructure 1970 N+1
Tier II load
z
DATA CENTER KNOW-HOW
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2318
-
Bay Computing Newsletter l 8th Issue l 19
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2319
-
20 l Bay Computing Newsletter l 8th Issue
Bay Newsletter_issue 8 2009.pmd 26/10/2552, 11:2320
