Upload
alisha-chase
View
213
Download
0
Embed Size (px)
Citation preview
1Information Networking Security and Assurance LabNational Chung Cheng University
Security Assurance Policy Helper Security Assurance Policy Helper (SAPH)(SAPH)
Speaker:Information Networking Security and Assurance LAB
Department of Communication Engineering
National Chung Cheng University
A Framework for Network Security Assurance A Framework for Network Security Assurance DesignDesign
2Information Networking Security and Assurance LabNational Chung Cheng University
Outline
What is the Problem ?Security Management Life CycleSAPH (Security Assurance Policy Helper)
SLC (Security Language Composer) VAST (Vulnerability Assessment & Security
Testing)SAPH and Security Assurance ConclusionReference
3Information Networking Security and Assurance LabNational Chung Cheng University
The Reality
1 - 5 6 - 10 11 - 30 31 - 60 Over 60 Don't know
2003 38 20 more:16 0 0 26
2002 42 20 8 2 5 232001 33 24 5 1 5 312000 33 23 5 2 6 311999 34 22 7 2 5 29
How many Incidents By Percentage (%)
020406080
100120
1999 2000 2001 2002 2003
Intrusion Detection
Firewall
Anti-virus
Access Constrol
Physical Security
Security Technologies Used
Gartner Group 估計出現在的駭客攻擊有 75% 是發生在應用層 (OSI第七層 )上,而且一次成功的入侵將會產生令人震驚的破壞。 Gartner Group 估計出現在的駭客攻擊有 75% 是發生在應用層 (OSI第七層 )上,而且一次成功的入侵將會產生令人震驚的破壞。
Information and Networking Security Assurance & Survivability
Data and Application Security
Source : SSI/FBI
4Information Networking Security and Assurance LabNational Chung Cheng University
Attack Motivations, Phases and Goals
• Revenge• Political activism• Financial gain
Data manipulation System access Elevated privileges Deny of Service
Collect Information• Public data source• Scanning and probing
Collect Information• Public data source• Scanning and probing
Actual Attack Network Compromise DoS/DDoS Attack
• Bandwidth consumption• Host resource starvation
Actual Attack Network Compromise DoS/DDoS Attack
• Bandwidth consumption• Host resource starvation
Analyze Information & Prepare Attacks• Service in use• Known OS/Application vulnerability• Known network protocol security weakness• Network topology
Analyze Information & Prepare Attacks• Service in use• Known OS/Application vulnerability• Known network protocol security weakness• Network topology
5Information Networking Security and Assurance LabNational Chung Cheng University
What is the Problem ?
Vulnerability 1
Vulnerability 2
Vulnerability n
……
….
……
….
Vulnerability Database e.x. Bugtraq
Quick & Dirty !!!
Solution 1
Solution 2
Solution n
Security Operation Center (SOC)
6Information Networking Security and Assurance LabNational Chung Cheng University
Security Management Cycle Problems
Security PolicySecurity PolicyImplementation Design
Assessment & Testing
Monitoring & Audit
Service Provision
Business Requirement
How to map business and service requirements into security policy
How to automate security management cycle (i.e. eliminating the gaps and smoothing processes between different security management phases)
How to evaluate the risk of exposure and the cost of security breaches
Security Operation Center (SOC)
7Information Networking Security and Assurance LabNational Chung Cheng University
Security Management Cycle Problems
Design Defining a good security policy and the topology of
network in accordance with the requirements of an enterprise and the goal of the business
Monitoring & Audit Performing testing and scanning to appraise risk values on
the target network Implementation
Including installing, system level testing, education and technical transference, etc
Assessment & Testing Check whether the security policy is implemented
correctly and investigate any intrusions
8Information Networking Security and Assurance LabNational Chung Cheng University
VAST: Vulnerabilities Assessment & Security Testing DTN: Defense Target NetworkSLC: Security Language Composer
Policy & Topology Model
SLCVAST
Script Generator
Lighter
DTN
GUI
Enforcement
Object StorageWhite Hat
Audit/System Log
SAPHSAPH
Conf.Profile
xSecurity Guardian
Black Hat
SAPH Architecture
Verifier
Import/Interpreter
9Information Networking Security and Assurance LabNational Chung Cheng University
SLC: Get The Highest Level of Security
Make good security policies to protect your networks and services Accomplishable Enforceable Definable
Identify real security needs for service and match business requirements
Assessment and risk evaluation
10Information Networking Security and Assurance LabNational Chung Cheng University
SAPH Components – Security Language Composer
GUI : a Graphic User Interface providing user interactions Policy & Topology model: allowing user to define security policies and
network topology based on business and service requirements . Security Guardian : an engine evaluates the risk of exposure and the
cost of security breaches based on built-in and user-define functions Object Storage : store network objects and security policy definitions Enforcement : an intelligent agent is able to produce configuration
profiles based on acceptable risks, security policy settings and network topology.
Configuration Profile : a set of configuration parameters and running scripts for network element and security device
11Information Networking Security and Assurance LabNational Chung Cheng University
Policy & Topology Model
Display an idea Communicate to System and other engineer OAB (Object Association Binding)
Object Entity、 Concept or Group Data & Attribution
Association Relation Between Two Object Direction、 Condition、 Action & Transition
Binding Relation Between Two Model Object in Policy Model & Object in Topology Model
Policy & Topology Model
SLCGUI
Enforcement
Object Storage
Conf.Profile
xSecurity Guardian
12Information Networking Security and Assurance LabNational Chung Cheng University
OAB (Object Association Binding)
Policy ModePolicy Mode
George
AttributionInfo. DepEngineer
Topology ModeTopology Mode Binding
Subnet140.123.113.0/24
Subnet140.123.113.0/24
Association If protocol =! FTP accept
Firewall140.123.113.25
Host140.123.114.14
rule 2: Deny FTP connection
rule 1: George can access the Marketing Dep. Network
Security Policy
Binding
Attribution
Emp. 15Computer 12
George Marketing Dep.
13Information Networking Security and Assurance LabNational Chung Cheng University
Security Guardian : Check Policy & Topology and Evaluate the Risk
Risk Exposure
Network Topology
Security Policy
Policy & Topology Model
SLCGUI
Enforcement
Object Storage
Conf.Profile
xSecurity Guardian
Security Guardian
■ User-Define Factors ■ Information Asset ■ Vulnerability
■ Probability Loss ■ Event Severity
14Information Networking Security and Assurance LabNational Chung Cheng University
Risk Relationship
Assets
Physical
Hardware
Software
OS Application
Security ThreatClassification
TheftFireExplosive…..Radiation
Service in useKnown OS/Application vulnerabilityKnown network protocol security weaknessNetwork topology
Security Threat
Probability
LevelValue
Severity
LevelValue
15Information Networking Security and Assurance LabNational Chung Cheng University
Evaluation Function (Built-In and User-Defined)
n
iij TC
1
iii SPT *Pi: Probability Loss
Si: Event Severity
Ti: Threat Factor
m
jjCA
1
Ci: Class Risk
Ti: Threat Factor
If A < then X otherwise Y
A: Asset Risk Exposure
: Acceptable Risk Value
Ci: Class Risk
X,Y : Accept Value (e.g., Boolean)
16Information Networking Security and Assurance LabNational Chung Cheng University
Enforcement
Network Topology
Security Policy
Equipment Adaptors
Script files
Network
Configuration
Policy & Topology Model
SLCGUI
Enforcement
Object Storage
Conf.Profile
xSecurity Guardian
Enforcement
17Information Networking Security and Assurance LabNational Chung Cheng University
SLC: Get The Highest Level of Security
Make good security policies to protect your networks and services Accomplishable Enforceable Definable
Identify real security needs for service and match business requirements
Assessment and risk evaluation
18Information Networking Security and Assurance LabNational Chung Cheng University
VAST: Vulnerabilities Assessment & Security Testing DTN: Defense Target NetworkSLC: Security Language Composer
Policy & Topology Model
SLCVAST
Script Generator
Lighter
DTN
GUI
Enforcement
Object StorageWhite Hat
Audit/System Log
SAPHSAPH
Conf.Profile
xSecurity Guardian
Black Hat
SAPH Architecture
Verifier
Import/Interpreter
19Information Networking Security and Assurance LabNational Chung Cheng University
VAST: Assure Information and Networking Security
Assessment Information reconnaissance and network scan Vulnerability assessment and threat Analysis
Penetration System penetration test Security policy certification
Auditing Log analysis
20Information Networking Security and Assurance LabNational Chung Cheng University
SAPH Components - Vulnerabilities Assessment & Security Testing (VAST)
Import/Interpreter: a converter to import audit log/syslog from security audit tools and network elements into Black Hat Database or transform attack severity/structure to Evaluator for further analysis.
Black Hat Database: real hacker signatures and methods White Hat Database: network architecture and network element
(e.g., router and firewall) configuration, security profiles and well know security holes
Verifier: an engine use both Black Hat and White Hat Database to forecast/analyze possible vulnerabilities
Script Generator: generating script files to exploit vulnerabilities Lighter: an engine launch attacks based on hacker scripts
21Information Networking Security and Assurance LabNational Chung Cheng University
Lighter
Reconnaissance•Nslookup •Whois•ARIN•Dig•Target Web Site•Others
Network Scanning•Telnet•Nmap•Hping2•Netcat•ICMP: Ping and Traceroute
Vulnerability Assessment •Nessus•SARA
VASTScript Generator
Lighter
White HatBlack Hat
Verifier
Import/Interpreter
Script Generator
22Information Networking Security and Assurance LabNational Chung Cheng University
VAST: Assure Information and Networking Security
Assessment Information reconnaissance and network scan Vulnerability assessment and threat Analysis
Penetration System penetration test Security policy certification
Auditing Log analysis
23Information Networking Security and Assurance LabNational Chung Cheng University
SAPH and Security Assurance
Design assurance Policy & Topology Model : OAB (Object
Association Binding) Security Guardian
Development assurance VAST
Operation assurance Enforcement GUI
24Information Networking Security and Assurance LabNational Chung Cheng University
Conclusion
Security Operation Center (SOC)
BeforeAfter
Security Operation Center (SOC)
Increase Productivity
Save Cost
Enhance Security
Extend Network Management
SAPHSAPH
25Information Networking Security and Assurance LabNational Chung Cheng University
Reference (1/2)
BCS Review 2001 Setting standards for information security policy http://www.bcs.org.uk/review/2001/html/p181.htm
B. Fraser, “RFC2196: Site Security Handbook”, IETF, September 1997.
BUGTRAQ http://www.securityfocus.com/archive/1 E. Carter, Cisco Secure Intrusion Detection System, Cisco Pr
ess, 2001 G. Stoneburner, A. Goguen, and A. Feringa "Risk Managem
ent Guide for Information Technology Systems", Special Publication 800-30, NIST.
J. Wack and M. Tracey, “Guideline on Network Security Testing”, Draft Special Publication 800-42, NIST, February 4, 2002
26Information Networking Security and Assurance LabNational Chung Cheng University
Reference (2/2)
Microsoft Security Bulletin MS03-028 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-028.asp
R. M. Barnhart, “High Assurance Security Mideical Information Systems”, Science Application International Corporation, 2000
SANS Institute - Security Policy Project. http://www.sans.org/resources/policies/
S. Northcutt, L. Zeltser, S. Winters, K. Kent Frederick, R. W.Ritchey, Inside Network Perimeter Security, New Riders , 2003
T. Layton, “Penetration Studies – A Technical Overview” SANS, May 30, 2002
27Information Networking Security and Assurance LabNational Chung Cheng University
Question ?Thank You !