Information Security

Sanjay Sahay, IPS.,ADGP, Police Computer Wing, Bangalore

Text

Presentation Structure

• Introduction• Attack Methods• Hacking groups• Best Security model• KSP Security model

• Tool and technology in use• Challenges / Bottleneck • Gaps• Wish list

• Conclusion.•

Information Security: Preservation of confidentiality, integrity and availability of information

Protection from what ?

Protection from whom ?

Text

Is technology is enough ?

Text

PEOPLE

PROCESSES

TECHNOLOGYOrganization

Staff

Business

Processes

Technology used

by Organization

• User Awareness• Guidance• Administration• Monitor

• Policies• Standards• Guidelines• Audit

• IPS• Firewall• AV• DLP• SIEM

What builds the best information security

Text

KSP Infrastructure and Security solution

KSP Computerization Model

Enterprise ModelPeople Process Technology Infrastructure Governance

• Internal Champions

• Capacity Building

• Nodal Officers

• Sys Admins• Handholding

• BPR• Integration• Automation

• ERP• Web Service• Active

Directory• SMS

Gateway• e-Pen

• KSP DC• KSP WAN• DR Centre• EMS• Centralized

AV• Automated

Backup

• Core Team• SCRB Nodal

Officer• District Nodal

Officer• Central NOC• Helpdesk

Text

Core Infrastructure

KSP Wide Area Network

Text

45 locations 1,2 & 4 Mbps leased line

1458 locations 512 Kbps and 1 Mbps

VPNoBB

45 Mbps aggregation bandwidth

16 Mbps Internet leased line

KSPWAN

• LAN infrastructure at All locations

• Fixed IP for all VPNoBB

connections

• Network Monitoring Software to

monitor the availability.

• End router security through ACL

• Zone based LAN architecture

through VLANs

• MAC authentication servers

• Hardening of Network Devices

• SOP for network management.

• Warranty / Support

Text

Karnataka State Police Wide Area Network

Type of Network Number of Links at Initiation

Number of Links at Present

MPLS 39 45

VPNoBB 1350 1458

ILL 2 2

• Karnataka State Police Wide Area Network, (KSPWAN) was created in the year 2009 with BSNL

• This was successfully implemented jointly by BSNL and the Karnataka State Police.

• This Network is a combination of 45 MPLS and 1458 VPNoBB connections

• Connects all police station and higher offices across the state.

• Fixed IP has been implemented on VPNoBB connection

• In addition 16 Mbps Internet leased line has also been provided.

10 Mbps

16 Mbps

32 Mbps

45 Mbps

DC Aggregation Bandwidth Up-gradation

Core Functionalities• Crime• Law & Order• Traffic

Administration• Administration• Finance• Stores

Ancillary support• Armed Reserve• Motor Transport• Training

Technical Modules• Wireless• Forensic Science • Laboratory

Police IT - ERP

11Modules

64Roles

522Screen

417Reports MIS

Police IT - ERP

Police IT - ERP

Layered architecture

Authentication and Authorization process

Encrypted communication

Fail over Clustering to avoid single point of failure.

.Net Framework used to develop the application for

better availability, performance and security.

Police IT – ERP Security Guidelines

Prevention of un-authorized access, Role based access

Auditing should be enabled for DML statements.

User name and password for authentication

Standard password policy.

The process for removing unnecessary code from the application after it is released should

be documented

Application code should not contain invalid references to network resources The solution

should not display the entire path of URL in the browser based application

The solution should support multi-tier authentication where required

Solution should provide logout option to terminate the session

Data Encryption at traveling and at rest.

All the credentials and sensitive data always will store at Database end

The Solution should not be vulnerable for OWASP top 10 attacks.

Text

Security Solution of KSPDefense in Depth technology has been adopted for KSP to ensure the maximum protection at each layer from attacks.

• IT Security Policy

• Regular audits.

• End user awareness program.

• DC protected with surveillance and biometric access

• Two Tier Security Architecture.

• Full fledge Intrusion Prevention System.

• SIEM for log management and Event Analysis for real time alerts.

• Internal Zone are created based on the functionality

• Centralized End point protection antivirus for Servers and Desktops

• Centralized Authentication and Authorization through LDAP Server.

• Role based Access.

• Hardening of OS, Applications and Network devices.

• Regular patch management.

• Data Stored in Encrypted format

DC / DR Technology / Tools used

Unified Threat Management System

Network Intrusion Prevention System

Firewall

Security Information and Event Management

Centralized Antivirus Software

Patch Management Software

LDAP Server

IP Sec Tunnel Between Branch and DC

Access Control List for end router security

Network Monitoring Software

Traffic Monitoring Software

Role Based Access

Hosted in Secured zone and accessible only on Intranet

Role based Access

Audit logs

CAB to control the changes

Application Monitoring Software

Stored in Encrypted mode

Stringent testing policy

Security layer Network layer Application layer

End Computer/ User Security

• Computers are under the supervision of LDAP Server

• Centralized Authentication, Authorization and Accounting through LDAP Server

• Computers are operated with least Privileged account.

• Local administrator and user accounts are restricted.

• End Point Protection installed on all computers to battle against the advance threat.

• Stringent Policies to enforce end computer security through LDAP and Centralize AV

Management Server.

• Regular patch management to fix the OS and application level Vulnerabilities.

• SOP for computer usage

• Usage of External Device is strictly prohibited.

• Authorized / Approved applications are allowed to use.

• Centralized Log monitoring through SIEM to identify and mitigate the internal threats.

• Computer security is a part of Basic computer training program.

• Regular Security awareness program to end users.

Text

Internal Resources of KSP

Resources Number

Key Security resourcesMCSE, CCNA, VCP, CEH, CHFI

3

Middle tier security resourcesSystem Administrators (MCSE and CCNA)

75

Security Enforcement Team 120

Police IT Operators 3000

Text

Operation Principals of KSP

Secure

MonitorAudit/Test

Manage/ Improve

Policy

Training

Awareness

Text

• Challenges / Bottleneck

Challenges

• Creating of security awareness.

• Resistance to change• Management skill• Regular Monitoring • Knowledge upgradation • Rediness for DDoS attack• Fighting against

distruptive attacks.•

Bottlenecks• No Direct control on the

other country cyber criminals

• Zero day attack• TOR based

communication•

Safe and Seurece Internet

Forensic Rediness

Security Awereness Program.

Wish list

Security architecture should be a dynamic process that consistently enforces security among all users to

protect corporate information.

Regular IT security audit would help the organization to find the vulnerabilities and gaps to fix it proactively before it get

exploited by an hacker.

People are the major pillar of the security, should be trained regularly better security.

As 100% security is impossible, you need to decide what needs to be secured and how well it needs to be secured.

Conclusion

Thank you