1 / 12

HFN Brown Bag

HFN Brown Bag. Essential Security Practices for Hastily Formed Networks. William Hugh Murray.

aimon
Download Presentation

HFN Brown Bag

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HFN Brown Bag Essential Security Practices for Hastily Formed Networks HFN Brown Bag: Security for Hastily Formed Networks

  2. William Hugh Murray Bill Murray is an executive consultant in the office of the CTO, Cybertrust Corporation, and an Associate Professorat the Naval Postgraduate School. He is Certified Information Security Professional (CISSP) and serves as Secretary of (ISC)2, the certifying body, Bill is an advisor on the Board of Directors of the New York Metropolitan Chapter of ISSA. He has more than fifty years experience in information technology and more than forty years in security. During more than twenty-five years with IBM his management responsibilities included development of access control programs, advising IBM customers on security, and the articulation of the IBM security product plan. He is the author of the IBM publication Information System Security Controls and Procedures.Mr. Murray has made significant contributions to the literature and the practice of information security. He is a popular speaker on such topics as network security architecture, encryption, PKI, and Secure Electronic Commerce. He is a founding member of the International Committee to Establish the "Generally Accepted System Security Principles" (GSSP, now referred to as the GISSP) as called for in the National Research Council's Report: Computers at Risk.  Bill remains as an active member of this committee. He is a founder and board member of the Colloquium on Information System Security Education (CISSE). He has been recognized as a founder of the systems audit field and by Information Security Magazine as a Pioneer in Computer Security. In 1987 he received the Fitzgerald Memorial Award for leadership in data security. In 1989 he received the Joseph J. Wasserman Award for contributions to security, audit and control. In 1995 he received a Lifetime Achievement Award from the Computer Security Institute. In 1999 he was enrolled in the ISSA Hall of Fame in recognition of his outstanding contribution to the information security community. He holds a Bachelor Science Degree in Business Administration from Louisiana State University. He is a graduate of the Jesuit Preparatory High School of New Orleans. HFN Brown Bag: Security for Hastily Formed Networks

  3. Abstract This presentation discusses Essential Security Policies, Practices, Measures, and Methods for Hastily Formed Networks.  While "hastily formed" is not the equivalent of ad hoc, "hasty" does suggest that traditional formal development methods may not apply.  However, history suggests that the absence of any method is rarely hasty; that which is put together in haste and without method rarely performs at all, much less as intended. This presentation will quickly revisit the concepts of security, network, "hastily formed," and "essential" to arrive at recommendations for meeting security requirements using: • Generic policies suitable for most network applications in hostile environments • Traditional and accepted strategies and tactics • Commercial-of-the-shelf products and components, and • Broadly applicable standards, guidelines, procedures, and controls HFN Brown Bag: Security for Hastily Formed Networks

  4. Essential Security Practices • ~ 0.8 effective • Can be done by anyone • Using available resources • Synergistic in layered defenses or defense in depth. • Sufficient to get one off the target of opportunity list ….. • ….and for emergency missions. • May not be sufficient for a hardened target HFN Brown Bag: Security for Hastily Formed Networks

  5. Examples of Essential Practices • Wearing a helmet • Digging a hole • Wearing body armor • Using Anti-virus • Personal firewalls • Putting mission critical data on a file server HFN Brown Bag: Security for Hastily Formed Networks

  6. Hastily formed…* • Surprising precipitating event (e.g., 9/11, Katrina) • Chaos • Insufficient resources • Multi-agency response • Distributed response • Insufficient (pre-existing) (broken or failing) infrastructure • (Minimum of pre-arrangement) • (Bound late) * http://www.nps.edu/cebrowski/HFN.html HFN Brown Bag: Security for Hastily Formed Networks

  7. Network • Collection of nodes and links • Typically communicating nodes over communication links • We speak of PANs, LANs, WANs (also MANs, SANs, NANs); also agencies, commands, enterprises, and other affinity groups • Usually for the purpose of cooperation and collaboration • e.g., disaster response, war-fighting • “A ‘cloud’ with routers at its boundaries”* * Rex Buddenberg HFN Brown Bag: Security for Hastily Formed Networks

  8. Desiderata of HFNs • Robustness (e.g., mesh topology) • Open as to connection • Ease of repair • Inter-operability • Cross-domain addressability • Minimal required pre-arrangement • Fail-soft under load • Other HFN Brown Bag: Security for Hastily Formed Networks

  9. Network Security • Network Integrity: getting traffic from any node to any other node with an acceptable signal-to-noise ratio. (No interference or contamination) • Network Confidentiality: getting traffic from any node only to a specified node. (minimal leakage). • Network Availability: getting traffic from any node to any other on a specified schedule, even in the presence of interference. Said another way, a node must be able to protect itself from any traffic that it sees, nodes and links must not leak, there must always be a path. HFN Brown Bag: Security for Hastily Formed Networks

  10. Policies • Trust is essential to cooperation and coordination…. • …..but communication trumps security. • Availability is necessary • Signal-to-noise must be “good enough” • Confidentiality is merely nice, but…. HFN Brown Bag: Security for Hastily Formed Networks

  11. Examples of Essential Practices • Restrictive policy (using e.g., proxies and f/ws) • Redundant capacity (links) (over-provisioned) • Media diversity (e.g. radio and wire, Internet and PSTN) • Path diversity (e.g., mesh routing across multiple media) • Peer-to-peer (link) and End-to-end (layer 7) cryptography (e.g., SSH, SSL, other VPNs) (belt and suspenders) • Layered defenses • Peer-to-peer mutual authentication (e.g., 2-way SSL) (may imply mutually trusted third-party) • COTS Crypto • Out-of-band (VPN) connection setup and control • Physical security of nodes and links HFN Brown Bag: Security for Hastily Formed Networks

  12. Examples of 3rd Party Introducers • AOL • Yahoo! • MSN • ICQ Servers • Enterprise IM servers • Skype • WebEx HFN Brown Bag: Security for Hastily Formed Networks

More Related