security assurance policy helper saph n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Assurance Policy Helper (SAPH) PowerPoint Presentation
Download Presentation
Security Assurance Policy Helper (SAPH)

Loading in 2 Seconds...

play fullscreen
1 / 27

Security Assurance Policy Helper (SAPH) - PowerPoint PPT Presentation


  • 197 Views
  • Uploaded on

Security Assurance Policy Helper (SAPH). A Framework for Network Security Assurance Design. 鄭伯炤 bcheng@ccu.edu.tw. Speaker : Information Networking Security and Assurance LAB Department of Communication Engineering National Chung Cheng University. Outline. What is the Problem ?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Security Assurance Policy Helper (SAPH)


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security assurance policy helper saph

Security Assurance Policy Helper (SAPH)

A Framework for Network Security Assurance Design

鄭伯炤

bcheng@ccu.edu.tw

Speaker:

Information Networking Security and Assurance LAB

Department of Communication Engineering

National Chung Cheng University

outline
Outline
  • What is the Problem ?
  • Security Management Life Cycle
  • SAPH (Security Assurance Policy Helper)
    • SLC (Security Language Composer)
    • VAST (Vulnerability Assessment & Security Testing)
  • SAPH and Security Assurance
  • Conclusion
  • Reference
the reality

Data and Application Security

Information and Networking Security Assurance & Survivability

Security Technologies Used

How many Incidents By Percentage (%)

The Reality

Source : SSI/FBI

Gartner Group 估計出現在的駭客攻擊有75% 是發生在應用層(OSI第七層)上,而且一次成功的入侵將會產生令人震驚的破壞。

attack motivations phases and goals

Data manipulation

  • System access
  • Elevated privileges
  • Deny of Service
  • Revenge
  • Political activism
  • Financial gain
Attack Motivations, Phases and Goals
  • Analyze Information & Prepare Attacks
  • Service in use
  • Known OS/Application vulnerability
  • Known network protocol security weakness
  • Network topology
  • Actual Attack
  • Network Compromise
  • DoS/DDoS Attack
    • Bandwidth consumption
    • Host resource starvation
  • Collect Information
  • Public data source
  • Scanning and probing
what is the problem

Vulnerability 1

Vulnerability 2

Vulnerability n

Security Operation Center (SOC)

What is the Problem ?

Vulnerability Database e.x. Bugtraq

Solution 1

Solution 2

……….

……….

Solution n

Quick & Dirty !!!

security management cycle problems

Business Requirement

How to automate security management cycle (i.e. eliminating the gaps and smoothing processes between different security management phases)

?

Service Provision

?

How to evaluate the risk of exposure and the cost of security breaches

?

Security Operation Center (SOC)

How to map business and service requirements into security policy

Security Management Cycle Problems

Monitoring & Audit

Implementation

Design

Security Policy

Assessment & Testing

security management cycle problems1
Security Management Cycle Problems
  • Design
    • Defining a good security policy and the topology of network in accordance with the requirements of an enterprise and the goal of the business
  • Monitoring & Audit
    • Performing testing and scanning to appraise risk values on the target network
  • Implementation
    • Including installing, system level testing, education and technical transference, etc
  • Assessment & Testing
    • Check whether the security policy is implemented correctly and investigate any intrusions
saph architecture

Import/Interpreter

Enforcement

Black Hat

White Hat

Object Storage

Verifier

Script Generator

Lighter

DTN

SAPH Architecture

VAST: Vulnerabilities Assessment & Security Testing

DTN: Defense Target Network

Audit/System Log

SLC: Security Language Composer

SAPH

x

Security Guardian

Policy &

Topology Model

Conf.

Profile

SLC

VAST

GUI

slc get the highest level of security
SLC: Get The Highest Level of Security
  • Make good security policies to protect your networks and services
    • Accomplishable
    • Enforceable
    • Definable
  • Identify real security needs for service and match business requirements
  • Assessment and risk evaluation
saph components security language composer
SAPH Components – Security Language Composer
  • GUI : a Graphic User Interface providing user interactions
  • Policy & Topology model: allowing user to define security policies and network topology based on business and service requirements .
  • Security Guardian : an engine evaluates the risk of exposure and the cost of security breaches based on built-in and user-define functions
  • Object Storage : store network objects and security policy definitions
  • Enforcement : an intelligent agent is able to produce configuration profiles based on acceptable risks, security policy settings and network topology.
  • Configuration Profile : a set of configuration parameters and running scripts for network element and security device
policy topology model

Enforcement

Object Storage

x

Security Guardian

Policy &

Topology Model

Conf.

Profile

SLC

GUI

Policy & Topology Model
  • Display an idea
  • Communicate to System and other engineer
  • OAB (Object Association Binding)
    • Object
      • Entity、Concept or Group
      • Data & Attribution
    • Association
      • Relation Between Two Object
      • Direction、Condition、Action & Transition
    • Binding
      • Relation Between Two Model
      • Object in Policy Model & Object in Topology Model
oab object association binding
OAB (Object Association Binding)

Policy Mode

Security Policy

Association

If protocol =! FTP

accept

rule 1:George can access the Marketing Dep. Network

George

George

Marketing Dep.

Attribution

Info. Dep

Engineer

Attribution

Emp. 15

Computer 12

rule 2:Deny FTP connection

Binding

Topology Mode

Binding

Subnet

140.123.113.0/24

Host

140.123.114.14

Firewall

140.123.113.25

security guardian check policy topology and evaluate the risk

Enforcement

Object Storage

x

Security Guardian

Security Policy

Policy &

Topology Model

Conf.

Profile

Network Topology

SLC

GUI

Security Guardian : Check Policy & Topology and Evaluate the Risk

■ User-Define Factors

■Information Asset

■Vulnerability

■Probability Loss

■Event Severity

Security Guardian

Risk Exposure

risk relationship

Probability

Severity

Level

Value

Theft

Fire

Explosive

…..

Radiation

Level

Value

Service in use

Known OS/Application vulnerability

Known network protocol security weakness

Network topology

Risk Relationship

Security Threat

Classification

Physical

Assets

Hardware

Software

OS

Application

Security Threat

evaluation function built in and user defined

Pi: Probability Loss

Si: Event Severity

Ti: Threat Factor

Evaluation Function (Built-In and User-Defined)

Ci: Class Risk

Ti: Threat Factor

A: Asset Risk Exposure

Ci: Class Risk

 : Acceptable Risk Value

X,Y : Accept Value (e.g., Boolean)

If A <  then X otherwise Y

enforcement

Enforcement

Script files

Object Storage

x

Security Guardian

Security Policy

Policy &

Topology Model

Conf.

Profile

Network Topology

SLC

GUI

Enforcement

Equipment Adaptors

Enforcement

Configuration

Network

slc get the highest level of security1
SLC: Get The Highest Level of Security
  • Make good security policies to protect your networks and services
    • Accomplishable
    • Enforceable
    • Definable
  • Identify real security needs for service and match business requirements
  • Assessment and risk evaluation
saph architecture1

Import/Interpreter

Enforcement

Black Hat

White Hat

Object Storage

Verifier

Script Generator

Lighter

DTN

SAPH Architecture

VAST: Vulnerabilities Assessment & Security Testing

DTN: Defense Target Network

Audit/System Log

SLC: Security Language Composer

SAPH

x

Security Guardian

Policy &

Topology Model

Conf.

Profile

SLC

VAST

GUI

vast assure information and networking security
VAST: Assure Information and Networking Security
  • Assessment
    • Information reconnaissance and network scan
    • Vulnerability assessment and threat Analysis
  • Penetration
    • System penetration test
    • Security policy certification
  • Auditing
    • Log analysis
saph components vulnerabilities assessment security testing vast
SAPH Components - Vulnerabilities Assessment & Security Testing (VAST)
  • Import/Interpreter: a converter to import audit log/syslog from security audit tools and network elements into Black Hat Database or transform attack severity/structure to Evaluator for further analysis.
  • Black Hat Database: real hacker signatures and methods
  • White Hat Database: network architecture and network element (e.g., router and firewall) configuration, security profiles and well know security holes
  • Verifier: an engine use both Black Hat and White Hat Database to forecast/analyze possible vulnerabilities
  • Script Generator: generating script files to exploit vulnerabilities
  • Lighter: an engine launch attacks based on hacker scripts
lighter

VAST

Import/Interpreter

Black Hat

White Hat

Verifier

Script Generator

Lighter

Lighter
  • Reconnaissance
  • Nslookup
  • Whois
  • ARIN
  • Dig
  • Target Web Site
  • Others
  • Network Scanning
  • Telnet
  • Nmap
  • Hping2
  • Netcat
  • ICMP: Ping and Traceroute

Script Generator

  • Vulnerability Assessment
  • Nessus
  • SARA
vast assure information and networking security1
VAST: Assure Information and Networking Security
  • Assessment
    • Information reconnaissance and network scan
    • Vulnerability assessment and threat Analysis
  • Penetration
    • System penetration test
    • Security policy certification
  • Auditing
    • Log analysis
saph and security assurance
SAPH and Security Assurance
  • Design assurance
    • Policy & Topology Model : OAB (Object Association Binding)
    • Security Guardian
  • Development assurance
    • VAST
  • Operation assurance
    • Enforcement
    • GUI
conclusion

Increase Productivity

Enhance Security

Save Cost

Extend Network Management

Security Operation Center

(SOC)

Security Operation Center

(SOC)

Conclusion

After

Before

SAPH

reference 1 2
Reference (1/2)
  • BCS Review 2001 Setting standards for information security policy http://www.bcs.org.uk/review/2001/html/p181.htm
  • B. Fraser, “RFC2196: Site Security Handbook”, IETF, September 1997.
  • BUGTRAQ http://www.securityfocus.com/archive/1
  • E. Carter, Cisco Secure Intrusion Detection System, Cisco Press, 2001
  • G. Stoneburner, A. Goguen, and A. Feringa "Risk Management Guide for Information Technology Systems", Special Publication 800-30, NIST.
  • J. Wack and M. Tracey, “Guideline on Network Security Testing”, Draft Special Publication 800-42, NIST, February 4, 2002
reference 2 2
Reference (2/2)
  • Microsoft Security Bulletin MS03-028 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-028.asp
  • R. M. Barnhart, “High Assurance Security Mideical Information Systems”, Science Application International Corporation, 2000
  • SANS Institute - Security Policy Project. http://www.sans.org/resources/policies/
  • S. Northcutt, L. Zeltser, S. Winters, K. Kent Frederick, R. W.Ritchey, Inside Network Perimeter Security, New Riders , 2003
  • T. Layton, “Penetration Studies – A Technical Overview” SANS, May 30, 2002
slide27
Question ?

Thank You !