T Yritysturvallisuuden seminaari

Transcription

1 T Yritysturvallisuuden seminaari Chapter 10: Conceptual Security Architecture Lauri Helkkula

2 Sources Chapter 10 of the book Sherwood, Clark, Lynas: Enterprise Security Architecture, A Business-Driven Approach Images are from the book the SABSA website,

3 The SABSA Matrix

4 Conceptual Thinking Stand back from the trees and see the forest

5 Why? Business Attributes Profile Chapter 6

6 Business Attributes Profile Business Attributes Mapped to business drivers and business risks Measurement approach for each attribute

7 What? Control Objectives The desired result of implementing controls Generic good practice or specific to a business need Control Objectives conceptualize the Business Risk Model Normalise a unique business into common terminology and abstract concepts Hide details

8 Control Objectives Decide control objectives Insert into column 11 of the Business Risk Model Form a interface between the description of real business (contextual) and the description of a conceptual model of the business

9 Selecting Control Objectives Create your own Or check standard control objectives sources: ISO/IEC 17799: A Code of Practice for Information Security Management ISO/IEC 21827: SSE-CMM CobiT ISF's Standar for Good Practice BSI: IT Baselines Protection Manual

10 How? Security Strategies and Architectural Layering Many approaches Major strategies are described Use the ones that fit best for your business Security architecture is not same as software architecture

11 Multi-Layered Security

12 Multi-Tiered Incident Handling

13 Layered Security Infrastructure Common security services through a common applications security services API Security middleware Security services on platforms (systems) Security services embedded in the network

14 Layered Security Infrastructure

15 Common Security Services API

16 Common Security Services API Purely conceptual model Requires properly designed software architecture Support for extensibility Functional substitution of lower levels Integrating components from many different vendors Application adaptors for third party applications

17 Application Security Services Business applications should have a similar high level architecture Common services for applications Especially centralised common application security services

18 Placing Services in the Layers Middleware security services Data management security services Within databases or a part of middleware Network security services Within itself Within the network Platform security services Within the individual platforms

19 Applications Layer Main focus on authorisation Enforced authorisation Front-end access control Authentication Back-end access control Need for an authorisation process Audit trails Security administration Tools for managing authorisations and reviewing audit trails

20 Applications Layer Six As of applications security services Benefits of integrated architecture Authorisation, Authentication, Access control, Audit, Administration, App-to-app communications security Single window for user administration Single authentication database Single sign-on for users Major architectural approach Role-based access control

21 App-to-app communications Required services Confidentiality Integrity Authenticity Non-repudiation This is not network security according to the authors The network doesn't understand application data structures The network might be owned by a third party

22 Middleware Layer Middleware objectives Interaction between applications via an API Node, service and data location transparency Scalability and extensibility Reliability and availability Vendor, platform, OS and networking protocol independence

23 Middleware Layer Middleware deals with following types of services: Remote procedure calls (RPC) Inter-process messaging management Object Request Broker (ORB) management Data management Load balancing Inter-process resource sharing Priorisation of application services Security services management

24 Middleware Layer Two approaches for security services Explicit Security Services Explicit security API Application is aware of security and security related events Implicit Security Services Security is provided transparently Application isn't explicitly aware of security

25 Data Management Dual role Provides access to information sources Protects those information sources Goals achieved with authorisation

26 Information Transfer Layer Aka the network layer OSI layers 1-4 (up to TCP, UDP etc.) Goals High-quality, highly reliable and available connectivity to its users Protection of attributes mentioned above Includes network management flows (DNS, ICMP...) Prevent theft of bandwith by unauthorised users Not goals Confidentiality, integrity, authenticity, nonrepudiation

27 Information Transfer Layer Can provide confidentiality Can't provide integrity, authenticity and nonrepudiation SSL, TSL and IPSec have limited uses Application level might not be aware of network level encryption

28 Information Transfer Layer Network security policy Network component redundancy Network entity authentication & authorisation Network boundary access control Connectivity control Network management security Network security monitoring and ID Network security incident handling Network vulnerability research

29 Information Processing Layer Platforms, operating system services and peripherals Strategic principles Reduce vulnerabilities Segregate and isolate production environments from testing and development environments Provide trusted execution environments Provide secure storage environment

30 Information Processing Layer Major security services Physical security Environmental protection Local authentication, access control and audit Cryptographic services Interaction with central security services Anti-virus services Content filtering :) Change and configuration control Backup and recovery planning

31 Authentication, Authorisation and Audit Strategy

32 Role-based access control

33 Security Service Management Management of security services Security parameters Monitoring, intrusion detection Incident and problem management Security of service management Recovery and restoration Authorisation, authencity, access control and auditing Segregation of critical duties Telecommunications Management Network BS15000: IT Service Management

34 Directory Services Critical piece of infrastructure Centralised repository of much securityrelated information about system objects Main function: Holding registered details of all objects Logical and physical structures are distinct Management Logical and physical access control Integrity and availability are top priorities Strong authentication for administrators

35 Who? Security Entity Model and Trust Framework Security entities are subjects People Corporate entities Application or system entities Security entity relationships Unilateral Bilateral Multilateral

36 Trust A relationship attribute Trust concept Relying party trusts claimant Most trust relationships can be broken into simple one-way trusts Different levels of trust

37 Trust analysis

38 Trust Brokers Public Key Infrastructure Who is the CA? Liability cover Trusted transactions Trust and liability management Transitive trust Banking industry

39 Where? Security Domain Model Security domain is a set of security elements subject to a common security policy defined and enforced by a single security policy authority Isolated domains Independent domains Sub- and super-domains Logical and physical domains Multi-domain environments

40 Security Domain Model The eggshell model Gateway Who is a friend and who is a foe? The honeycomb concept Each cell has its own perimeter

41 Egg and Honey

42 When? Security-Related Lifetimes and Deadlines Registration lifetimes (1 3 years) Certification lifetimes Less than registration lifetime Cryptographic key lifetimes Signature keys have two lifetimes Usage lifetime and verification lifetime Policy lifetimes (3 4 years) Rule lifetimes

43 Security-Related Lifetimes and Deadlines Password lifetimes Stored data lifetimes Data secrecy lifetimes Session lifetimes Response and inactivity time-outs Context-based access control Disaster recovery time targets

44 Time Trusted time service is needed Time stamps Time performance issues

45 Summary Conceptual security architecture is about the big picture Business Attributes profile Layering techniques AAA strategy (RBAC) Secure service management Directory services Security entities and relationships Trust model Security domain model Time dependencies