PRACTICAL SECURITY PRINCIPLES FOR THE WORKING ARCHITECT. Eoin Woods,

Similar documents
Eoin Woods Secure by Design security design principles for the rest of us

AGILE AND CONTINUOUS THREAT MODELS

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

OWASP Top 10 The Ten Most Critical Web Application Security Risks

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Copyright ECSC Group plc 2017 ECSC - UNRESTRICTED

Development*Process*for*Secure* So2ware

Cybersecurity in Government

Threat analysis. Tuomas Aura CS-C3130 Information security. Aalto University, autumn 2017

Authentication Technology for a Smart eid Infrastructure.

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Topics. Ensuring Security on Mobile Devices

90% of data breaches are caused by software vulnerabilities.

Managing an Active Incident Response Case. Paul Underwood, COO

A new approach to Cyber Security

Lessons Learned from 4,000 Security Assessments. Sadik Al-Abdulla Security Practice Director, CDW

Security Audit What Why

Integrated Access Management Solutions. Access Televentures

Attackers Process. Compromise the Root of the Domain Network: Active Directory

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Disk Encryption Buyers Guide

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Securing Web Applications. Architecture Alternatives. Web Application Security Roadmap. Defense in Depth. Defense in Depth

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

THE POWER OF TECH-SAVVY BOARDS:

C1: Define Security Requirements

Copyright

Big data privacy in Australia

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Securing Your Cloud Introduction Presentation

QuickBooks Online Security White Paper July 2017

Web App Testing: RECON. MAPPING. ANALYSIS.

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Figure 11-1: Organizational Issues. Managing the Security Function. Chapter 11. Figure 11-1: Organizational Issues. Figure 11-1: Organizational Issues

A practical guide to IT security

Brochure. Security. Fortify on Demand Dynamic Application Security Testing

Kennis sessie Security architectuur Security architecture in practice

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

IoT & SCADA Cyber Security Services

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Application Security Design Principles. What do you need to know?

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

security mindfulness dwayne.

Whiteboard Hacking / Hands-on Threat Modeling. Introduction

Converged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products

Protect Your Organization from Cyber Attacks

SECURING THE UK S DIGITAL PROSPERITY. Enabling the joint delivery of the National Cyber Security Strategy's objectives

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT. August prevoty.com. August 2015

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Security Fundamentals for your Privileged Account Security Deployment

Incident Response. Tony Drewitt Head of Consultancy IT Governance Ltd

Penetration Testing! The Nitty Gritty. Jeremy Conway Partner/CTO

Threat Modeling For Secure Software Design

SECURITY AND DATA REDUNDANCY. A White Paper

SECURITY & PRIVACY DOCUMENTATION

SANS AppSec AppSec what can you learn from small companies? What Works and What Doesn t

locuz.com SOC Services

Secure Application Development. OWASP September 28, The OWASP Foundation

Credit Union Cyber Crisis: Gaining Awareness and Combatting Cyber Threats Without Breaking the Bank

CYBER RESILIENCE & INCIDENT RESPONSE

The checklist is dynamic, not exhaustive, and will be updated regularly. If you have any suggestions or comments, we would like to hear from you.

Product Security Program

Security Specification

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Practical Guide to Securing the SDLC

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

CSWAE Certified Secure Web Application Engineer

Hardcore PI System Hardening

THE ART OF SECURING 100 PRODUCTS. Nir

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

5 IT security hot topics How safe are you?

Murray Goldschmidt. Chief Operating Officer Sense of Security Pty Ltd. Micro Services, Containers and Serverless PaaS Web Apps? How safe are you?

How Secure is Blockchain? June 6 th, 2017

S e c u rity S o lu tio n s

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

10 Hidden IT Risks That Might Threaten Your Business

Cyber Security. Building and assuring defence in depth

Jeff Wilbur VP Marketing Iconix

Introduction to Ethical Hacking. Chapter 1

Critical Hygiene for Preventing Major Breaches

Recommendations for Device Provisioning Security

Evolution of Cyber Attacks

Consolidated Edition. 5th Annual State of Application Security Report Perception vs. Reality

To Audit Your IAM Program

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

E-guide Getting your CISSP Certification

How WebSafe Can Protect Customers from Web-Based Attacks. Mark DiMinico Sr. Mgr., Systems Engineering Security

Transcription:

PRACTICAL SECURITY PRINCIPLES FOR THE WORKING ARCHITECT Eoin Woods, Endava @eoinwoodz

BACKGROUND Eoin Woods CTO at Endava (technology services, ~4000 people) 10 years in product development - Bull, Sybase, InterTrust 10 years in capital markets applications - UBS and BGI Software dev engineer, then architect, now CTO Author, editor, speaker, community guy 2

CONTENT What is security and why do we care? What are security principles, why are they useful? Security design principles 10 important principles useful in practice Improving application security in real teams 3

REVISITING SECURITY 4

REVISITING SECURITY We all know security is important - but why? protection against malice, mistakes and mischance theft, fraud, destruction, disruption Security is a risk management business loss of time, money, privacy, reputation, advantage insurance model - balance costs against risk of loss 5

ASPECTS OF SECURITY PRACTICE Secure Application Design Secure Application Implementation Secure Infrastructure Design Secure Infrastructure Deployment Secure System Operation 6

DATA BREACHES 2005-2007 http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 7

DATA BREACHES 2015-2017 8

TODAY S THREAT LANDSCAPE System interfaces on the Internet Introspection of APIs Attacks being weaponised Today s internal app is tomorrow s digital channel APPLICATION SECURITY IS OFTEN THE WEAK LINK 9

SECURITY PRINCIPLES 10

SECURITY DESIGN PRINCIPLES What is a principle? a fundamental truth or proposition serving as the foundation for belief or action [OED] We define a security design principle as. a declarative statement made with the intention of guiding security design decisions in order to meet the goals of a system 11

SECURITY DESIGN PRINCIPLES There are many sets of security design principles Viega & McGraw (10), OWASP (10), NIST (33), NCSC (44), Cliff Berg (185) Many similarities between them at fundamental level I have distilled 10 key principles as a basic set these are brief summaries for slide presentation www.viewpoints-and-perspectives.info 12

A SYSTEM TO BE SECURED 13

10 KEY SECURITY PRINCIPLES 14

TEN KEY SECURITY PRINCIPLES Assign the least privilege possible Separate responsibilities Trust cautiously Simplest solution possible Audit sensitive events Fail securely & use secure defaults Never rely upon obscurity Implement defence in depth Never invent security technology Find the weakest link 15

1- LEAST PRIVILEGE Why? Principle Broad privileges allow malicious or accidental access to protected resources Limit privileges to the minimum for the context Tradeoff Example Less convenient; less efficient; more complexity Run server processes as their own users with exactly the set of privileges they require 16

2 - SEPARATE RESPONSIBILITIES Why? Principle Tradeoff Example Achieve control and accountability, limit the impact of successful attacks, make attacks less attractive Separate and compartmentalise responsibilities and privileges Development and testing costs; operational complexity: troubleshooting more difficult Payments module administrators have no access to or control over Orders module features 17

2 - SEPARATE RESPONSIBILITIES 18

3- TRUST CAUTIOUSLY Why? Principle Tradeoff Example Many security problems caused by inserting malicious intermediaries in communication paths Assume unknown entities are untrusted, have a clear process to establish trust, validate who is connecting Operational complexity (particularly failure recovery); reliability; some development overhead Don't accept untrusted RMI connections, use client certificates, credentials or network controls 19

3- TRUST CAUTIOUSLY Why? Principle Tradeoff Example Many security problems caused by inserting malicious intermediaries in communication paths Assume unknown entities are untrusted, have a clear process to establish trust, validate who is connecting Operational complexity (particularly failure recovery), reliability; some development overhead Don't accept untrusted RMI connections, use client certificates, credentials or network controls 20

3- TRUST CAUTIOUSLY Why? Principle Tradeoff Example Many security problems caused by inserting malicious intermediaries in communication paths Assume unknown entities are untrusted, have a clear process to establish trust, validate who is connecting Operational complexity (particularly failure recovery); reliability; some development overhead Reject untrusted RPC connections, authenticate clients, check 3rd party components, scan your open source 21

3 - TRUST CAUTIOUSLY https://www.aspectsecurity.com/research-presentations/the-unfortunate-reality-of-insecure-libraries 22

3 - TRUST CAUTIOUSLY What is connecting to our services? What are we connecting to? Who are you? How do we know? What libraries do we use? From where? 23 What can access our database?

4- SIMPLEST SOLUTION POSSIBLE The price of reliability is the pursuit of the utmost simplicity - C.A.R. Hoare Why? Principle Tradeoff Example Security requires understanding of the design - complexity rarely understood - simplicity allows analysis Actively design for simplicity - avoid complex failure modes, implicit behaviour, unnecessary features, Hard decisions on features and sophistication; Needs serious design effort to be simple Does the system really need dynamic runtime configuration via a custom DSL? 24

5 - AUDIT SENSITIVE EVENTS Why? Principle Tradeoff Example Provide record of activity, deter wrong doing, provide a log to reconstruct the past, provide a monitoring point Record all security significant events in a tamperresistant store Performance; operational complexity; dev cost Record changes to "core" business entities in an appendonly store with (user, ip, timestamp, entity, event) 25

5 - AUDIT SENSITIVE EVENTS 26

6 - SECURE DEFAULTS & FAIL SECURELY Why? Principle Tradeoff Example Default passwords, ports & rules are open doors Failure and restart states often default to insecure Force changes to security sensitive parameters Think through failures - to be secure but recoverable Convenience Don t allow SYSTEM/MANAGER logins after installation On failure don t disable or reset security controls 27

7 - NEVER RELY ON OBSCURITY Why? Principle Tradeoff Example Hiding things is difficult - someone is going to find them, accidentally if not on purpose Assume attacker with perfect knowledge, this forces secure system design Designing a truly secure system takes time and effort Assume an attacker will guess a "port knock" network request sequence or a password obfuscation technique 28

8 - DEFENCE IN DEPTH Why? Principle Tradeoff Example Systems do get attacked, breaches do happen, mistakes are made - need to minimise impact Don t rely on single point of security, secure every level, stop failures at one level propagating Redundancy of policy; complex permissioning and troubleshooting; can make recovery difficult Access control in UI, services, database, OS 29

8 - DEFENCE IN DEPTH 30

9 - NEVER INVENT SECURITY TECH Why? Principle Tradeoff Example Security technology is difficult to create - avoiding vulnerabilities is difficult Don t create your own security technology - always use a proven component Time to assess security technology; effort to learn it; complexity Don t invent your own SSO mechanism, secret storage or crypto libraries choose proven components 31

9 - NEVER INVENT SECURITY TECHNOLOGY 32

9 - NEVER INVENT SECURITY TECHNOLOGY 33

10 - SECURE THE WEAKEST LINK Why? Principle Tradeoff Example "Paper Wall" problem - common when focus is on technologies not threats Find the weakest link in the security chain and strengthen it - repeat! (Threat modelling) Significant effort required; often reveals problems at the least convenient moment! Data privacy threat => encrypted communication but with unencrypted database storage and backups 34

TEN KEY SECURITY PRINCIPLES Assign the least privilege possible Separate responsibilities Trust cautiously Simplest solution possible Audit sensitive events Fail securely & use secure defaults Never rely upon obscurity Implement defence in depth Never invent security technology Find the weakest link 35

SECURITY IN REAL TEAMS 36

SOME COMMON CONCERNS Where do we start? Will this cost a lot? Who is involved? What tools do we use? Can we do this with agile? Won t this slow everything down? 37

SOME OBSERVATIONS Some individuals will find it fascinating, some will hate it Teams will need guidance and inspiration Teams need to own their security process But a clearly defined starting point and standards very valuable A clear roadmap helps to avoid overload 38

SOME USEFUL TACTICS Form a group of security champions - invest in them involve many roles (BA, developer, tester, architect, ) Communicate importance of security from the top and from the customer Make the right thing the easy thing checklists and templates, clear guidance, packaged tools Be prepared for the process to take time 39

USUALLY A GRADUAL PROCESS EXPERT APPLICATION SECURITY TEAM COMPETENT APPLICATION SECURITY TEAM INFORMED APPLICATION SECURITY TEAM SECURITY AWARE TEAM NO SECURITY PRACTICE 40

EXAMPLE CAPABILITY PLAN EXPERT COMPETENT INFORMED AWARE Active Threat Assessment Attack Surface Analysis Dynamic Analysis Fuzz Testing Threat Modelling Secure Design Sec Code Reviews Red Teams Continual Improvement Incident Simulations Security Requirements Risk Assessment OSS Mgmt Basic Secure Design Release Criteria Secure Coding Static Scanning Security Principles OWASP Top 10 Basic Sec Coding Pen Testing 41

OWASP SAMM http://www.opensamm.org 42

MICROSOFT SDL https://www.microsoft.com/en-us/sdl/ 43

TO RECAP 44

TEN KEY SECURITY PRINCIPLES Assign the least privilege possible Separate responsibilities Trust cautiously Simplest solution possible Audit sensitive events Fail securely & use secure defaults Never rely upon obscurity Implement defence in depth Never invent security technology Find the weakest link 45

GETTING TEAMS DOING IT Continuous Process Towards Secure SDLC 46

REFERENCES UK Government NCSC Security Principles: https://www.ncsc.gov.uk/guidance/security-design-principles-digital-services-main NIST Engineering Principles for IT Security: http://csrc.nist.gov/publications/nistpubs/800-27a/sp800-27-reva.pdf Short intro to McGraw s set: http://www.zdnet.com/article/gary-mcgraw-10-steps-to-secure-software/ OWASP Principles set: https://www.owasp.org/index.php/category:principle 47

BOOKS 48

THANK YOU FOR YOUR ATTENTION Eoin Woods Endava eoin.woods@endava.com @eoinwoodz QUESTIONS?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback