EE579U/2 #1 Spring 2004 © 2000-2004, Richard A. Stanley EE579U Information Systems Security and Management 2. Policy Structure, Implementation, and Development.

Slides:



Advertisements
Similar presentations
Information Flow and Covert Channels November, 2006.
Advertisements

Operating System Security
Access Control Methodologies
Security Controls – What Works
EE579U/3 #1 Spring 2004 © , Richard A. Stanley EE579U Information Systems Security and Management 3. Policy Examples and Development Professor.
Verifiable Security Goals
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Computer Security: Principles and Practice
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson.
Stephen S. Yau CSE , Fall Security Strategies.
Network security policy: best practices
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models
Introduction to Network Defense
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
PMP® Exam Preparation Course
SECURITY POLICIES Indu Ramachandran. Outline General idea/Importance of security policies When security policies should be developed Who should be involved.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Slide 1 D2.TCS.CL5.04. Subject Elements This unit comprises five Elements: 1.Define the need for tourism product research 2.Develop the research to be.
© G. Dhillon, IS Department Virginia Commonwealth University Principles of IS Security Formal Models.
© Grant Thornton | | | | | Guidance on Monitoring Internal Control Systems COSO Monitoring Project Update FEI - CFIT Meeting September 25, 2008.
Security Architecture
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)
Session 2 - Security Models and Architecture. 2 Overview Basic concepts The Models –Bell-LaPadula (BLP) –Biba –Clark-Wilson –Chinese Wall Systems Evaluation.
Security Architecture and Design Chapter 4 Part 3 Pages 357 to 377.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Chapter 5 Network Security
Assessing Current Network Concerns Lesson 5. CERT/CC Stats.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Information Security What is Information Security?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 14: Windows Server 2003 Security Features.
Trusted OS Design and Evaluation CS432 - Security in Computing Copyright © 2005, 2010 by Scott Orr and the Trustees of Indiana University.
12/4/20151 Computer Security Security models – an overview.
Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
~ pertemuan 4 ~ Oleh: Ir. Abdul Hayat, MTI 20-Mar-2009 [Abdul Hayat, [4]Project Integration Management, Semester Genap 2008/2009] 1 PROJECT INTEGRATION.
Role Of Network IDS in Network Perimeter Defense.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Assessing Current Network Concerns Lesson 5. The Assessment Two important elements you will need to determine in order to produce a valuable assessment.
Slide #6-1 Chapter 6: Integrity Policies Overview Requirements Biba’s models Clark-Wilson model.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
The NIST Special Publications for Security Management By: Waylon Coulter.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
Lecture 2 Page 1 CS 236 Online Security Policies Security policies describe how a secure system should behave Policy says what should happen, not how you.
Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Verifiable Security Goals
IS4680 Security Auditing for Compliance
Drew Hunt Network Security Analyst Valley Medical Center
IS4680 Security Auditing for Compliance
IS4680 Security Auditing for Compliance
PLANNING A SECURE BASELINE INSTALLATION
Presentation transcript:

EE579U/2 #1 Spring 2004 © , Richard A. Stanley EE579U Information Systems Security and Management 2. Policy Structure, Implementation, and Development Professor Richard A. Stanley

EE579U/2 #2 Spring 2004 © , Richard A. Stanley Overview of Today’s Class Administration Review of last class Projects Policies

EE579U/2 #3 Spring 2004 © , Richard A. Stanley Review of Last Class Information security is a real need in real systems There are multitudes of examples of systems that failed due to poor security, and which cost their owners dearly –In some cases, security failures have led to business failures Absolute security does not exist

EE579U/2 #4 Spring 2004 © , Richard A. Stanley Projects? Proposals? Teams? Topics? Issues?

EE579U/2 #5 Spring 2004 © , Richard A. Stanley Policy What’s the big deal? –Need to define acceptable usage and the parameters of that usage –If it is to work, must be within the boundaries of a model If users are to follow the policy, they need to know what it is –Reasonable –Available –Understandable

EE579U/2 #6 Spring 2004 © , Richard A. Stanley Policy Models We covered these in Computer Security Let’s review a few of them and see how well they might be suited to developing a policy for our users Policy infers an access control mechanism in place and operating –Technological solutions?

EE579U/2 #7 Spring 2004 © , Richard A. Stanley Access Control Determines and monitors who can do what with what in the computer Is much more than establishing a physical perimeter around the computer Can’t happen without identification and authentication (about which, more later) Needs to be instantiated in a policy

EE579U/2 #8 Spring 2004 © , Richard A. Stanley Access Control Model SubjectRequest Reference Monitor Object Any of these points is a vulnerability. How to protect?

EE579U/2 #9 Spring 2004 © , Richard A. Stanley Reference Monitor Makes access control work You can tell it –What a subject is allowed to do (privilege) –What may be done with an object (permission) In order to specify these things, you need to know all the possibilities, or you need to define things narrowly so that what you don't know doesn’t become allowed

EE579U/2 #10 Spring 2004 © , Richard A. Stanley Unix Access Control Read: read a file Write: write to a file Execute: execute a file Interpreted according to where the access rights are to be granted

EE579U/2 #11 Spring 2004 © , Richard A. Stanley Bell-LaPadula Access Rights e: execute r: read a: append w: write BLP developed a methodology to implement an access control policy!

EE579U/2 #12 Spring 2004 © , Richard A. Stanley Access Control Types Discretionary: the file owner is in charge Mandatory: the system policy is in charge One can exist within the other, especially discretionary within a class of mandatory

EE579U/2 #13 Spring 2004 © , Richard A. Stanley Access Control Matrix A = set of access operations permitted S = set of subjects O = set of objects

EE579U/2 #14 Spring 2004 © , Richard A. Stanley Access Control Matrix Example How easy is this to implement?

EE579U/2 #15 Spring 2004 © , Richard A. Stanley Access Control Lists Stores the access rights within the object –Columnar decomposition of the matrix Convenient, quick –This is the Unix approach Difficult to modify globally w.r.t. subjects, easy w.r.t. the object How to find out what a subject is able to do?

EE579U/2 #16 Spring 2004 © , Richard A. Stanley Security Levels Linear –Top secret –Secret –Confidential –Unclassified Lattice –Security level –Compartment

EE579U/2 #17 Spring 2004 © , Richard A. Stanley Security Level Examples Linear –Marking contains the name of the level –Each higher level dominates those below it Lattice –Marking contains name of level + name of compartment (e.g. TOP SECRET PETUNIA) –Only those “read into” the compartment can read the information in that compartment, and then only at the level of their overall access

EE579U/2 #18 Spring 2004 © , Richard A. Stanley Who Can Read What? In a linear system? In a lattice system? What is dominance?

EE579U/2 #19 Spring 2004 © , Richard A. Stanley System High/Low System High is the highest security level in the system. It can be thought of the apex of all lattice levels System Low is the lowest security level in the system. It can be thought of as that level which all system users can “see” Question? –In a Unix system, what level should be assigned to the root directory?

EE579U/2 #20 Spring 2004 © , Richard A. Stanley Security Model Types Formal (high-assurance computing) –Bell-LaPadula –Biba –Chinese Wall Informal (policy description) –Clark-Wilson

EE579U/2 #21 Spring 2004 © , Richard A. Stanley State Machines BLP: security = property of states State is an instantaneous representation of the system at an instant in time State transition occurs when the state changes State transitions may be constrained With a 1000 MHz processor, what is the likely rate of state change? What are the chances that you can capture all the states of even a desktop computer? Why?

EE579U/2 #22 Spring 2004 © , Richard A. Stanley Bell-LaPadula Is a state machine model Utilizes the machine state to check security –All permissions must be captured –All subjects accessing objects must be captured –These are machine states Complicated state set results Defining state set is the major BLP problem

EE579U/2 #23 Spring 2004 © , Richard A. Stanley Access Control Model SubjectRequest Reference Monitor Object The Reference Monitor validates all requests against permitted state functions We have seen this before, and we will see it again

EE579U/2 #24 Spring 2004 © , Richard A. Stanley BLP Security Policies Mandatory security policies Simple security (ss) policy (no read up) Star (*) policy (no write down) –How to send messages from high to low? –Trusted subjects can violate policy Discretionary (ds) policy If all three properties are satisfied, a state is secure

EE579U/2 #25 Spring 2004 © , Richard A. Stanley Basic Security Theorem A state transition is secure if both the initial and the final states are secure, so If all state transitions are secure and the initial system state is secure, then every subsequent state will also be secure, regardless of which inputs occur. (Proof)

EE579U/2 #26 Spring 2004 © , Richard A. Stanley BLP Advantages Descriptive capabilities of the model Policies based on security levels -- easy to introduce other structures in their place Actual security policies Specific solution (e.g. Multics)

EE579U/2 #27 Spring 2004 © , Richard A. Stanley BLP Disadvantages Deals only with confidentiality, not integrity Does not address management of access control Contains covert channels

EE579U/2 #28 Spring 2004 © , Richard A. Stanley Covert Channel An information flow that is not controlled by a security mechanism Can occur by allowing low-level subjects to see names, results of comparisons, etc. of high-level objects Difficult to find, difficult to control, critical to success

EE579U/2 #29 Spring 2004 © , Richard A. Stanley Harrison-Ruzzo-Ullman Model Deals with BLP lack of procedures to change access rights Uses a structured programming approach to modify the access control matrix Provides a view of complex systems modeled by complex models The more complex a security model is, the more difficult it usually is to verify security properties

EE579U/2 #30 Spring 2004 © , Richard A. Stanley Other Models Chinese Wall –Prevent conflicts of interest Biba –Address integrity with static/dynamic levels Clark-Wilson –Commercial focus on data integrity Information flow –Close covert channels

EE579U/2 #31 Spring 2004 © , Richard A. Stanley So What? These models all seek to provide a framework within which to implement a policy Without such a framework, it will be difficult to impossible to establish a policy that works, or to measure the performance of the policy –This is called a security audit

EE579U/2 #32 Spring 2004 © , Richard A. Stanley How to Deal With These Issues? Policy –Guides the organization in security posture –Provides the benchmark against which activities can be measured Auditing –Attempts to measure success in complying with policy –Provides evidence of security success, failure

EE579U/2 #33 Spring 2004 © , Richard A. Stanley Why Policy? Why laws? Without policy, everything is permitted, as nothing is forbidden –You may think this will work for you, to “enforce” on an ad hoc basis, but exactly what will you enforce?

EE579U/2 #34 Spring 2004 © , Richard A. Stanley Policy Starts with Objectives and Risk Assessment  Security objectives and how risks and vulnerabilities affect achieving them  Threats to information systems  Risk analysis  Vulnerability assessment How to measure?

EE579U/2 #35 Spring 2004 © , Richard A. Stanley Layering Just as with protocols, policy should be layered from top to bottom –Start with broad high-level objectives at the corporate level –Work down to department or section policies, which should be much more detailed -- almost a checklist approach

EE579U/2 #36 Spring 2004 © , Richard A. Stanley Effective Policy Considerations  Identify the key components of a policy that’s right for your system  Threat reduction techniques and their application to policy  Identify responsibilities for security actions  Determine appropriate and consistent countermeasures  Incident detection and management  Damage control and recovery  some examples, good and bad, taken from the 9/11 attacks  Choose appropriate tools to assist in policy development and management  Policy management and maintaining currency  Get and keep staff support for the policy

EE579U/2 #37 Spring 2004 © , Richard A. Stanley How to Get Started? Creating a policy is hard, continuous work There is no shortage of vendors who sell policy templates and tools –These may be useful –As with any tool, using these requires a knowledge of the goals and objectives to be achieved by using the tool –Simply buying a policy does not make it work

EE579U/2 #38 Spring 2004 © , Richard A. Stanley Some Examples

EE579U/2 #39 Spring 2004 © , Richard A. Stanley What Might Be In a Policy? Source:

EE579U/2 #40 Spring 2004 © , Richard A. Stanley Another View from the SANS Institute –1 1. Introduction 1.1.1General Information Objectives –1.2 Responsible Organizational Structure Corporate Information Services Business Unit Information Services International Organizations Tenants Security Standards – Confidentiality Integrity Authorization Access Appropriate Use Employee Privacy

EE579U/2 #41 Spring 2004 © , Richard A. Stanley Another View from the SANS Institute – 2 2. Domain Services –2.1.1 Authentication Password Standards Resident Personnel Departure Friendly Terms Unfriendly Terms 3. Systems Authentication Intrusion Protection Physical Access Backups Retention Policy Auditing

EE579U/2 #42 Spring 2004 © , Richard A. Stanley Another View from the SANS Institute – 3 4. Web Servers –4.1.1 Internal External 5. Data Center –5.1.1 Authentication Intrusion Protection Physical Access Backups Retention Policy Auditing Disaster Recovery

EE579U/2 #43 Spring 2004 © , Richard A. Stanley Another View from the SANS Institute – 4 6. LAN/WAN –6.1.1 Authentication Intrusion Protection Physical Access Modems Dial-in Access Dial-out –6.1.4 Backups Retention Policy Content Filtering Auditing Disaster Recovery Network Operations Center Physical Network Layer

EE579U/2 #44 Spring 2004 © , Richard A. Stanley Another View from the SANS Institute – 5 7. Desktop Systems –7.1.1 Authentication Intrusion Protection Physical Access Backups Auditing Disaster Recovery 8. Telecommunication Systems –8.1.1 Authentication Intrusion Protection Physical Access Auditing Backups Retention Policy Disaster Recovery

EE579U/2 #45 Spring 2004 © , Richard A. Stanley Another View from the SANS Institute – 6 9. Strategic Servers –9.1.1 Authentication Intrusion Protection Physical Access Backups Retention Policy Auditing Disaster Recovery 10. Legacy Systems – Authentication Password Standards – Intrusion Protection Physical Access Backups Retention Policy Auditing Disaster Recovery

EE579U/2 #46 Spring 2004 © , Richard A. Stanley Another View from the SANS Institute – Security Services and Procedures 11.1 Auditing 11.2 Monitoring 12. Security Incident Handling –12.1 Preparing and Planning for Incident Handling 12.2 Notification and Points of Contact 12.3 Identifying an Incident 12.4 Handling an Incident 12.5 Aftermath of an Incident 12.6 Forensics and Legal Implications 12.7 Public Relations Contacts 12.8 Key Steps Containment Eradication Recovery Follow-Up Aftermath / Lessons Learned –12.9 Responsibilities

EE579U/2 #47 Spring 2004 © , Richard A. Stanley Another View from the SANS Institute – Ongoing Activities – Incident Warnings – Virus warnings Intrusion Vulnerabilities Security Patches 14. Contacts, Mailing Lists and Other Resources 15. References

EE579U/2 #48 Spring 2004 © , Richard A. Stanley Yet Another Approach Source:

EE579U/2 #49 Spring 2004 © , Richard A. Stanley Is That All? Probably not Should one person produce the policy? Where is the policy about configuring the system elements? –Operating system settings –Audit and logging procedures –…etc. Help is available, and often for free!

EE579U/2 #50 Spring 2004 © , Richard A. Stanley Another Source: the NSA! Source:

EE579U/2 #51 Spring 2004 © , Richard A. Stanley What’s In the Guides?

EE579U/2 #52 Spring 2004 © , Richard A. Stanley But Wait, There’s More!

EE579U/2 #53 Spring 2004 © , Richard A. Stanley More to Think About Other resources for policy help –Search the Web, look at other’s approach to the policy issue –Look at the Web sites of your vendors for suggestions and updates –Free guides, e.g. Start small, and build incrementally –A manageable policy that is understood is better than a comprehensive one that is ignored

EE579U/2 #54 Spring 2004 © , Richard A. Stanley Now What? Policy is essential, but how do you know if it is working, and how well? You need to do an audit –Not a once in a lifetime event –Need to be regular, but aperiodic –Follow the financial industry guidelines –May want to follow standards

EE579U/2 #55 Spring 2004 © , Richard A. Stanley Summary A security policy is essential to a security posture in any information system Policies cannot be ad hoc if they are to be effective; they must be written, sensible, enforcable, and evaluated Enforcement must be part of the policy Regular audits must be undertaken to ensure the effectiveness of the policy and to identify needs for change and updates.

EE579U/2 #56 Spring 2004 © , Richard A. Stanley Homework Using either your own company network or a network with which you are familiar, and without disclosing confidential information, provide an outline of a policy that either exists or that you would implement based on the discussions in class. Describe the measures in your policy that you believe to be most critical, and how you would implement them and obtain staff support.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.