April 09, 2008 The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 1 The Demilitarized Zone as an Information Protection Network Presented By Parvathy Subramanian
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 2 Agenda ► Introduction ► Fundamental IPN concepts ► Enterprise Security principles ► Implementing IPN’s with complex security Integrated IPN Virtual IPN Connectivity policy (uncontrolled network connection) Nested IPN configuration ► Enterprise information in the IPN ► IPN Technology components
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 3 Introduction ► Information protection requires an in-depth risk-based approach involving network, host, and application security, which together constitute a defense-in-depth approach to information protection [1] ► DMZ provides network layer security from untrusted network via an intermediary network charged with granting or denying access to external hosts and ports within the enterprise network. ► Hosts within the enterprise network provides the second level network security ► Finally, Applications within the hosts provide the final layer of defense. ► Risk = threat * vulnerability * value Threat and vulnerability are real numbers between (0,t) and (0,v) Value is represented in dollars. It ranges between ($0, $n).
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 4 Enterprise security core principles and supporting requirements
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 5 Fundamental IPN (Information Protection Network) Concepts A typical IPN separates trusted network and external network. The trusted network is connected to an internal router. The External network is connected to an external router.
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 6 Fundamental IPN (Information Protection Network) Concepts The public access server and DNS can be accessed and responds to requests from external network. They cannot initiate any outbound sessions. All these controls involves authentication. Some servers are needed to support IPN security function.
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 7 Enterprise Security Principles ► “Never assume that another component of the IPN is completely trusted to perform its intended function with 100% reliability.” Example: It’s the responsibility of the external router to permit external network DNS query request and nothing else to the DNS server. ► ► “The IPN and all its components constitute a security system, and it should be managed accordingly — as a system, not a collection of independent components”. Example: A group of staff are responsible for administration of DNS host/service. Each individuals should work together and there should be some coordination mechanism built into change control process.
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 8 Implementing IPN’s with complex security ► Large enterprise is composed of several geographically distributed campus network. ► IPN Principle: The IPN can be used to implement an array of department wide mandatory and recommended baseline security policies and practices, as well as those that might be site specific or used by the site to augment the department wide direction or guidelines.[1] ► IPN is used to: Control the flow of traffic through it. Hide local site details. Facilitate protection of data in transit. Monitor network activities. Resist unauthorized use of site resources. Protect the site and itself from unauthorized change.
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 9 Integrated IPN ► Same physical facility and equipment are used to protect both the networks ► One router can be configured as two virtual router. Or use just a single router with complex access control policies
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 10 Virtual IPN ► From the equipment and the circuit perspective there are 2 separate IPN ► From the system’s perspective there is only one virtual IPN ► Less efficient, but appropriate depending on the site and organizational structure of the enterprise
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 11 Connectivity policy (Uncontrolled network connection) ► Network A and B have different security policies ► Data flow between them should be mediated via an IPN ► Direct connectivity compromises the information security ► There is no “Stronger than” relation between network A and B. ► Clearly, there is an expose to vulnerabilities, even though the IPN protect each according to its own needs.
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 12 Nested IPN ► Most often there is a “stronger than” relationship that exist between two networks. ► In such case clear and formal agreement should be specified between the directly adjacent network, particularly to ingress policy. ► Egress policy is solely within the control of a single network.
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 13 Enterprise information in the IPN ► IPN along with security measures, also provides a means for information and application sharing between the enterprises and/or the business partners. ► With the introduction of private business data into the IPN, extra diligence should be given to security measures. ► Strict configuration change control procedure should be maintained and trained security professionals should be part of IPN mgnt team. ► Clear separation of roles should be ensured, so that security is not compromised in a misguided attempt to satisfy a single business need.
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 14 ► IPN implementation includes network zones. This includes both security and business components ► Example: Access to restrictive zone is limited to site users whose roles is to manage and maintain business application. ► Ingress to public zone is permitted if the source is from restrictive zone. ► Its denied otherwise. ► Strong authentication should be provided for ingress policies that are allowing access to the restrictive zone.
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 15 IPN Technology components IPN Tech. components Connectivity Component Security Components Network and Application systems Example: Switches, Routers, Load balancers, DNS Systems designed to ensure: Confidentiality Integrity Availability Example: Firewall, Intrusion detection system, SSL, VPN
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 16 ► Router: A pair of routers serve as the demarcation point of an IPN environment. It also provides a set of ACL defining the ingress and egress policies. The ACL should explicitly deny all other traffic. Router based ACLs are extremely important to the IPN, they are the first line of defense against all unknown security threats. ► Switching: IPN’ are highly dependent upon the layer-two switches for primary network connectivity. Problems related to switches in IPN network are related to human errors. VLAN technology is commonly employed in IPN environment to provide logical separation using shared security and network connectivity hardware. Zones in the IPN can be implemented using VLAN technology. Connectivity Components
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 17 Security Components ► Firewalls: Stateful inspection devices. Monitors bi-directional traffic to ensure compliance with predefined security policies. They take specific action like session termination, redirection, logging and alarms in response to unauthorized traffic. ► Intrusion Detection Systems: Based on the capabilities and policies, an IDS can decode any malicious traffic flow. IDS devices are placed inside, outside and on each host of an IPN. Suspected events are consolidated, normalized and correlated for real-time analysis.
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 18 Security Components (Cont..) ► Intrusion Prevention Systems: It’s a hybrid between firewall and IDS. It functions as a IDS, but can be placed with the network devices like firewall. ► Domain Name Services: Provides name resolution service Provides local and geographical load distribution. Split DNS is implemented to hide internal hostnames from external views. ► Web cache and reverse proxy: ► Business Continuity: Disaster recovery
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 19 Conclusion ► Final goal is to provide simple and secure IPN environment. ► Scalability and expansion to accommodate growth should be allowed. ► Performance, Availability and scalability are extremely important for a successful implementation of an IPN.
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 20 Reference ► [1] Enterprise information systems assurance and system security Managerial and Technical issues, Merrill Warkentin and Rayford B. Vaughn. ► [2]
April 09, 2008The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 21 Questions