Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Security Assurance Policy Helper (SAPH) 鄭伯炤 Speaker.

Published byAlisha Chase Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Networking Security and Assurance Lab National Chung Cheng University 1 Security Assurance Policy Helper (SAPH) 鄭伯炤 Speaker."— Presentation transcript:

1 Information Networking Security and Assurance Lab National Chung Cheng University 1 Security Assurance Policy Helper (SAPH) 鄭伯炤 bcheng@ccu.edu.tw Speaker : Information Networking Security and Assurance LAB Department of Communication Engineering National Chung Cheng University A Framework for Network Security Assurance Design

2 Information Networking Security and Assurance Lab National Chung Cheng University 2 Outline What is the Problem ? Security Management Life Cycle SAPH (Security Assurance Policy Helper)  SLC (Security Language Composer)  VAST (Vulnerability Assessment & Security Testing) SAPH and Security Assurance Conclusion Reference

3 Information Networking Security and Assurance Lab National Chung Cheng University 3 The Reality How many Incidents By Percentage (%) Security Technologies Used Gartner Group 估計出現在的駭客攻擊有 75% 是發生在應用層 (OSI 第七層 ) 上,而且一次成功的入侵將會產生令人震驚的破壞。 Information and Networking Security Assurance & Survivability Data and Application Security Source : SSI/FBI

4 Information Networking Security and Assurance Lab National Chung Cheng University 4 Attack Motivations, Phases and Goals Revenge Political activism Financial gain Data manipulation System access Elevated privileges Deny of Service Collect Information Public data source Scanning and probing Collect Information Public data source Scanning and probing Actual Attack  Network Compromise  DoS/DDoS Attack Bandwidth consumption Host resource starvation Actual Attack  Network Compromise  DoS/DDoS Attack Bandwidth consumption Host resource starvation Analyze Information & Prepare Attacks Service in use Known OS/Application vulnerability Known network protocol security weakness Network topology Analyze Information & Prepare Attacks Service in use Known OS/Application vulnerability Known network protocol security weakness Network topology

5 Information Networking Security and Assurance Lab National Chung Cheng University 5 What is the Problem ? Vulnerability 1Vulnerability 2Vulnerability n ………. Vulnerability Database e.x. Bugtraq Quick & Dirty !!! Solution 1 Solution 2 Solution n Security Operation Center (SOC)

6 Information Networking Security and Assurance Lab National Chung Cheng University 6 Security Management Cycle Problems Security Policy Implementation Design Assessment & Testing Monitoring & Audit Service Provision Business Requirement How to map business and service requirements into security policy How to automate security management cycle (i.e. eliminating the gaps and smoothing processes between different security management phases) How to evaluate the risk of exposure and the cost of security breaches Security Operation Center (SOC)

7 Information Networking Security and Assurance Lab National Chung Cheng University 7 Security Management Cycle Problems Design  Defining a good security policy and the topology of network in accordance with the requirements of an enterprise and the goal of the business Monitoring & Audit  Performing testing and scanning to appraise risk values on the target network Implementation  Including installing, system level testing, education and technical transference, etc Assessment & Testing  Check whether the security policy is implemented correctly and investigate any intrusions

8 Information Networking Security and Assurance Lab National Chung Cheng University 8 VAST: Vulnerabilities Assessment & Security Testing DTN: Defense Target Network SLC: Security Language Composer Policy & Topology Model SLC VAST Script GeneratorLighter DTN GUI Enforcement Object Storage White Hat Audit/System Log SAPH Conf. Profile x Security Guardian Black Hat SAPH Architecture VerifierImport/Interpreter

9 Information Networking Security and Assurance Lab National Chung Cheng University 9 SLC: Get The Highest Level of Security Make good security policies to protect your networks and services  Accomplishable  Enforceable  Definable Identify real security needs for service and match business requirements Assessment and risk evaluation

10 Information Networking Security and Assurance Lab National Chung Cheng University 10 SAPH Components – Security Language Composer GUI : a Graphic User Interface providing user interactions Policy & Topology model: allowing user to define security policies and network topology based on business and service requirements. Security Guardian : an engine evaluates the risk of exposure and the cost of security breaches based on built-in and user-define functions Object Storage : store network objects and security policy definitions Enforcement : an intelligent agent is able to produce configuration profiles based on acceptable risks, security policy settings and network topology. Configuration Profile : a set of configuration parameters and running scripts for network element and security device

11 Information Networking Security and Assurance Lab National Chung Cheng University 11 Policy & Topology Model Display an idea Communicate to System and other engineer OAB (Object Association Binding)  Object Entity 、 Concept or Group Data & Attribution  Association Relation Between Two Object Direction 、 Condition 、 Action & Transition  Binding Relation Between Two Model Object in Policy Model & Object in Topology Model Policy & Topology Model SLC GUI Enforcement Object Storage Conf. Profile x Security Guardian

12 Information Networking Security and Assurance Lab National Chung Cheng University 12 OAB (Object Association Binding) Policy Mode George Attribution Info. Dep Engineer Topology Mode Binding Subnet 140.123.113.0/24 Subnet 140.123.113.0/24 Association If protocol =! FTP accept Firewall 140.123.113.25 Host 140.123.114.14 rule 2 : Deny FTP connection rule 1 : George can access the Marketing Dep. Network Security Policy Binding Attribution Emp. 15 Computer 12 George Marketing Dep.

13 Information Networking Security and Assurance Lab National Chung Cheng University 13 Security Guardian : Check Policy & Topology and Evaluate the Risk Risk Exposure Network Topology Security Policy Policy & Topology Model SLC GUI Enforcement Object Storage Conf. Profile x Security Guardian ■ User-Define Factors ■ Information Asset ■ Vulnerability ■ Probability Loss ■ Event Severity

14 Information Networking Security and Assurance Lab National Chung Cheng University 14 Risk Relationship Assets Physical Hardware Software OSApplication Security Threat Classification Theft Fire Explosive ….. Radiation Service in use Known OS/Application vulnerability Known network protocol security weakness Network topology Security Threat Probability Level Value Severity Level Value

15 Information Networking Security and Assurance Lab National Chung Cheng University 15 Evaluation Function (Built-In and User- Defined) P i : Probability Loss S i : Event Severity T i : Threat Factor C i : Class Risk T i : Threat Factor If A <  then X otherwise Y A: Asset Risk Exposure  : Acceptable Risk Value C i : Class Risk X,Y : Accept Value (e.g., Boolean)

16 Information Networking Security and Assurance Lab National Chung Cheng University 16 Enforcement Network Topology Security Policy Equipment Adaptors Script files Network Configuration Policy & Topology Model SLC GUI Enforcement Object Storage Conf. Profile x Security Guardian Enforcement

17 Information Networking Security and Assurance Lab National Chung Cheng University 17 SLC: Get The Highest Level of Security Make good security policies to protect your networks and services  Accomplishable  Enforceable  Definable Identify real security needs for service and match business requirements Assessment and risk evaluation

18 Information Networking Security and Assurance Lab National Chung Cheng University 18 VAST: Vulnerabilities Assessment & Security Testing DTN: Defense Target Network SLC: Security Language Composer Policy & Topology Model SLC VAST Script GeneratorLighter DTN GUI Enforcement Object Storage White Hat Audit/System Log SAPH Conf. Profile x Security Guardian Black Hat SAPH Architecture VerifierImport/Interpreter

19 Information Networking Security and Assurance Lab National Chung Cheng University 19 VAST: Assure Information and Networking Security Assessment  Information reconnaissance and network scan  Vulnerability assessment and threat Analysis Penetration  System penetration test  Security policy certification Auditing  Log analysis

20 Information Networking Security and Assurance Lab National Chung Cheng University 20 SAPH Components - Vulnerabilities Assessment & Security Testing (VAST) Import/Interpreter: a converter to import audit log/syslog from security audit tools and network elements into Black Hat Database or transform attack severity/structure to Evaluator for further analysis. Black Hat Database: real hacker signatures and methods White Hat Database: network architecture and network element (e.g., router and firewall) configuration, security profiles and well know security holes Verifier: an engine use both Black Hat and White Hat Database to forecast/analyze possible vulnerabilities Script Generator: generating script files to exploit vulnerabilities Lighter: an engine launch attacks based on hacker scripts

21 Information Networking Security and Assurance Lab National Chung Cheng University 21 Lighter Reconnaissance Nslookup Whois ARIN Dig Target Web Site Others Network Scanning Telnet Nmap Hping2 Netcat ICMP: Ping and Traceroute Vulnerability Assessment Nessus SARA VAST Script Generator Lighter White Hat Black Hat Verifier Import/Interpreter Script Generator

22 Information Networking Security and Assurance Lab National Chung Cheng University 22 VAST: Assure Information and Networking Security Assessment  Information reconnaissance and network scan  Vulnerability assessment and threat Analysis Penetration  System penetration test  Security policy certification Auditing  Log analysis

23 Information Networking Security and Assurance Lab National Chung Cheng University 23 SAPH and Security Assurance Design assurance  Policy & Topology Model : OAB (Object Association Binding)  Security Guardian Development assurance  VAST Operation assurance  Enforcement  GUI

24 Information Networking Security and Assurance Lab National Chung Cheng University 24 Conclusion Security Operation Center (SOC) Before After Security Operation Center (SOC) Increase ProductivitySave Cost Enhance SecurityExtend Network Management SAPH

25 Information Networking Security and Assurance Lab National Chung Cheng University 25 Reference (1/2) BCS Review 2001 Setting standards for information security policy http://www.bcs.org.uk/review/2001/html/p181.htm B. Fraser, “RFC2196: Site Security Handbook”, IETF, September 1997. BUGTRAQ http://www.securityfocus.com/archive/1 E. Carter, Cisco Secure Intrusion Detection System, Cisco Press, 2001 G. Stoneburner, A. Goguen, and A. Feringa "Risk Management Guide for Information Technology Systems", Special Publication 800-30, NIST. J. Wack and M. Tracey, “Guideline on Network Security Testing”, Draft Special Publication 800-42, NIST, February 4, 2002

26 Information Networking Security and Assurance Lab National Chung Cheng University 26 Reference (2/2) Microsoft Security Bulletin MS03-028 http://www.microsoft.com/technet/treeview/default.asp?url=/te chnet/security/bulletin/ms03-028.asp R. M. Barnhart, “High Assurance Security Mideical Information Systems”, Science Application International Corporation, 2000 SANS Institute - Security Policy Project. http://www.sans.org/resources/policies/ S. Northcutt, L. Zeltser, S. Winters, K. Kent Frederick, R. W.Ritchey, Inside Network Perimeter Security, New Riders, 2003 T. Layton, “Penetration Studies – A Technical Overview” SANS, May 30, 2002

27 Information Networking Security and Assurance Lab National Chung Cheng University 27 Question ? Thank You !

Download ppt "Information Networking Security and Assurance Lab National Chung Cheng University 1 Security Assurance Policy Helper (SAPH) 鄭伯炤 Speaker."

Similar presentations

The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.

Information Networking Security and Assurance Lab National Chung Cheng University Network Security (I) 授課老師 : 鄭伯炤 Office: Dept. of Communication Rm #112.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Information Security Policies and Standards

Information Security Policies and Standards
Vulnerability Analysis Borrowed from the CLICS group.

Vulnerability Analysis Borrowed from the CLICS group.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.

Intrusion Detection Systems CS391. Overview  Define the types of Intrusion Detection Systems (IDS).  Set up an IDS.  Manage an IDS.  Understand intrusion.
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.

Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Www.skyboxsecurity.com Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
What is FORENSICS? Why do we need Network Forensics?

What is FORENSICS? Why do we need Network Forensics?

Similar presentations

Ads by Google