Presentation is loading. Please wait.

Presentation is loading. Please wait.

Extranet for Security Professionals (ESP)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Extranet for Security Professionals (ESP)"— Presentation transcript:

1 Extranet for Security Professionals (ESP)
Group One

2 Team Members Heather T. Kowalski, Project Lead Tong Xu Ying Hao
Hui Huang Bill Halpin

3 Task Extranet for Security Professionals Company: SEI
Contact: Martin Lindner Security Analysis, using SNA Method

4 Milestones September 28, 2000 October 31, 2000 November 14, 2000
Initial Overview Presentation October 31, 2000 Essential Services Review November 14, 2000 Attack Threat Analysis December 5, 2000 Final Recommendations

5 Client Meetings – To Date
September 15 Introductions High-level Review of Architecture September 20 Business Mission Detailed Overview of Client Goals Detailed Review of Architecture

6 Client Expectations Review the System Design and Architecture
Identify and Document Vulnerabilities Identify Alternative Approaches to ESP Mission

7 SNA – System Definition
Mission Requirements Environment Risk Definition Architecture Definition The SNA descriptions are taken from the Team Project Handout, so they don’t match 100% with the description in the master report.

8 ESP – Mission Central Repository of Security Information
Central Location for Information Sharing Secure Environment, Manageable Resource

9 ESP – Requirements Security over Reliability Exchange of Information
Responsible for Information Only While on ESP System User Driven and Maintained

10 ESP – Environment Dell PowerEdge Servers Windows NT 4.0 (SP3) SSL
Only Minimal Options Activated SSL Cold Fusion Middleware

11 ESP – System Elements COTS Good Programming Practices
Easier to Find Support Staff Easier to Maintain Updates Good Programming Practices Prevention Integrity Code Revision Controls

12 ESP – Architecture The Internet Router Firewall Web Servers
© 2000 by Carnegie Mellon University/SEI ESP – Architecture The Internet Router Firewall There are additional Architecture slides in Marty’s original presentation. I thought that this was the most generic. We can always import the additional slides if needed. Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

13 ESP – Risk Definition System Attacks
Abrogation of User Responsibilities Equipment Failure On-going Process Key difference from other systems – Security over Availability. ESP will be shut down at first thought of trouble.

14 Client Meetings - Expected
Mid-October Verify Traffic Flow Early November Discuss Attack Potential Late November Mitigation Recommendations

15 SNA - Step Two Pending Essential Services & Assets
Trace Scenarios Through Architecture Identify Essential Components of Architecture

16 SNA – Step Three Pending
Review Attacker Profiles Discuss Likely Levels of Attack Identify Possible Attack Scenarios Determine Weak Links in Architecture

17 SNA – Step Four Pending Identify Architecture Deficiencies
Present Current Strategies for 3 R’s Present Suggested Strategy Improvements Present Plan to Implement Improvements 3 R’s = resistance, recognition & recovery.

18 Questions?

Download ppt "Extranet for Security Professionals (ESP)"

Similar presentations

Worksite Web 8.0 at Miller & Martin

Worksite Web 8.0 at Miller & Martin
High level QA strategy for SQL Server enforcer

High level QA strategy for SQL Server enforcer
Oracle Financial System Project Team: Aseem Gupta Jeng Toa Lee Jun Lu Kevin Patrick Zhu Thomas Verghese Weicheng Wong Xuegong Wang ( Jeff ) Date : 26 th.

Oracle Financial System Project Team: Aseem Gupta Jeng Toa Lee Jun Lu Kevin Patrick Zhu Thomas Verghese Weicheng Wong Xuegong Wang ( Jeff ) Date : 26 th.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.

DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Extranet for Security Professionals Intrusion Scenarios Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Nov. 14, 2000.

Extranet for Security Professionals Intrusion Scenarios Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Nov. 14, 2000.
0-1 Team # Status Report (1 of 4) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team #: Team Name.

0-1 Team # Status Report (1 of 4) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team #: Team Name.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
0-1 Team # Status Report (1 of 4) Client Contact –Status Point 1 –Status Point 2 Team Meetings –Status Point 1 –Status Point 2 Team Organization –Description.

0-1 Team # Status Report (1 of 4) Client Contact –Status Point 1 –Status Point 2 Team Meetings –Status Point 1 –Status Point 2 Team Organization –Description.
Extranet for Security Professionals Essential Services Analysis Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Oct. 31, 2000.

Extranet for Security Professionals Essential Services Analysis Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Oct. 31, 2000.
Distance Education Team 2 Security Architectures and Analysis.

Distance Education Team 2 Security Architectures and Analysis.
Physician Reminder System The Western Pennsylvania Hospital 10/3/00 95-750 Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga.

Physician Reminder System The Western Pennsylvania Hospital 10/3/ Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga.
Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.

Earl Crane Hap Huynh Jeongwoo Ko Koichi Tominaga 11/14/2000 Physician Reminder System SNA Step 3.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
1 Security Architecture and Analysis Management of System Development and Implementation –The System Development Process –Issues and Risks –Mitigation.

1 Security Architecture and Analysis Management of System Development and Implementation –The System Development Process –Issues and Risks –Mitigation.
0-1 Team 1 Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auto-Owners.

0-1 Team 1 Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auto-Owners.
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.

Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon.
System Analysis and Design

System Analysis and Design
0-1 Team ?? Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auraria.

0-1 Team ?? Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auraria.

Similar presentations

Ads by Google