Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Security the Intelligent Way: Moving from Spreadsheets to a Knowledge Base Joshua Drummond, Security Architect Neil Matatall, Security Programmer/Analyst.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Managing Security the Intelligent Way: Moving from Spreadsheets to a Knowledge Base Joshua Drummond, Security Architect Neil Matatall, Security Programmer/Analyst."— Presentation transcript:

1 Managing Security the Intelligent Way: Moving from Spreadsheets to a Knowledge Base Joshua Drummond, Security Architect Neil Matatall, Security Programmer/Analyst Marina Arseniev, Associate Director of Enterprise Architecture University of California, Irvine

2 Located in Southern California Year Founded: 1965 Enrollment: over 24K students 1,400 Faculty (Academic Senate) 8,300 Staff 6,000 degrees awarded annually Carnegie Classification: Doctoral/Research – Extensive Extramural Funding - 311M in 2005-2006 Undergoing significant enrollment growth

3 Our Security Status? http://www.privacyrights.org –800,000 in November, 2006: Hacker(s) gained access to a database containing personal information on current and former students, current and former faculty and staff, parents of financial aid applicants, and student applicants, including those who did not attend. Exposed records contained names, SSNs, birth dates, home addresses, and contact information. –35,000 in December, 2006: The University discovered that personal information of current and former students, faculty members, and staff may have been exposed by a computer network intrusion -- including names,SSNs, home addresses, phone numbers and e-mail addresses. –11,000 in February, 2007: Names, grades, and SSNs were posted on an unprotected Web site after summer session in 1999. College stopped using SSNs as students IDs in 2002. –65,000 - February, 2007: A programming error resulted in personal information of individuals being exposed on the University's Web site. Included were names, addresses, SSNs, and in some cases credit card numbers.

4 Security is Multi-layer

5 We do a lot today… SDLC and Change Management Security requirements and design reviews from get-go. Code reviews of all security and database code Developers reuse security components –Single-signon, authorization API, user identity objects Automated nightly code and application security scanning –Jtest, AppScan, Nessus, database security scanning Scheduled network & configuration vulnerability scanning –Firewall rules, Foundstone, Sophos virus scans, Tripwire Consolidated storage of sensitive data, database model reviews of personal identity data Concurrency and stress testing to detect thread security –Jmeter, OpenSTA (100s of concurrent virtual test user load) REPEAT, REPEAT, and REPEAT…

6 Still had problems Urgent call from our director: –Have you patched the server with X? –Is Server Y behind a firewall? –Did Server Y have any Credit Card information stored? –Is the database encrypted? –When was the last time a security review of Application X was done? Dana Doe is on vacation! Don’t know! Different answers from different people! Little confidence that information is current. Spreadsheet Hell! –Too many checklists, spreadsheets, and documents –Host IP change introduces document update nightmare. –If a server is added, remember to add it to the firewall rules in multiple spreadsheets. How about scanning tools? –Missing information, such as whom to contact for problem. –Scattered information in documents outside of Excel on multiple file systems, whiteboards, obscure and owned by and accessible to different people

7 Objectives Needed to better organize, consolidate, and centralize security policy and procedures. Needed to manage “preventative security maintenance” more consistently and efficiently, with less redundancy… –Security checklists and rules –Security reviews and their results, track enforcement and followup –Oversight functions for secure development, acquisition, maintenance and operations.

8 Agenda Background on Ontologies and Protege Realized value - demonstration of our knowledgebase and reports How to implement it in your organization Summary Useful URLs and Q&A

9 What we learned … Maintaining separate spreadsheets on server configurations, firewalls, and personal identity data, each with redundant and inconsistent information, is inappropriate in today's security climate. This presentation will demonstrate the use of Protégé, an open source ontology and knowledge-based tool, to intelligently capture and maintain comprehensive enterprise security information in a single repository.

10 Background What is an Ontology? –“An ontology describes the concepts and relationships that are important in a particular domain, providing a vocabulary for that domain as well as a computerized specification of the meaning of terms used in the vocabulary. In recent years, ontologies have been adopted in many business and scientific communities as a way to share, reuse and process domain knowledge. Ontologies are now central to many applications such as scientific knowledge portals, information management systems, and electronic commerce. “ –Supports inheritable properties (is-a) –Attributes of an object can be complex objects themselves (rich). Nestable… Writing Short Story Historical Novel ClassicMedievalModern Book Ontology

11 Stanford University’s Protégé Knowledgebase and Ontology Tool Allows easy modeling and creation of ontology Auto generates forms for collecting and capturing information based on ontology and class definitions. “Reverse slots” allow rich linking ability and automatic updates of changing relationships. –Remember the removal of the server and associated updates of firewall rules? Generates an HTML view of knowledge and ontology. Can use an XML plug-in –generate reports in other formats and for specific audiences, without storing redundant data. Currently used for UCI Enterprise Architecture Repository Open source at http://protege.stanford.edu/http://protege.stanford.edu/

12 Protégé GUI

13 Protégé – Knowledge Capture

14 HIPAA?

15 Protégé – Application Instances

16 Protégé – Authentication Instances

17 Protégé – Authorization Instances

18 Protégé – Patching Procedures

19 Protégé – Backup Procedures

20 Protégé – Query Capability

21 Agenda Background on Ontologies and Protege Realized value - demonstration of our knowledgebase and reports How to implement it in your organization Summary Useful URLs and Q&A

22 Realized Value: Autogenerated Reports from Protege Network Inventory Report –By Host Name –By IP Address Firewall Rules Report –By Firewall –By Host Name –By IP Address Personal Identity Database Report –By Server –By Database Personal Identity Datafile Report –By Server

23 Before and After - Firewalls Unix Sys Admin Windows Sys Admin Department Firewall Admin Campus Border Firewall Admin

24 Report: Network Inventory

25 Report: Firewall by Host

26 Reports: Personal Identity Database by Server

27 Reports: Personal Identity Datafile by Server

28 Using Protégé to Capture Reviews

29

30

31 Agenda Background on Ontologies and Protege Realized value - demonstration of our knowledgebase and reports How to implement it in your organization Summary Useful URLs and Q&A

32 How to Implement in your Organization… Step 1: Inventory existing spreadsheets and documents related to security. Step 2: Identify information you want to track centrally. What is important or critical? Do that first. Step 3: Design your ontology (or copy ours) Step 4: Assign roles – who updates, who views Step 5: Capture information Step 6: Add any customizations to Protégé Step 7: Create secured reports for various audiences –Validate reports and usefulness of collected information with stakeholders.

33 How - Our Ontology

34 How - Protégé Customizations Although editing of knowledge base is done centrally through the Protégé desktop client, we wanted to automate the generation of all report output Wrote two custom Java classes that use the Protégé API to emulate actions usually done through GUI to be done through an automated command line script instead –edu.uci.adcom.protege.ProjectXmlExport –edu.uci.adcom.protege.ProjectHtmlExport Modified the existing HTML Export plug-in to change the structure of the output HTML –List Instances before Slots on Class pages –Made string attributes that are URLs actual hyperlinks –Add line breaks between multiple Slot values

35 Using Protégé to Capture Reviews

36 How – Using XSLT for Reports Replicate exactly and replace former spreadsheets with the same functionality Created canned reports for specific views on knowledge XSLT is used to transform XML export of entire knowledge base to report specific “simple” XML Then again from the “simple” XML to multiple HTML views for each report or Excel Spreadsheet XSL and CSS are flexible and can be modified to customize presentation of data

37 Reports: Personal Identity Datafile by Server

38 How - Putting it all together Ant script is used to tie everything together and make it easily scheduled from command line

39 After Rich inventory of knowledge, including firewall rules and network inventory New information - that didn’t exist Zero spreadsheets 10 custom reports – both HTML and Excel Centralize maintenance of single repository across organizational units Access based on privileges 60 individuals in the organization have a clear view of potential holes in security for analysis and proactive planning Sensitive data tracked –35 data files –50 database fields Tracking versions of 12 major applications for patch management Added 5 hosts to backup and anti-virus scanning procedure Before Firewalls –Border, Police, Financial Services, Windows OS, and Server Firewall –Each firewall had its own spreadsheet (5 spreadsheets total) –30+ servers behind multiple firewalls. Servers duplicated across spreadsheets. White Boards –Partial Network Inventory –Unpatched servers on whiteboard 4 units keeping redundant or out of sync information in private locations Limited access - personal computers Sensitive data locations unclear No version management of applications Servers with no virus protection or backed up Metrics

40 Future Plans Continue to evolve the ontology to include more attributes and relationships Continue capturing and updating new information Look into using the Protégé Web-based front-end with a JDBC backend to support multi-user updates and views. Generate checklists intelligently based on attributes for reviews –Example: if reviewing an application running on IIS and MS SQL Server, the checklist would be customized to that environment. Generate more canned reports. Write queries that proactively determine potential trouble spots –A personal identity database field that has not been encrypted. –An application review that requires follow-up on security vulnerabilities

41 Q&A AdCom's application security checklist - http://snap.uci.edu/viewXmlFile.jsp?resourceID=1440 http://snap.uci.edu/viewXmlFile.jsp?resourceID=1440 Stanford’s Protégé Knowledgebase and Ontology Tool (Java, Open Source)- http://protege.stanford.edu http://protege.stanford.edu XML/XSLT processing - http://xerces.apache.org http://xerces.apache.org Ant - http://ant.apache.orghttp://ant.apache.org

Download ppt "Managing Security the Intelligent Way: Moving from Spreadsheets to a Knowledge Base Joshua Drummond, Security Architect Neil Matatall, Security Programmer/Analyst."

Similar presentations

Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.

WHY CMS? WHY NOW? CONTENT MANAGEMENT SYSTEM. CMS OVERVIEW Why CMS? What is it? What are the benefits and how can it help me? Centralia College web content.
OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.

OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.
HP Quality Center Overview.

HP Quality Center Overview.
University of California, Irvine Enterprise Architecture – an ITLC Update 09.12.2006 Marina Arseniev Associate Director / Enterprise Architecture Administrative.

University of California, Irvine Enterprise Architecture – an ITLC Update Marina Arseniev Associate Director / Enterprise Architecture Administrative.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
File Systems and Databases

File Systems and Databases
University of California, Irvine TechnoExpo, 20041 Enterprise Architecture Implementation: Practical Steps Using Open Source Tools Marina Arseniev - Assistant.

University of California, Irvine TechnoExpo, Enterprise Architecture Implementation: Practical Steps Using Open Source Tools Marina Arseniev - Assistant.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
ASP.NET Programming with C# and SQL Server First Edition

ASP.NET Programming with C# and SQL Server First Edition
BUSINESS DRIVEN TECHNOLOGY

BUSINESS DRIVEN TECHNOLOGY
University of California, Irvine ITAG Face-to-Face -10/18/2010 Marina Arseniev.

University of California, Irvine ITAG Face-to-Face -10/18/2010 Marina Arseniev.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
6 th Annual Focus Users’ Conference Texas Reporting Presented by: Bethany Heslam.

6 th Annual Focus Users’ Conference Texas Reporting Presented by: Bethany Heslam.
Federated Searching Pre-Conference Workshop - The federated searching cookbook Qin Zhu HP Labs Research Library February 18, 2007.

Federated Searching Pre-Conference Workshop - The federated searching cookbook Qin Zhu HP Labs Research Library February 18, 2007.

Similar presentations

Ads by Google