Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chaos to Clarity: Consolidate Your Security Information into a Knowledge Base Joshua Drummond, Security Architect Neil Matatall, Security Programmer/Analyst.

Published byFlora Reed Modified over 9 years ago

Similar presentations

Presentation on theme: "Chaos to Clarity: Consolidate Your Security Information into a Knowledge Base Joshua Drummond, Security Architect Neil Matatall, Security Programmer/Analyst."— Presentation transcript:

1 Chaos to Clarity: Consolidate Your Security Information into a Knowledge Base Joshua Drummond, Security Architect Neil Matatall, Security Programmer/Analyst Marina Arseniev, Associate Director of Enterprise Architecture University of California, Irvine

2 About us… Located in Southern California Year Founded: 1965 Enrollment: over 24K students 1,400 Faculty (Academic Senate) 8,300 Staff 6,000 degrees awarded annually Carnegie Classification: Doctoral/Research – Extensive Extramural Funding - 311M in 2005-2006 Undergoing significant enrollment growth

3 Security Status Across Higher Ed? http://www.privacyrights.org –800,000 in November, 2006: Hacker(s) gained access to a database containing personal information on current and former students, current and former faculty and staff, parents of financial aid applicants, and student applicants. –5,800 in August, 2007: Computer with the SSNs of students was discarded before its hard drive was erased, forcing the school to warn students about potential identify theft. –4,375 on September, 2007: Former students at risk for identity fraud after an instructor's laptop computer was stolen. –3,100 on September, 2007: A technical problem in the way student bills are printed possibly allowed student SSNs to be sent to another student's address.

4 Security is Multi-layer

5 We do a lot… SDLC and Change Management Security requirements and design reviews from get-go. Code reviews Developers reuse security components Automated nightly code and application security scanning Scheduled network & configuration vulnerability scanning Consolidated storage of sensitive data, database model reviews of personal identity data Concurrency and stress testing to detect thread security

6 Still had problems Urgent call from our director: –Have you patched server X? –Is Server Y behind a firewall? –Did Server Y have any Credit Card information stored? –Is the database encrypted? –When was the last time a security review of Application X was done? Peter The Anteater is on vacation! Peter is now at Google! Different answers from different people. Little confidence that information is current.

7 Not enough… –Many security layers meant many documents owned by many people –Scattered checklists, spreadsheets, and diagrams not accessible –Host IP change = document update nightmare. –New server? Update how many firewalls? – Missing information, such as whom to contact – Proprietary knowledge departed with staff turnover Spreadsheet Hell!

8 What we learned … Maintaining separate spreadsheets on server configurations, firewalls, and personal identity data, each with redundant and inconsistent information, is inappropriate in today's security climate. Explored different approaches and tools – both vendor and open source. Merged with the Enterprise Architecture approach to use Stanford’s Protégé Knowledgebase. –Open source ontology and knowledge-based tool, to intelligently capture and maintain comprehensive enterprise security information in a single repository.

9 Objectives Quickly respond to threats. Organize, consolidate, and centralize security procedures and facts about layers of security. –Facts about data, architectures, components, applications, encryption, auditing/logging, firewalls/rules, backup procedures, etc –Track security checklists –Track code, database, and security reviews, results and follow-up –Track oversight functions for secure development, acquisition, maintenance, operations and decommissioning.

10 Agenda Background on Ontologies and Protégé Realized value - demonstration of our knowledgebase and reports How to implement this in your organization Summary Useful URLs and Q&A

11 Background What is an Ontology? –“An ontology describes the concepts and relationships that are important in a particular domain, providing a vocabulary for that domain as well as a computerized specification of the meaning of terms used in the vocabulary. In recent years, ontologies have been adopted in many business and scientific communities as a way to share, reuse and process domain knowledge. Ontologies are now central to many applications such as scientific knowledge portals, information management systems, and electronic commerce. “ –Supports inheritable properties (is-a) –Attributes of an object can be complex objects themselves (rich). Nestable… Writing Short Story Historical Novel ClassicMedievalModern Book Ontology

12 Stanford University’s Protégé Allows easy modeling and creation of ontology Auto generates forms for collecting and capturing information based on ontology and class definitions. “Reverse slots” allow rich linking ability and automatic updates of changing relationships. –Remember the removal of the server and associated updates of firewall rules?

13 Stanford University’s Protégé Generates an HTML view of knowledge and ontology. Can be exported in XML format –generate reports in other formats and for specific audiences, without storing redundant data. Multi-user capable Highly Scaleable –Simulations have handled over 5 million objects Open source at http://protege.stanford.edu/http://protege.stanford.edu/ –Java API to program against –Under active development (last release Aug 24, 2007)

14 Protégé GUI

15 Protégé – Knowledge Capture

16

17 HIPAA?

18 Protégé – Application Instances

19 Protégé – Authentication Instances

20 Protégé – Authorization Instances

21 Protégé – Patching Procedures

22 Protégé – Backup Procedures

23 Protégé – Query Capability

24 Agenda Background on Ontologies and Protégé Realized value - demonstration of our knowledgebase and reports How to implement it in your organization Summary Useful URLs and Q&A

25 Using Protégé to Capture Reviews

26

27

28 Realized Value: Auto-generated Reports from Protégé Network Inventory Report –By Host Name –By IP Address Firewall Rules Report –By Firewall –By Host Name –By IP Address Personal Identity Database Report –By Server –By Database Personal Identity Datafile Report –By Server Application Report –Includes developed and vendor applications

29 Before and After - Firewalls Unix Sys Admin Windows Sys Admin Department Firewall Admin Campus Border Firewall Admin Database Admin

30

31 Report: Firewall by Host

32 Reports: Personal Identity Database by Server

33 Reports: Personal Identity Datafile by Server

34 Agenda Background on Ontologies and Protégé Realized value - demonstration of our knowledgebase and reports How to implement it in your organization Summary Useful URLs and Q&A

35 How to Implement in your Organization… Step 1: Inventory existing spreadsheets and documents Step 2: Identify information you want to track centrally. Step 3: Design your ontology (or copy ours) Step 4: Assign roles – who updates, who views Step 5: Capture information Step 6: Add any customizations to Protégé Step 7: Create secured reports for various audiences

36 Our Ontology

37 Updates 3 ways to update your knowledge base Desktop Client / Local Project –Only one person can update at a time –Must have access to project file Web Server –Multi-User, access anywhere –Interface has its weaknesses Client / Server –Best of both worlds –Must have desktop client installed

38 Updates – Client / Server Use built-in client-server mode for multi-user updates Grant access to individual users –Support for role-based permissions Updates are propagated in near-real-time BE CAREFUL! –Everything is stored in plain text

39 Customizations Modified the existing HTML Export plug-in to change the structure of the output HTML –Encrypt Sensitive Values –List Instances before Slots on Class pages –Made string attributes that are URLs actual hyperlinks –Add line breaks between multiple Slot values

40 Using Protégé to Capture Reviews

41 Automation Although editing of knowledge base is done centrally through the desktop client, we wanted to automate the generation of reports Wrote two Java classes that use the Protégé API to emulate actions usually done through GUI –edu.uci.adcom.protege.ProjectXmlExport –edu.uci.adcom.protege.ProjectHtmlExport

42 Using XSLT for Reports Replicate exactly and replace former spreadsheets with the same functionality Created canned reports for specific views on knowledge XSLT is used to transform XML export of entire knowledge base to report specific “simple” XML Then again from the “simple” XML to multiple HTML views for each report XSL and CSS are flexible and can be modified to customize presentation of data

43 Protégé Java - edu.uci.adcom.ProjectXMLExport XSLT – Massage to Domain Specific Data XSLT – Generate Individual Reports (For Web Reports) CSS – To Customize the Display Report Generation Process Outline

44 Reports: Personal Identity Datafile by Server

45 Putting it all together Ant script is used to tie everything together Can be easily scheduled to generate reports

46 After Centralized inventory of knowledge about firewall rules Zero spreadsheets 3 custom reports – HTML and Excel Centralize maintenance of single repository across organizational units No redundancy Before Border, Police, Financial Services, Windows OS, and Server Firewall Each firewall had its own spreadsheet maintained by a different person (5 spreadsheets total) 30+ servers behind multiple firewalls. Servers duplicated across spreadsheets. Metrics – Firewall Management

47 After New information - that didn’t exist –Integrated database, network, and application information Zero spreadsheets 9 custom reports –HTML and Excel Centralize maintenance of repository across organizational units Access to repository extended to 60 individuals based on privileges Clearer view of potential holes in security for analysis and proactive planning Sensitive data tracked –40 data files –50 database fields Added 40 hosts to backup and anti- virus scanning procedure Before White Boards and Documents –Partial Network Inventory –Unpatched servers on whiteboard 4 units keeping redundant or out of sync information in private locations Limited access - personal computers Sensitive data locations unclear Servers with no virus protection or backed up Metrics – Network and Data Inventory

48 Future Plans Continue to evolve the ontology to include more attributes and relationships Continue capturing and updating new information –Automate capture of information with tools Create an plugin for encrypting sensitive information Create a slot-based authorization plugin Generate checklists intelligently based on attributes –Example: if reviewing an application running on IIS and MS SQL Server, the checklist would be customized to that environment. Create notifications about potential trouble spots –A personal identity database field that has not been encrypted.

49 Q&A AdCom's application security checklist - http://snap.uci.edu/viewXmlFile.jsp?resourceID=1440 http://snap.uci.edu/viewXmlFile.jsp?resourceID=1440 Stanford’s Protégé Knowledgebase and Ontology Tool (Java, Open Source)- http://protege.stanford.eduhttp://protege.stanford.edu XML/XSLT processing - http://xerces.apache.orghttp://xerces.apache.org Ant - http://ant.apache.orghttp://ant.apache.org

Download ppt "Chaos to Clarity: Consolidate Your Security Information into a Knowledge Base Joshua Drummond, Security Architect Neil Matatall, Security Programmer/Analyst."

Similar presentations

CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.

CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
ICS 434 Advanced Database Systems

ICS 434 Advanced Database Systems
Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.

Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.
Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version) www.megalith-solutions.com.

Test Case Management and Results Tracking System October 2008 D E L I V E R I N G Q U A L I T Y (Short Version)
© 2005 by Prentice Hall Appendix 2 Automated Tools for Systems Development Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F.

© 2005 by Prentice Hall Appendix 2 Automated Tools for Systems Development Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F.
University of California, Irvine Enterprise Architecture – an ITLC Update 09.12.2006 Marina Arseniev Associate Director / Enterprise Architecture Administrative.

University of California, Irvine Enterprise Architecture – an ITLC Update Marina Arseniev Associate Director / Enterprise Architecture Administrative.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
University of California, Irvine TechnoExpo, 20041 Enterprise Architecture Implementation: Practical Steps Using Open Source Tools Marina Arseniev - Assistant.

University of California, Irvine TechnoExpo, Enterprise Architecture Implementation: Practical Steps Using Open Source Tools Marina Arseniev - Assistant.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
12 Chapter 12 Client/Server Systems Hachim Haddouti.

12 Chapter 12 Client/Server Systems Hachim Haddouti.
© 2004, The Trustees of Indiana University 1 OneStart Workflow Basics Brian McGough, Manager, Systems Integration, UITS Ryan Kirkendall, Lead Developer.

© 2004, The Trustees of Indiana University 1 OneStart Workflow Basics Brian McGough, Manager, Systems Integration, UITS Ryan Kirkendall, Lead Developer.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
BUSINESS DRIVEN TECHNOLOGY

BUSINESS DRIVEN TECHNOLOGY
Managing Security the Intelligent Way: Moving from Spreadsheets to a Knowledge Base Joshua Drummond, Security Architect Neil Matatall, Security Programmer/Analyst.

Managing Security the Intelligent Way: Moving from Spreadsheets to a Knowledge Base Joshua Drummond, Security Architect Neil Matatall, Security Programmer/Analyst.
University of California, Irvine ITAG Face-to-Face -10/18/2010 Marina Arseniev.

University of California, Irvine ITAG Face-to-Face -10/18/2010 Marina Arseniev.
Cambodia-India Entrepreneurship Development Centre - : :.... :-:-

Cambodia-India Entrepreneurship Development Centre - : :.... :-:-
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Federated Searching Pre-Conference Workshop - The federated searching cookbook Qin Zhu HP Labs Research Library February 18, 2007.

Federated Searching Pre-Conference Workshop - The federated searching cookbook Qin Zhu HP Labs Research Library February 18, 2007.

Similar presentations

Ads by Google