1 / 18

Extranet for Security Professionals (ESP)

Extranet for Security Professionals (ESP). Group One. Team Members. Heather T. Kowalski, Project Lead Tong Xu Ying Hao Hui Huang Bill Halpin. Task. Extranet for Security Professionals Company: SEI Contact: Martin Lindner Security Analysis, using SNA Method. Milestones.

gilles
Download Presentation

Extranet for Security Professionals (ESP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Extranet for Security Professionals (ESP) Group One

  2. Team Members • Heather T. Kowalski, Project Lead • Tong Xu • Ying Hao • Hui Huang • Bill Halpin

  3. Task • Extranet for Security Professionals • Company: SEI • Contact: Martin Lindner • Security Analysis, using SNA Method

  4. Milestones • September 28, 2000 • Initial Overview Presentation • October 31, 2000 • Essential Services Review • November 14, 2000 • Attack Threat Analysis • December 5, 2000 • Final Recommendations

  5. Client Meetings – To Date • September 15 • Introductions • High-level Review of Architecture • September 20 • Business Mission • Detailed Overview of Client Goals • Detailed Review of Architecture

  6. Client Expectations • Review the System Design and Architecture • Identify and Document Vulnerabilities • Identify Alternative Approaches to ESP Mission

  7. SNA – System Definition • Mission • Requirements • Environment • Risk Definition • Architecture Definition

  8. ESP – Mission • Central Repository of Security Information • Central Location for Information Sharing • Secure Environment, Manageable Resource

  9. ESP – Requirements • Security over Reliability • Exchange of Information • Responsible for Information Only While on ESP System • User Driven and Maintained

  10. ESP – Environment • Dell PowerEdge Servers • Windows NT 4.0 (SP3) • Only Minimal Options Activated • SSL • Cold Fusion Middleware

  11. ESP – System Elements • COTS • Easier to Find Support Staff • Easier to Maintain • Updates • Good Programming Practices • Prevention • Integrity • Code Revision Controls

  12. © 2000 by Carnegie Mellon University/SEI ESP – Architecture The Internet Firewall Router Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

  13. ESP – Risk Definition • System Attacks • Abrogation of User Responsibilities • Equipment Failure • On-going Process

  14. Client Meetings - Expected • Mid-October • Verify Traffic Flow • Early November • Discuss Attack Potential • Late November • Mitigation Recommendations

  15. SNA - Step Two Pending • Essential Services & Assets • Trace Scenarios Through Architecture • Identify Essential Components of Architecture

  16. SNA – Step ThreePending • Review Attacker Profiles • Discuss Likely Levels of Attack • Identify Possible Attack Scenarios • Determine Weak Links in Architecture

  17. SNA – Step FourPending • Identify Architecture Deficiencies • Present Current Strategies for 3 R’s • Present Suggested Strategy Improvements • Present Plan to Implement Improvements

  18. Questions?

More Related