1 / 55

Security Considerations

Security Considerations. © Ed Green Penn State University All Rights Reserved. What is Security?. Protection of the enterprise’s information assets from harm Includes Identifying accessing parties authentication Limiting activities Authorization Need-to-know

delores
Download Presentation

Security Considerations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Considerations © Ed Green Penn State University All Rights Reserved

  2. What is Security? • Protection of the enterprise’s information assets from harm • Includes • Identifying accessing parties • authentication • Limiting activities • Authorization • Need-to-know • Keeping restoration and/or recovery sources • Back up • Logs and journals • Audit trails • Manage and monitor • Activity logs • Audits • Internal • External Managing Risk Security Considerations

  3. What is a Security Architecture • Framework for implementing security measures • Automated • Manual • Includes all elements of the information environment • Networks • Data • Processes • Technology independent • What needs to be done • How that “what” is accomplished Security Considerations

  4. Aspects of Security • Business – enterprise-specific information that represents the “soul” • Data – the single non-replaceable information asset • Legal – requirements imposed upon an enterprise governing the guardianship of information • Physical – safeguarding the enterprise’s physical plant • Technical – safeguarding the enterprise’s information technology investment Security Considerations

  5. Critical Legal Requirements • Foreign Corrupt Practices Act • Export Control Requirements • HIPPA • National Security • Sarbanes-Oxley • DoD • DoJ • DoS • DoT • DoHS Security Considerations

  6. Critical Business Requirements • Business processes • Business strategies • Proprietary information • Trade secrets • Competitive elements • Compliance with legal requirements • Organizational ethical conduct Security Considerations

  7. Critical Security Issues • Access control • Who is allowed to access the system • How are individuals identified? • What is a particular individual allowed to do? • Information protection • What information is disclosed? • Who is allowed to see what information? • What release controls are required? • How is information preserved? • Information receipt • What information is received? • How is this information verified? • Legal obligations • What are the legal requirements? • How is compliance managed? Security Considerations

  8. Identifying Users - Authentication • Authentication – knowing who is attempting to access the system • Techniques • Userid/password • Fingerprints • Facial matches • Processes • Randomly generated passwords • Frequent changes in random intervals • Entry point lockout -“Three tries and your out” with management notification • Audits • Access records (logs) • Automated log reviews • Formal audits Security Considerations

  9. Identifying Users - Authorization • Authorization – knowing what an authenticated user is allowed to do and taking steps to specifically limit their actions • Techniques • Directory management • Password confirmation • Tiered controls • Processes • Activity audits • Logs • “Spyware” • Formal audits • Secure single signon Security Considerations

  10. Identifying Users – An Example 1. A data structure to support authentication and authorization is required. • EMPLOYEE database entity identifies the set of enterprise employees • USER database entity provides identification data for each enterprise employee with reference to the EMPLOYEE entity for additional details • APPLICATION_USER database entity associates users with authorized capabilities (permissions) • APPLICATION database entity provides information about each application that the enterprise has installed EMPLOYEE IDENTIFIER BALANCE OF EMPLOYEE RECORD USERID PASSWORD EMPLOYEE IDENTIFIER PASSWORD CHANGE DATE APPLICATION IDENTIFIER USERID EMPLOYEE AUTHORIZED APPLICATION IDENTIFIER APPLICATION NAME LICENSE NUMBER VENDOR Security Considerations

  11. Identifying Users – An Example 2. A comprehensive and active management process is required. A record is madeof all applicationactivities Person initiates computer session;enters userid and password; submits AUDIT LOG FILE Initiates the execution of acomputer program to determineif the person is known; record of attempt to access is written to alog file User executes oneof the allowed applications APPLICATION Initiator is notifiedthat access attempt was validated; the setof allowed applicationsis presented AUTHENTICATION IS PERSON KNOWN LOG FILE DATABASE OF USERS An entry is writtenfor later analysis Database of Users is referenced to determineif person attempting access is known NO Initiator is notifiedthat access attempt was rejected LOG FILE Security Considerations

  12. Identifying Users – An Example 3. Follow up and management are essential activities. TOTAL ACTIVITY REPORT AUDIT LOG FILE AUDIT PROGRAM UNUSUAL ACTIVITY REPORT LOG FILE AUDIT RULES The reports produced by theaudit program are reviewedby a senior staff individual. Where and when appropriate,actions to address violationsare initiated. VIOLATIONS REPORT On a regularly scheduled basis, the various logfiles are processed through an audit program toidentify entries that are contrary to the enterpriseaudit rules. A series of reports are produced. Security Considerations

  13. User Identification’s Role in Responding to Security Threats • Activity • Using the above scenario as a base of departure, explain how you would modify this example to: • Limit the number of erroneous attempts at access • Prevent any further access attempts from the initiating workstation • Create an Oracle database to accomplish this • Investigate to identify any available COTS products that could provide secure single sign on • Explain how one such product could be implemented in a predominantly Microsoft environment • Present findings in a five minute summary presentation Security Considerations

  14. Firewalls • Access control structure • Governs network traffic • Inbound • Outbound • Logical and/or physical • Separate devices • Incorporate into existing hardware • Accompanying software Security Considerations

  15. Firewalls OUTSIDE INSIDE • Bi-directional gatekeeper • Role – • Keep information objects from leaving the enterprise that should not leave • Keep information objects from entering the enterprise that should not be allowed to enter ? ? Security Considerations

  16. Access Control • Who is allowed to access the system? • Recognized users • How are individuals identified? • Userid and password combination • What is a particular individual allowed to do? • Determined by role/responsibility set • How is access managed? • Risk management • Risk mitigation Security Considerations

  17. Access Control - Authentication • Process of determining who is requesting access to the information technology environment • Userid/password combination • Unique – only one such combination exists • Not absolute Security Considerations

  18. Access Control - Authentication USERID/PASSWORD DIRECTORY USERS @USERID USER DEMOGRAPHICS USERID @USERID @PASSWORD PASSWORD_DATE PASSWORD Authentication is the process of first confirming the USERID andthen matching it to the PASSWORD. The PASSWORD_DATE is includedto manage password change Security Considerations

  19. Access Control - Authentication • Userid/password  open to security breaching • Represents a significant risk • Must be mitigated • Mitigation options • Bio-techniques • Retina scans • Facial matching • Fingerprinting • Electronic techniques • Certification Bio-techniques are coming but electronic techniques are now Security Considerations

  20. Digital Certificates • Algorithmically generated • Usually includes userid and password • Other identifying information appended • Produces an electronic signature • Unique to individual Security Considerations

  21. Digital Certificates • What information would you recommend to create a digital signature for intranet-based users? • What information would you recommend to create a digital signature for internet-based users? Security Considerations

  22. Digital Certificates • Private key • The certificate provided by the originator of a message • Originator’ signature • Ensure the authenticity of the message • Validated using public key • Public key • The template used to validate the authenticity of a message’s source Security Considerations

  23. Message Structure Message Contents Must be defined in such a way that it is understood by BOTH sender AND receiver Message Header Includes destination Identifies source Identifies message (type) Message Trailer Indicates end of message Security Considerations

  24. Destination Delivery Mode Message ID Timestamp Correlation ID Reply To Redelivered Type Expiration Priority Message Properties Messaging Infrastructure – Message Format Abstraction Security Considerations

  25. Destination Delivery Mode Message ID Timestamp Correlation ID Reply To Redelivered Type Expiration Priority Message Properties Authentication with Digital Certificates userid/password Private Key Security Considerations

  26. Access Control - Authorization • Process of constraining authenticated users to allowed applications, processes and activities • Can be • Identity-based • Role-based Security Considerations

  27. Access Control - Authorization USER_PROGRAMS PROGRAM_IDENFICATION USERID USERS USERID PRGORAM_IDENTIFICATION USERID PROGRAMS PASSWORD @PROGRAM_IDENFICATION Security Considerations

  28. Validation at the Firewall • Firewall – security barrier on the information superhighway • Prohibit unauthorized senders from releasing information • Prohibit unauthorized information from being released • Prohibit acceptance of information from unauthorized sources • Prohibit acceptance of unauthorized information Security Considerations

  29. Validation at the Firewall • Firewall can be • Hardware-based • Software-based • Firewall management is an installation responsibility • “Rules of the Road” for the business of managing an installations web accessibility • Setting the rules – management responsibility • With technical recommendations from key technical personnel • Enforcing the rules – web administrator’s responsibility Security Considerations

  30. INCOMING MESSAGE Destination Delivery Mode MESSAGE BODY Message ID Timestamp Correlation ID Message has passedall firewall tests Reply To Redelivered Type Message header is inspected - Is this a legitimate message sender? - Is the sender recognized? - Is the sender authorized? - Can the sender’s identify be verified? Message body is inspected - Is this type of data authorized? - Is the sender authorized to send this data? - Is the data valid? Expiration Priority Message Properties Validation at the Firewall Message has not passedall firewall tests Security Considerations

  31. OUTGOING MESSAGE Destination Delivery Mode MESSAGE BODY Message ID Timestamp Correlation ID Message has passedall firewall tests Reply To Redelivered Type Message header is inspected - Is this a legitimate message sender? - Is the destination recognized? - Is the sender authorized? - Is the destination authorized - Can the sender’s identify be verified? Message body is inspected - Is this type of data authorized? - Is the sender authorized to send this data? - Is the data valid? Expiration Priority Message Properties Validation at the Firewall Message has not passedall firewall tests Security Considerations

  32. Validation at the Firewall • Questions represent business rules • What are the business rules • Enterprise-specific • Implementation specific • Set for intranet access • Set for internet access • Transaction – an exchange of data/information required to complete a business event • Multiple technical transactions • Multiple electronic exchanges • Security checks will be performed every time • Trust is verified • Never, ever assumed Security Considerations

  33. Destination Purchase Order Message Purchase Order Message Delivery Mode Message ID Timestamp Correlation ID Reply To Redelivered Type Expiration Firewall Priority In the beginning . . . Purchase Order DB Recognizes EOQ/JIT level Purchase Order Messagesent for review/approval Inventory Management Process Prepare Purchase Order Review Purchase Order Purchase Order reviewed, approved,and submitted to supplier Supplier Catalog Inventory Database Header shows destination as reviewer Header shows destination as supplier Security Check • Authorized submitter • Authorized named personnel • Authorized supplier To Supplier Security Considerations

  34. Fulfillment Message Fulfillment Message Firewall Purchase order is admitted through firewall and passed to order entry system Next, . . . Purchase Order Message Inventory Database From Purchaser If in inventory, message Sent to fulfillment system Fulfillment System Security Check Orders Database If not in inventory, message Sent to manufacturing system Acknowledgement message sent • Authorized submitter • Authorized named personnel • Authorized trading partner • Authorized recipient Order Entry System Manufacturing Message Order Receipt Message Inventory Database Manufacture Database Manufacturing system uses data in inventory and manufacturing databases Manufacturing System When order has been completed, a message is sent to the fulfillment system Purchase Order System Purchase Order Message If raw materials required, purchase order message is sent Security Considerations

  35. Stakeholder Status Message Firewall Firewall Order Receipt Message Order Receipt Message Continuing, . . . • Authorized submitter • Authorized named personnel • Authorized supplier Message is transmitted Security Check Security Check • Authorized submitter • Authorized named personnel • Authorized trading partner • Authorized recipient Validated message sent to Purchase Order Management System Purchase Order Management Purchase Order DB Messages sent to named stakeholders Security Considerations

  36. Shipping Notice Message Shipping Notice Message Fulfillment Message Fulfillment Message Fulfillment Message Fulfillment Message Fulfillment Message Fulfillment Message Fulfillment Message Fulfillment Message Billing Message Billing Message Firewall Meanwhile, . . . Inventory System Inventory System Inventory Database Inventory Database Fulfillment System Fulfillment System Fulfillment System sends messages to Shipping and Billing Systems Fulfillment System sends messages to Shipping and Billing Systems • Authorized submitter • Authorized named personnel • Authorized trading partner • Authorized recipient Billing System prepares and sends bill Billing System prepares and sends bill Security Check Billing System Billing System Shipping System Shipping System Billing Database Billing System prepares and sends bill Security Considerations To Purchaser

  37. Shipping Notice Message Billing Message Firewall Receipt Message General Ledger DB And, . . . Billing message is sent to Accounts Payable Accounts Payable Purchase Order DB From Supplier Electronic Payment Security Check Electronic Payment is sent to supplier • Authorized submitter • Authorized named personnel • Authorized supplier Receipt message is sent to Accounts Payable Shipping Notice message is sent to Accounts Payable Receiving System Purchase Order DB Security Check Firewall To Supplier Security Considerations • Authorized submitter • Authorized named personnel • Authorized supplier

  38. Finally From Purchaser Payment is processed Firewall Security Check Electronic Payment • Authorized submitter • Authorized named personnel • Authorized supplier Payments Payment Processing General Ledger Billing Database Orders Database Security Considerations

  39. Validation at the Firewall A patient at This Hospital has been admitted in very serious condition. A series of tests has been performed; the data collected includes various alphanumeric measurements as well as several medical images. Diary observations (comments by the attending staff) have also been captured. The consensus is that this patient has an unusual illness that the local staff haslittle or no experience in treating. One of the attending staff remembers meeting a colleague at a conferences who has hadexperience treating this illness. An electronic collaboration session is arranged. ASSIGNMENT: Describe the firewall security that MUST exist in order for this electronic consultation to occur. Security Considerations

  40. Securing Stored Data • File management • File management system security features • Application program control • Database management • DCL – data control language • Specific permissions allowed to authenticated users • Multiple levels of granularity • Access to data • Items of data • Allowed functionality • DBMS-managed referential integrity • Activity logs • Transactions • Database write executions • Service utilities • Backup • Recovery • Restore Security Considerations

  41. Log Files • What are log files • Log file formats • Statistics from log files Security Considerations

  42. What Are Log Files • Record of “what happened” • Answers such questions as: • Who • What • When • How much • Critical management tool • Security • Performance Security Considerations

  43. What About Log Files • Integral part of most executive software products • Operating systems • Database managers • Network managers • System managers • Web servers • Critical elements in processing effectiveness • Back up • Recovery • Rollback Security Considerations

  44. Log Files and Web Servers • Identifies users of your web site • Identifies activities performed by users of your web site • Documents frequency of use • Documents resource utilization • Document size transfers • Processor resources • CPU • I/O operation • CGI scripts • Documents “security faults” Security Considerations

  45. Log File Uses • Record of events transpired • Planning tool • Recovery tool Security Considerations

  46. Log File Formats • Common Log File Format • Combined Log File Format • Extended Log File Format • Error Formats Security Considerations

  47. Content Length of Transferred Document Remote Host HTTP Request Line Remote User Name HTTP Status Code Returned to Client Request Date and Time Authenticated User Name Common Log File Format Security Considerations

  48. Referrer Remote Host HTTP Request Line Content Lengthof Transferred Document Remote User Name User Agent Request Date and Time Authenticated User Name HTTP Status Code Returned to Client Combined Log File Format Security Considerations

  49. Extended Log File Format • Extendable format • Allows administrator to specify field(s) of interest • Allows administrator to specify order of recording • Each line (in log file) represents a request • Two configuration directives • Version • Fields • All requests begin with a “#” character Security Considerations

  50. # Data Contents List of Fields Extended Log File Security Considerations

More Related