Security Frameworks

An Enterprise
Approach to Security
Amit Redkar
amitredkar3@gmail.com
Security

 Security is recognized as essential to protect

vital processes and the systems that provide
those processes
 Security is not something you buy, it is
something you do
What is Security?

 Security is no longer just controlling the

perimeter or layered
 Transactions use all of the network, from
DMZ to Database
 ALL of the network and resident systems
have to be secured
What Securing All of the Enterprise
Really Means…..

– Firewalls, routers, applications, passwords

– Intrusion detection – NIDS and HIDS
– Proactive scanning, pen testing
– System Configuration Monitoring – “Health Checking”
– VoiP, Wireless, Embedded Systems
– 24x7 Monitoring
– Analytical review and correlation
– Policies, Procedures, Personnel
What Is Effective Security

– Combination of appliances, software, alarms, and

vulnerability scans working together in a well-
thought out architecture
– Extends to policies, procedures, and people
– Monitored 24x7
– Designed to support the security goals of the
Enterprise
The Security Framework
– The Security Framework is a coordinated system of
security tools
– Similar to the Enterprise management framework
– Extends end to end of the customer enterprise
architecture
– Security data centrally monitored 24x7 in a Security
Operations Center
– Data analyzed using correlation tools
Security Framework Considerations

– Mapped to the customer’s architecture to provide

end to end security
– Uses existing commercial and open source tools
– Leverages existing security infrastructure to
quickly build out the security framework
Benefits of a Security Framework
 Provides Enterprise security that is :
– Consistent
– Constant
– Covers everything
 Characteristics of Good Enterprise Security are:
– Reliable
– Robust
– Repeatable
Benefits of a Security Framework
(continued)

 An Effective Security Framework is:

– Monitored
– Managed
– Maintained

 Thisis the “raison d’être” for a Security

Framework
Security Frameworks

Using the Framework

Approach
Map Security Framework to
Enterprise Architecture
 The Security framework follows structure of Open Systems
Interconnect (OSI) 7-Layer Network Reference Model
1. Physical
2. Data Link
3. Network
4. Transport
5. Session
6. Presentation
7. Application
Additional Layers of the Security
Framework

– The security framework adds the financial

and “political” layer (8 & 9)
The Security Framework -- Physical
Layer
Physically secure and mange the cable plant
– Wiring closets
– WAN connections
– CSU/DSU
Physically secure and control access to networking equipment
– Routers
– Hubs
– Switches
Physically secure and control access to servers, mainframes
Provide redundant power and WAN connections
The Security Framework-- Data
Link and Network Layers

 VPNs protecting the links between networks

 Network Intrusion Detection Systems (NIDS) watching traffic for
attacks
 Host Intrusion Detection Systems (HIDS) protecting
connections to critical servers/hosts
 Virus scanning taking place on traffic coming in from outside
the customer’s network.
The Security Framework-- Network
and Transport Layer

 Firewall performing stateful inspection of incoming and

outgoing packets
 Router Access Control Lists (ACLs) filtering packets bound
between networks
 Virus scanning of attachments at the e-mail gateways
The Security Framework-- Session,
Presentation and Application Layers

 OS and application hardening at the system level

 Conduct security health checking to determine if security
polices for types of applications allowed to run, password
composition and length, services allowed on hosts, etc. are
being followed
 Provide vulnerability scanning to test the configuration of
applications and systems, looking for vulnerabilities, missing
patches, etc.
 Conduct penetration tests to determine if machines can be
exploited and privileged access gained
The Security Framework-- Presentation
and Application Layers

 User account management on the network

 User account management on individual systems
 User account management for specific applications, RDBMS,
etc.
 Virus scanning and updates on individual machines and user
desktops
 Role & Rules Based Access Control (RBAC)
 PKI and digital certificates
The Security Framework-- Financial
Layer
 Leverages existing security infrastructure to reduce costs
 Provides an operational framework for conducting regular
security checks
 Lends itself to outsourcing to a managed security service
provider
 New technologies can be incorporated into the security
framework
 Security costs are easier to identify, budget, and control.
Security Framework– the
“Political” Layer
 Provides a platform to align security with business goals just as
enterprise system management normalizes the enterprise

 Framework is extensible to and modular, flexible to meet

changing business objectives.
Security Frameworks

A More Detailed
Technical Look
Mapping Security Framework
Components to the Architecture
Security Architecture Layer Architecture Component Description
Component
Service Delivery Center Layer 1 - Physical Layer The Data Center controls physical cable pant connecting
(SDC) architecture together in a network. Provides physical
security to networking components and hardware.
Provides physical security to server hardware. Redundant
power and WAN connections.
Virtual Private Networks VPN tunnels encrypt data flowing over the data link to
(VPN) Layer 2/3 – Data Link and protect it from outside scrutiny. Bit stream is encrypted,
Network Layers sent over the wire, and unencrypted at the far end.

Network Intrusion Layer 2/3 – Data Link and Monitor network traffic and system logs to compare what's
Detection (NIDS) Network Layers happening in real-time to known methods of hackers.
When a suspicious event is detected, an alarm is kicked
off. In addition the Intrusion Detection system may
suspend or drop the offending connection, all while
recording as much information as possible
Host Intrusion Detection Layer 2/3 – Data Link and HIDS Sensor scans bit streams as they reach the host
Network Layers system to match patterns and signatures that are
indicative of an attack against the host or its applications.
When a malicious pattern is detected the HID sends out
an alert.
 Mapping Security Framework
Components to the Architecture
Security Architecture Layer Architecture Component Description
Component
Virus Scanning Layer 2 & 3 – Data Link and Virus canning software looks at bit streams flowing across
Network Layers data link to match signature patterns that indicate malicious
code and viruses.

Firewalls and firewall Layer 3 & 4 – Network and A device or software that blocks Internet communications
appliances Transport Layers access to a private resource. The resource can be a network
server running a firewall as an application or an appliance
with firewall application running as firmware.

Routers Layer 3 & 4 – Network and Use Cisco IOS to create access control lists (ACLs) to filter
Transport Layers IP packets. ACLs on routers can shape traffic and restrict
traffic flow between network segments. IP address schemes
can segment the architecture by network, making ACLS and
firewalls rules easier to manage.

Virus scanning of Layer 3 & 4 – Network and Virus scanning software opens attachments entering and
attachments Transport Layers leaving the network to check for patterns and signatures the
would indicate malicious code.
 Mapping Security Framework
Components to the Architecture
Security Architecture Layer Architecture Component Description
Component
Legacy Access Control Layer 5 – Session Layer for Mechanisms used by legacy systems to control access to
Legacy systems secure resources. These can include RACF, Top Secret,
ACF2 and NT Domain Security. Legacy access controls can
also be used as part of credential synchronization (single
sign-on) systems.

OS & system Hardening Process of ensuring OS patches are up to date, unnecessary

Layer 5, 6, 7 – Session, services are turned off, unneeded applications and tools are
Presentation, Application Layers removed, and applications are patched.

Vulnerability Scanning Tool to scan for vulnerabilities, missing patches, new known
Layer 5, 6, 7 – Session, vulnerabilities and exploits. Tools are updated regularly from
Presentation, Application Layers CERT advisories, bug lists, and new exploit notices.

Vulnerability Assessment Layer 5, 6, 7 – Session, Team of trained ethical hackers attempt to gain access to
Presentation, Application Layers target machine, simulating a real world attack as a malicious
intruder would to test the security architecture.
 Mapping Security Framework
Components to the Architecture
Security Architecture Layer Architecture Component Description
Component
User account Layers 6 & 7, Presentation and Managing user accounts on and access to the network.
management on the Application Layers Uses Network NOS, Active Directory, LDAP, etc. to
network authenticate.

User account management Layers 6 & 7, Presentation and User account management on individual system.
on systems Application Layers Management of privileged accounts, separation of duties
between administrators

User account Layers 6 & 7, Presentation and Manage access to software and applications such as
management on Application Layers RDBMS, etc.
applications

Virus scan engine and Layers 6 & 7, Presentation and Updates to anti-virus applications, scan engines, virus
signature updates Application Layers signatures, etc.
 Mapping Security Framework
Components to the Architecture
Security Architecture Layer Architecture Component Description
Component
PKI & Credential Layer 6 & 7 – Presentation and Provides capabilities for the management of user credential
Management Application Layers information. This information can be a user id, password,
PKI, digital certificate or biometric information.

Role Based Access Control Layer 6 & 7 – Presentation and The security engine responsible for definition and decision
(RBAC) Application Layers making around all security policies. Applications delegate
security decision making to the security engine. This
delegation occurs through existing security extension points
within the application domain. Security is seamless and non-
intrusive from the application's point of view

Security Operations Center Layer 8 - Financial Layer 24 x 7 security management using SOC to manage and
(SOC) monitor security architecture. Ensures real time monitoring of
the security of the network.
Mapping Security Framework
Components to the Architecture
Security Architecture Layer Architecture Component Description
Component
Using Existing Security Layer 8 – Financial Layer Security tools, connections, trained personnel are
Infrastructure leveraged to provide security services and build a security
framework for less than the cost to duplicate the same
services as point security solutions

Provides an operational Layer 8 – Financial Layer Security becomes part of the enterprise operations,
framework for regular providing consistent security management in the same
security checks fashion as enterprise system management. In the same
way, the security framework reduces the total cost of
security.

Lends itself to outsourced Layer 8 – Financial Layer A security framework can be implemented by using
managed security managed security services that build, monitor, and manage
services security across the enterprise.
 Mapping Security Framework
Components to the Architecture
Security Architecture Layer Architecture Component Description
Component
Extensible to new Layer 8 – Financial Layer As network grow and merge, the framework can extend into
networks and these new segments. New technologies such as wireless,
technologies VoIP, smart HVAC systems can also be managed and
monitored by the security framework.

Security cost are more Layer 8 – Financial Layer The cost of providing security becomes more predictable
predictable and manageable. Security costs are consolidated into the
framework, facilitating budget and planning.

Provides a platform to Layer 9 – Political Layer Security framework can be used to manage security
align security with consistently to meet business goals just as the enterprise
business goals system management manages the IT infrastructure to meet
the company objectives.

Security Framework is Layer 9 – Political Layer If new technology such as wireless networks are adopted,
modular, quickly security controls can be added to the framework to manage
extensible the new initiatives. Networks added through acquisitions
can be quickly added to the security framework.
 Security Framework by Services

Application

Presentation

Session

Transport
Wiring closets, cable
Network plant, building
access control,
Data Link power, HVAC

Physical
 Security Framework by Services

Application

Presentation

Session

Transport

Network NIDS, HIDS

Virus Scanning
Data Link

Physical
Security Framework by Services

Application

Presentation

Session

Transport Firewall, Routers, Access

Control Lists (ACLs), IP
schemes, E-Mail Attachment
Network
Scanning

Data Link

Physical
Security Framework by Services

Application OS Hardening, Security Health

Checking, Vulnerability
Presentation Scanning, Pen-Testing,

Session

Transport

Network

Data Link

Physical
Security Framework by Services

Application User Account Management on Systems,

Role/Rule Bases Access Control, Application
Security, Virus Updates, Virus Signatures
Presentation

Session

Transport

Network

Data Link

Physical
Security Frameworks - Summary
 To sum it all up
– Security Frameworks provide end to end security – from the DMZ to the
Database
– Security is managed and monitored consistently and continually
– The security framework becomes the technology that turns security
policies into practice
– New technologies and new networks can plug into the security
framework
– Security costs become more predictable and manageable
Security Frameworks – More Q/A

 Questions?