April 09, 2008 The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 1 The Demilitarized Zone as an Information Protection

April 09, 2008April 09, 2008 The Demilitarized Zone as an Information The Demilitarized Zone as an Information Protection Network, By Parvathy SubramaProtection Network, By Parvathy Subramanian nian

11

The Demilitarized Zone as an The Demilitarized Zone as an Information Protection Information Protection

NetworkNetwork

Presented By Presented By

Parvathy SubramanianParvathy Subramanian

April 09, 2008 The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian

2

AgendaAgenda► IntroductionIntroduction► Fundamental IPN conceptsFundamental IPN concepts► Enterprise Security principlesEnterprise Security principles► Implementing IPN’s with complex securityImplementing IPN’s with complex security

Integrated IPNIntegrated IPN Virtual IPNVirtual IPN Connectivity policy (uncontrolled network connection)Connectivity policy (uncontrolled network connection) Nested IPN configurationNested IPN configuration

► Enterprise information in the IPNEnterprise information in the IPN► IPN Technology componentsIPN Technology components


3

IntroductionIntroduction► Information protection requires an in-depth risk-based Information protection requires an in-depth risk-based

approach involving network, host, and application approach involving network, host, and application security, which together constitute a defense-in-depth security, which together constitute a defense-in-depth approach to information protection [1]approach to information protection [1]

► DMZ provides network layer security from untrusted network via an DMZ provides network layer security from untrusted network via an intermediary network charged with granting or denying access to intermediary network charged with granting or denying access to external hosts and ports within the enterprise network.external hosts and ports within the enterprise network.

► Hosts within the enterprise network provides the second level Hosts within the enterprise network provides the second level network securitynetwork security

► Finally, Applications within the hosts provide the final layer of Finally, Applications within the hosts provide the final layer of defense.defense.

► Risk = threat * vulnerability * valueRisk = threat * vulnerability * value Threat and vulnerability are real numbers between (0,t) and (0,v)Threat and vulnerability are real numbers between (0,t) and (0,v) Value is represented in dollars. It ranges between ($0, $n).Value is represented in dollars. It ranges between ($0, $n).


4

Enterprise security core principles Enterprise security core principles and supporting requirementsand supporting requirements


5

Fundamental IPN (Information Protection Fundamental IPN (Information Protection Network) ConceptsNetwork) Concepts

A typical IPN separates trusted network and external network.

The trusted network is connected to an internal router.

The External network is connected to an external router.


6

Fundamental IPN (Information Protection Fundamental IPN (Information Protection Network) ConceptsNetwork) Concepts

• The public access server and DNS can be accessed and responds to requests from external network.

• They cannot initiate any outbound sessions.

• All these controls involves authentication.

• Some servers are needed to support IPN security function.


7

Enterprise Security PrinciplesEnterprise Security Principles► ““Never assume that another component of the IPN Never assume that another component of the IPN

is completely trusted to perform its intended is completely trusted to perform its intended function with 100% reliability.”function with 100% reliability.” Example: It’s the responsibility of the external router to Example: It’s the responsibility of the external router to

permit external network DNS query request and nothing permit external network DNS query request and nothing else to the DNS server.else to the DNS server.

► “The IPN and all its components constitute a security system, and it should be managed accordingly — as a system, not a collection of independent components”. Example: A group of staff are responsible for Example: A group of staff are responsible for

administration of DNS host/service. Each individuals should administration of DNS host/service. Each individuals should work together and there should be some coordination work together and there should be some coordination mechanism built into change control process.mechanism built into change control process.


8

Implementing IPN’s with complex Implementing IPN’s with complex securitysecurity

► Large enterprise is composed of several Large enterprise is composed of several geographically distributed campus network. geographically distributed campus network.

► IPN Principle:IPN Principle: The IPN can be used to implement an array of department wide The IPN can be used to implement an array of department wide

mandatory and recommended baseline security policies and mandatory and recommended baseline security policies and practices, as well as those that might be site specific or used by practices, as well as those that might be site specific or used by the site to augment the department wide direction or guidelines.the site to augment the department wide direction or guidelines.[1][1]

► IPN is used to:IPN is used to: Control the flow of traffic through it.Control the flow of traffic through it. Hide local site details.Hide local site details. Facilitate protection of data in transit.Facilitate protection of data in transit. Monitor network activities.Monitor network activities. Resist unauthorized use of site resources.Resist unauthorized use of site resources. Protect the site and itself from unauthorized change.Protect the site and itself from unauthorized change.


9

Integrated IPNIntegrated IPN

► Same physical Same physical facility and facility and equipment are used equipment are used to protect both the to protect both the networksnetworks

► One router can be One router can be configured as two configured as two virtual router. Or use virtual router. Or use just a single router just a single router with complex access with complex access control policiescontrol policies


10

Virtual IPNVirtual IPN► From the From the

equipment and equipment and the circuit the circuit perspective there perspective there are 2 separate IPNare 2 separate IPN

► From the system’s From the system’s perspective there perspective there is only one virtual is only one virtual IPNIPN

► Less efficient, but Less efficient, but appropriate appropriate depending on the depending on the site and site and organizational organizational structure of the structure of the enterpriseenterprise


11

Connectivity policy (Uncontrolled network Connectivity policy (Uncontrolled network connection)connection)

► Network A and B have Network A and B have different security policiesdifferent security policies

► Data flow between them Data flow between them should be mediated via an should be mediated via an IPNIPN

► Direct connectivity Direct connectivity compromises the compromises the information security information security

► There is no “Stronger than” There is no “Stronger than” relation between network A relation between network A and B.and B.

► Clearly, there is an expose Clearly, there is an expose to vulnerabilities, even to vulnerabilities, even though the IPN protect each though the IPN protect each according to its own needs.according to its own needs.


12

Nested IPNNested IPN

► Most often there is a Most often there is a “stronger than” “stronger than” relationship that exist relationship that exist between two between two networks.networks.

► In such case clear and In such case clear and formal agreement formal agreement should be specified should be specified between the directly between the directly adjacent network, adjacent network, particularly to ingress particularly to ingress policy.policy.

► Egress policy is solely Egress policy is solely within the control of a within the control of a single network.single network.


13

Enterprise information in the IPNEnterprise information in the IPN

► IPN along with security measures, also provides a means for IPN along with security measures, also provides a means for information and application sharing between the enterprises and/or information and application sharing between the enterprises and/or the business partners.the business partners.

► With the introduction of private business data into the IPN, extra With the introduction of private business data into the IPN, extra diligence should be given to security measures.diligence should be given to security measures.

► Strict configuration change control procedure should be maintained Strict configuration change control procedure should be maintained and trained security professionals should be part of IPN mgnt team.and trained security professionals should be part of IPN mgnt team.

► Clear separation of roles should be ensured, so that security is not Clear separation of roles should be ensured, so that security is not compromised in a misguided attempt to satisfy a single business compromised in a misguided attempt to satisfy a single business need.need.


14

► IPN implementation IPN implementation includes network zones. includes network zones. This includes both This includes both security and business security and business componentscomponents

► Example: Example:

Access to restrictive Access to restrictive zone is limited to site zone is limited to site users whose roles is to users whose roles is to manage and maintain manage and maintain business application. business application.

► Ingress to public zone is Ingress to public zone is permitted if the source is permitted if the source is from restrictive zone.from restrictive zone.

► Its denied otherwise.Its denied otherwise.► Strong authentication Strong authentication

should be provided for should be provided for ingress policies that are ingress policies that are allowing access to the allowing access to the restrictive zone.restrictive zone.


15

IPN Technology componentsIPN Technology components

IPN Tech. components

ConnectivityComponent

Security Components

Network and Application systemsExample: Switches, Routers, Load balancers, DNS

Systems designed to ensure:• Confidentiality• Integrity• AvailabilityExample: Firewall, Intrusion detection system, SSL, VPN


16

► Router:Router: A pair of routers serve as the demarcation point of an IPN A pair of routers serve as the demarcation point of an IPN

environment. It also provides a set of ACL defining the ingress and environment. It also provides a set of ACL defining the ingress and egress policies. egress policies.

The ACL should explicitly deny all other traffic.The ACL should explicitly deny all other traffic. Router based ACLs are extremely important to the IPN, they are the Router based ACLs are extremely important to the IPN, they are the

first line of defense against all unknown security threats.first line of defense against all unknown security threats.► Switching:Switching:

IPN’ are highly dependent upon the layer-two switches for primary IPN’ are highly dependent upon the layer-two switches for primary network connectivity. network connectivity.

Problems related to switches in IPN network are related to human Problems related to switches in IPN network are related to human errors.errors.

VLAN technology is commonly employed in IPN environment to VLAN technology is commonly employed in IPN environment to provide logical separation using shared security and network provide logical separation using shared security and network connectivity hardware. connectivity hardware.

Zones in the IPN can be implemented using VLAN technology.Zones in the IPN can be implemented using VLAN technology.

Connectivity ComponentsConnectivity Components


17

Security ComponentsSecurity Components► Firewalls: Firewalls:

Stateful inspection devices. Stateful inspection devices. Monitors bi-directional traffic to ensure compliance with Monitors bi-directional traffic to ensure compliance with

predefined security policies.predefined security policies. They take specific action like session termination, redirection, They take specific action like session termination, redirection,

logging and alarms in response to unauthorized traffic.logging and alarms in response to unauthorized traffic.

► Intrusion Detection Systems:Intrusion Detection Systems: Based on the capabilities and policies, an IDS can decode any Based on the capabilities and policies, an IDS can decode any

malicious traffic flow.malicious traffic flow. IDS devices are placed inside, outside and on each host of an IPN.IDS devices are placed inside, outside and on each host of an IPN. Suspected events are consolidated, normalized and correlated for Suspected events are consolidated, normalized and correlated for

real-time analysis.real-time analysis.


18

Security Components (Cont..)Security Components (Cont..)

► Intrusion Prevention Systems:Intrusion Prevention Systems: It’s a hybrid between firewall and IDS.It’s a hybrid between firewall and IDS. It functions as a IDS, but can be placed with the network devices It functions as a IDS, but can be placed with the network devices

like firewall.like firewall.

► Domain Name Services:Domain Name Services: Provides name resolution serviceProvides name resolution service Provides local and geographical load distribution.Provides local and geographical load distribution. Split DNS Split DNS is implemented to hide internal hostnames from is implemented to hide internal hostnames from

external views.external views.

► Web cache and reverse proxy:Web cache and reverse proxy:► Business Continuity: Business Continuity: Disaster recoveryDisaster recovery


19

ConclusionConclusion

►Final goal is to provide simple and Final goal is to provide simple and secure IPN environment.secure IPN environment.

►Scalability and expansion to Scalability and expansion to accommodate growth should be accommodate growth should be allowed.allowed.

►Performance, Availability and Performance, Availability and scalability are extremely important for scalability are extremely important for a successful implementation of an IPN.a successful implementation of an IPN.


20

ReferenceReference

►[1] Enterprise information systems [1] Enterprise information systems assurance and system security assurance and system security Managerial and Technical issues, Managerial and Technical issues, Merrill Warkentin and Rayford B. Merrill Warkentin and Rayford B. Vaughn.Vaughn.

►[2] http://en.wikipedia.org/wiki/[2] http://en.wikipedia.org/wiki/


21

QuestionsQuestions

Documents

April 09, 2008 The Demilitarized Zone as an Information Protection Network, By Parvathy Subramanian 1 The Demilitarized Zone as an Information Protection