Upload
julian-marsh
View
213
Download
0
Embed Size (px)
Citation preview
“Copyright © 2001 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright
owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own
use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages caused by the use of these programs or from the use of the
information contained herein”
Figure 13-1 The Security Policy Development Life Cycle
Identify business related security issues
Analyze security risks, threats, and
vulnerabilities
Design the security architecture and the
associated processes
Implement security technology and
processes
Audit impact of security technology and
processes
Evaluate effectiveness of current architectures
and policies
GOLDMAN & RAWLES: ADC3e FIG. 13-01
Figure 13-4 Security vs. Productivity Balance
High risk Low cost Open access No productivity loss Open access may lead to data loss or data integrity problems which may lead to productivity loss.
High cost Low risk Restrictive access Productivity loss Overly restrictive security may lead to noncompliance with security processes which may lead to loss of security
Balanced risk and costs Restrictiveness of security policy balanced by people's acceptance of those policies
Lack of security may ultimately have
negative impact on productivity
No productivity loss occurs from access
restrictions
SECURITYPRODUCTIVITY
SECURITYPRODUCTIVITY
Overly restrictive security casues
productivity decline
Security needs take priority over user
access
SECURITYPRODUCTIVITY
Minimize negative impact on
productivity
Maximize security processes
BALANCE
Optimal Balance of Security and Productivity
Overly Restrictive Security
Lack of Security
GOLDMAN & RAWLES: ADC3e FIG. 13-04
Figure 13-7 Assests, Threats, Vulnerabilities, Risks, and Protective Measures
ASSET THREAT
VULNERABILITY
RISK
PROTECTIVE MEASURES
GOLDMAN & RAWLES: ADC3e FIG. 13-07
Figure 13-13 Representative Security ArchitectureGOLDMAN & RAWLES: ADC 3e FIG: 13-13
Security Mission
Security Management
Security Policies and Procedures
Secure Infrastructure
Computing Platforms and Networks
Security Technology
Business Drivers
Technical Drivers
Input Assumptions for Secure Infrastructure
Figure 13-18 Collaborative Software Infection/Reinfection Cycle
Client PC ServerHub
Router
INFECTION
Infected file is spread through database replication
and/or Infected file is spread by being attached to multiclient conference
Infected
Client PC ServerHub
Router
RE-INFECTION
Modification of infected document on any client or server will cause replication and reinfection of other servers Inclusion of infected documents in multiclient conference will reinfect all clients
Disinfected
Client PC with original infected
document
re-infection
GOLDMAN & RAWLES: ADC3e FIG. 13-18
Figure 13-19 Virus Infection Points of Attack and Protective Measures
Router
Point of Attack: Client PC Vulnerabilities
Infected diskettes Groupware conferences with infected documents
Protective Measures Strict diskette scanning policy Autoscan at system start-up
Point of Attack: Internet Access Vulnerabilities
Downloaded viruses Downloaded hostile agents
Protective Measures Firewalls User education about the dangers of downloading
Point of Attack: Server Vulnerabilities
Infected documents stored by attached clients Infected documents replicated from other groupware servers
Protective Measures Autoscan run at least once a day Consider active monitoring virus checking before allowing programs to be loaded onto server Rigorous backup in case of major outbreak Audit logs to track down sources
Point of Attack: Remote Access Users Vulnerabilities
Frequent up/downloading of data and use of diskettes increase risk Linking to customer sites increases risk
Protective Measures Strict diskette scanning policy Strict policy about the connection to corporate networks after linking to other sites.
INTERNET
hub
Client PC
Remote Access Users
Server
GOLDMAN & RAWLES: ADC3e FIG. 13-19
Figure 13-20(a) Packet Filters and Application Gateways
INTERNET or nonsecure
network
Protected Network
Packet-filtering firewall (router)
Incoming IP packets examined Incoming IP source and destination addresses compared to filter tables Outgoing packets have direct access to Internet
Packet Filter Firewall
INTERNET or nonsecure
network
Protected Network
Trusted Gateway
Proxy application 2
Client Server
Packet-filtering firewall (router)
Trusted applications establish connections directly Applications gateway is single-homed
Information servers WWW servers
Proxy application 1
Client Server
Application Gateway
trusted application
INTERNET or nonsecure
network
Protected Network
Application Gateway
Proxy application: FTP
Proxy FTP
Client
Proxy FTP
Server
Proxy application: TELNET
Proxy TELNET Server
Proxy TELNET
Client
Other proxy applicationsclient
server
server
client
INTERNET or nonsecure
network
Protected Network
Dual-Homed Gateway
Proxy application 2
Client Server
Packet-filtering firewall (router)
All traffic goes through application gateway
Information servers WWW servers
Proxy application 1
ClientServer
Dual-Homed Application
Gateway
WWW requestScreened
Subnet
GOLDMAN & RAWLES: ADC3e FIG. 13-20
Figure 13-20(b) Proxies, Trusted Gateways, and Dual-Homed Gateways
INTERNET or nonsecure
network
Protected Network
Packet-filtering firewall (router)
Incoming IP packets examined Incoming IP source and destination addresses compared to filter tables Outgoing packets have direct access to Internet
Packet Filter Firewall
INTERNET or nonsecure
network
Protected Network
Trusted Gateway
Proxy application 2
Client Server
Packet-filtering firewall (router)
Trusted applications establish connections directly Applications gateway is single-homed
Information servers WWW servers
Proxy application 1
Client Server
Application Gateway
trusted application
INTERNET or nonsecure
network
Protected Network
Application Gateway
Proxy application: FTP
Proxy FTP
Client
Proxy FTP
Server
Proxy application: TELNET
Proxy TELNET Server
Proxy TELNET
Client
Other proxy applicationsclient
server
server
client
INTERNET or nonsecure
network
Protected Network
Dual-Homed Gateway
Proxy application 2
Client Server
Packet-filtering firewall (router)
All traffic goes through application gateway
Information servers WWW servers
Proxy application 1
ClientServer
Dual-Homed Application
Gateway
WWW requestScreened
Subnet
GOLDMAN & RAWLES: ADC3e FIG. 13-20
GOLDMAN & RAWLES: ADC 3e FIG: 13-21
Web Server
E-Mail Server
Firewall Firewall
DMZ
hub -or-
switch
Internet
Internal Private Network
hub -or-
switch Good Guys
Bad Guys
Dual or Multi-Tier Firewall
Web Server
E-Mail Server
Firewall
DMZ
Internet
Internal Private Network
hub -or-
switch
Good Guys
Bad Guys
Single Firewall, In Front of DMZ
Web Server
E-Mail Server
FirewallRouter
DMZ
hub -or-
switch
Internet
Internal Private Network
hub -or-
switch Good Guys
Bad Guys
Single Firewall, Behind DMZ
Figure 13-21 Enterprise Firewall Architecture
Figure 13-24 Challange-Response vs. Time-Synchronous Token Authentication
Smart Card
76731270
Client
PSTN
Authentication Server
Personal ID and smart card display are entered
into client PC
Authentication server compares received smart card generated
number to current time-synchronous server-generated number. If they match, the user is authenticated.
Personal ID and current number displayed on smart card (ie. 76731270)
Time Synchronous
Smart Card
11266542
Client
PSTN
Authentication Server
Response number from smart card display is entered into client PC and transmitted to authentication server
Authentication server compares received response number to
expected response number. If they match, the user is authenticated.
Response number displayed on smart card (ie. 11266542)
Challenge - Response
Smart Card
76731270
Client
PSTN
Authentication Server
Smart card ID is entered into
client PC
User ID and personal smart card ID number (ie. 76731270)
modem modem
Challenge number is returned to client (ie. 65490873)
Smart Card
65490873 Returned challenge number is entered into
smart card keypad
GOLDMAN & RAWLES: ADC3e FIG. 13-24
Figure 13-25 Kerberos Architecture
Personal computers running Kerberos client
software
Applications servers with at least one running Kerberos server software
Kerberos Server
Kerberos Realm A
router
Kerberos Realm C
Kerberos Realm DKerberos Realm B
Authentication Server
Ticket-Granting Server
Kerberos Database
Personal computers running Kerberos client
software
Applications servers with at least one running Kerberos server software
Kerberos server
router
Authentication Server
Ticket-Granting Server
Kerberos Database
Personal computers running Kerberos client
software
Applications servers with at least one running Kerberos server software
Kerberos server
router
Authentication Server
Ticket-Granting Server
Kerberos Database
Personal computers running Kerberos client
software
Applications servers with at least one running Kerberos server software
Kerberos server
router
Authentication Server
Ticket-Granting Server
Kerberos Database
Enterprise Network
GOLDMAN & RAWLES: ADC3e FIG. 13-25
Figure 13-26 Private Key Encryption, Public Key Encryption, and Digital Signature Encryption
Company A client
INTERNET -or-
nonsecure network
Company B client
The private key must be distributed across nonsecure network.
Private Key -or- Symmetric
Original document
Private key
Encrypted document
Original documentPrivate
key
Encryption Decryption
Private key
Company A client
INTERNET -or-
nonsecure network
Company B client
Company B gets Company A's public key from Company A or from certificate authority.
Public Key
Original document
Private key
Encrypted document
Original document
encryption Decryption
Public key
A B+
Public key
Private key
A B+
Company A gets Company B's public key from Company B or from certificate authority.
Company A client
INTERNET -or-
nonsecure network
Company B client
Digital Signature
Original document
Private key
Encrypted document
Original document
Encryption decryption
Public key
A B+
Public key
Private key
A B+
Locally regenerated digital signature is compared to original
transmitted digital signature
A private
Digital signature encrypted OriginalA
publicdigital signature digital signatures
Regenerated
=
GOLDMAN & RAWLES: ADC3e FIG. 13-26
Figure 13-28 Remote Authentication Dial-In User Services (RADIUS) Architecture
Remote access server BRAND B
Remote access server BRAND A
Remote access server BRAND C
RADIUS server
RADIUS management
console
Remote user
Remote user
Modem
Modem
INTERNET or nonsecure network users
PC
PC Modem
Modem
modem
User authentication
database
Accounting and authentication
information
Secure network
Firewall
A wide variety of remote access servers and firewalls from numerous vendors can all be managed by RADIUS Large numbers of remote access users accessing the network from numerous different points and using different authentication techniques can all be managed by RADIUS
GOLDMAN & RAWLES: ADC3e FIG. 13-28
Figure 13-29 Tunneling Protocols Enable Virtual Private Networks
VIRTUAL PRIVATE NETWORK
INTERNET
Tunneling protocol:PPTP L2F L2TP
CORPORATE HEADQUARTERS
REMOTE CLIENT
ADSL, ISDN, or modem connection
ROUTER at corporate headquarters strips off tunneling protocols and forwards transmission to corporate LAN
Local Internet Service Provider creates a virtual private tunnel using tunneling protocol.
GOLDMAN & RAWLES: ADC3e FIG. 13-29
Figure 13-30 IP Packet Plus Authentication and Encryption Headers
New IP header added if tunnel mode
ESP is chosen
ESP header
Original IP header
Authentication header
Upper level protocols encapsulated in transport
layer segment (TCP, UDP)
ESP trailer
bit 0
This header contains an unencrypted
destination address and routing information
Only a portion of the ESP header is encrypted
Original IP Packet
Encrypted
Next header type
Length of authentication data field in 32-bit words
Reserved
Security parameters index
Authentication data
bit 0
32 bits
GOLDMAN & RAWLES: ADC3e FIG. 13-30