Upload
john-scrimsher
View
60
Download
0
Embed Size (px)
Citation preview
Principles of Secure System Design
John ScrimsherCISO / Head of IT @ [email protected]
This is a unique presentation of non-unique ideas
›Information gathered from multiple sources, including speakers own experiences›Todd Merritt: https://dzone.com/articles/9-software-security-design›Gary McGraw: http://searchsecurity.techtarget.com/opinion/Thirteen-principles-to-ensure-enterprise-system-security
›Google: Principles of Secure System Design
The Buzz
Initial Considerations
› Start with the weakest link› Do not trust by default› Assume secrets are not safe› Assume network is dirty› Ask for help / borrow others ideas
9 Primary Principles of Secure System Design
1. Principle of Least Authority2. Fail Securely3. Economy of mechanism (KISS Principle)4. Mediate Completely5. Open Design (vs. security by obscurity)6. Separation of Duties / Privileges7. Least Common Mechanism8. Psychological Acceptability9. Defense in Depth
Principle of Least Authority
› Need to know basis› Only grant the permissions required to complete the task requested
Fail Securely
› Fail Open: Service continues to work when mechanism fails› Fail Closed: Service ceases work when mechanism fails› Fail Securely: Fail in the manner which provides security of life and intellectual property
Open
Closed
Economy of Mechanism
› KISS Principle - Keep it as simple and small as possible› Complexity is the enemy of security› Design and Implementation errors may result in unauthorized access that would not be noticed
until normal use.› Complexity may also break access where needed
Ankita Thaker, Maze door lock
Mediate Completely
› All access requests should be validated for authorization› Prevent backdoor or “go-around” access
Psychological Acceptability
› If users perceive that security is hindering their job, they are more likely to go around the process
› Perceived value in their job will increase utilization
Open Design
› Do not rely upon obscurity› Eventually someone will stumble upon it› Don’t get stuck in the trap of “its behind our firewall, so that’s good enough”
Rendering by Jonathan L.: http://www.blendernation.com/2012/07/14/cabin-in-the-woods/
Separation of Duties / Privileges
› Prevents Fraud and Error› Quality Control (Integrity of data)› Examples (includes people with access to
these roles / environments):− Development and Production
Environments− Database Admin (DBA) vs. System
Admin
Least Common Mechanism
› Separate sessions for separate users› Similar to Separation of Duties› Do not share resources where not required
− Internal Authentication for internal resources, External Authentication for External resources
− This is a why we need Complete Mitigation
Defense In Depth
› Layered Approach to Security› Requires multiple attack types to penetrate
9 Primary Principles of Secure System Design
1. Principle of Least Authority2. Fail Securely3. Economy of mechanism (KISS Principle)4. Mediate Completely5. Open Design (vs. security by obscurity)6. Separation of Duties / Privileges7. Least Common Mechanism8. Psychological Acceptability9. Defense in Depth
Whats Missing?
›Password Management›Two Factor Authentication›Encryption›Data In Motion vs. At Rest›I am sure you can think of more….
Threat Discovery Center processes nearly 15% of
the world’s Internet traffic daily
Protect more than ½ billion devices daily
Founded by data scientists &
researchers in 2006
DAMBALLA: Specialists in Advanced Threat Detection
Product innovation:4 patents; 12
pending
Global deployments andcustomers on five
continents
Customers in every vertical market
AUTOMATE DETECTION AND RESPONSE
Advanced Threat Detection
Automate Discovery and validation
without human intervention
DetectUnknown threats that hide from traditional controls & assess
risk / impact of infection
RespondAutomatically, with
indisputable evidence to prevent loss