Presentation is loading. Please wait.

Presentation is loading. Please wait.

CP3397 Design of Networks and Security

Similar presentations


Presentation on theme: "CP3397 Design of Networks and Security"— Presentation transcript:

1 CP3397 Design of Networks and Security
Basic Security Issues CP3397 Design of Networks and Security What are the basic problems of security We talk about security in our every day life as locking the door or setting the alarm. But security is about far more than that, its about the integrity of what we do how we ensure things we need are available. How we interpret security in our every day doe map onto system security issues maybe we can’t very simply lock away the information on our networks but make it available to authorised users but we are still looking at every day security issues when we try to formulate a strategy. 11/19/2018

2 Objectives To look at some basic definitions when considering Security issues To investigate the mapping of such issues onto a Network To view how security policy could be formulated Appreciate the international standards applicable 11/19/2018

3 Computer Security Policy
defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical implementation defines whether a computer system is secure or insecure. These formal policy models can be categorized into the core security principles of: Confidentiality, Integrity Availability. 11/19/2018

4 Definitions - Confidentiality
has been defined by the International Organization for Standardization (ISO) as "ensuring that information is accessible only to those authorized to have access" The Bell-LaPadula security model is based on confidentiality In this formal model, the entities in an information system are divided into subjects and objects. The notion of a secure state is defined, and it is proven that each state transition preserves security by moving from secure state to secure state. We can map most our common sense on security into the computer system The answer is of course yes. But we change some of the terms of reference Since the system requires administration rather than as was the case in our basic example the decisions were driven by judgement etc. So some new definitions derive a set of basic guide lines when considering computer security. 11/19/2018

5 The Bell-LaPadula model is built on the concept of a state machine with a set of allowable states in a system. The transition from one state to another state is defined by transition functions. A system state is defined to be "secure" if the only permitted access modes of subjects to objects are in accordance with a security policy. To determine whether a specific access mode is allowed, the clearance of a subject is compared to the classification of the object to determine if the subject is authorised for the specific access mode. 11/19/2018

6 The clearance/classification scheme is expressed in terms of a lattice.
The Simple Security Property states that a subject at a given level of confidentiality may not read an object at a higher confidentiality level (no read-up). The * (star) Property states that a subject at a given level of confidentiality must not write to any object at a lower level of confidentiality (no write-down). The Discretionary Security Property uses an access matrix to specify discretionary access control 11/19/2018

7 Integrity - the condition in which data is identically maintained during any operation, such as transfer, storage, and retrieval. Another aspect of data integrity is the assurance that data can only be accessed and altered by those authorized to do so. Biba model is based on data integrity:- users can only create content at or below their own security level users can only view content at or above their own security level 11/19/2018

8 Hybrid models – Chinese Wall
Objects such as a file contain only information on only one subject, e.g. a company Groups – files belonging to one company are grouped together Conflict classes – groups classed together where there is a conflict of interest E.g. a consultant can access information from a company provided they have never accessed information from a different company in the same conflict class – i.e. there may be a conflict of interest 11/19/2018

9 Other Classic models Harrison Clark Wilson
Each have unique strengths but they must not be used solely to define a systems criteria they should rather form the basis of a set of specific policies. 11/19/2018

10 Why so many different models
The policy has to deal with many different situations and business rules Mandatory or discretionary Confidentiality or integrity Flow of information Conflicts of interest 11/19/2018

11 Access Control of objects
The underlying philosophy has been that subjects can determine who has access to their objects. There is a difference, though, between trusting a person and trusting a program. E.g., A gives B a program that A trusts, and since B trusts A, B trusts the program, while neither of them is aware that the program is buggy. Avoiding such problems leads to a different approach to access control : mandatory access control (MAC). In MAC, the system imposes an access control policy and object owners cannot change that policy. 11/19/2018

12 Accountability Although not a direct security definition system resource use needs to be monitored. Leads to the concept of Audits and later security policy control by Audit. 11/19/2018

13 Audit Selectively stored information related to possible security breach etc. Provides a trace back facility to track problem etc. To allow for Audit The system must identify all authorised resource use and also identify all unauthorised attempts to gain resource use 11/19/2018

14 Reliability and Safety
Any Accidental failures or safety shutdowns directly relate to the overall systems integrity So Security can be considered as an aspect of Reliability (or Vice Versa) 11/19/2018

15 Security - Reliability Dilemma
Security may impose controls and authorisation criteria that directly conflict with the overall systems reliability Security policy will normally attempt to block unauthorised access by looking for abnormal behaviour or patterns from user etc. A failure mode is just as likely to cause abnormal actions, possibly leading to the inability of the administrator to correct or shut down the system correctly ! 11/19/2018

16 The Security Designers Dilemma!
As networked systems increase and Internet etc. access becomes more widely available....  Security unaware users have specific security requirements but they normally have no security expertise to either specify or implement these needs  11/19/2018

17 Security Design factors
Security mechanisms need additional resource. These costs can normally be quantified Security restrictions must interface with users working patterns Clumsy or difficult interfaces lead to loss of productivity 11/19/2018

18 Security Management Security administration will cost money
Many network security implementations have been selected simply from a design model that looks at administration costs rather than by the security criteria needed. 11/19/2018

19 Design Criteria To design or specify a Security System
use a set of basic guide lines select a security model applicable to the users needs. 11/19/2018

20 Basic Design Rules First Second
In the application are the security measures focused on Data, Operations or the user Second In which layer of the system should the security measures be implemented 11/19/2018

21 Basic Design Rules Third Fourth
Do we want or need a simple set of criteria with high assurance or should it be feature rich with the inherent set up problems Fourth Where is the task for defining the security. In a central entity or distributed to the individual component elements 11/19/2018

22 Security is an issue for all
Summary Security is an issue for all Users find the concept difficult Security designers face an unenviable challenge at all levels. 11/19/2018

23 Risk analysis and management
Need to perform a risk analysis to determine the threats and the potential damage that could happen to company assets, in addition this will: Make security an integral part of the working culture Make management aware of the need to allocate resources for security Risk management involves the implementation and management of measures to minimise these identified threats 11/19/2018

24 Steps in risk analysis Identify all the companies assets
Determine the weaknesses Try and estimate how likely that weakness is to be attacked Cost the loss/year if the weakness is exploited Postulate possible measures to counter this weakness Cost the savings from these control measures 11/19/2018

25 Information security Management
BS7799 and is being adopted as the new international standard ISO/IEC 27000 National standard in Britain, Australia, Holland, New Zealand, many Scandinavian countries 10 Key controls and 109 detailed security controls 11/19/2018

26 BS ISO/IEC 27000 Certification allows you to trust partners and as a standard for ecommerce Certification may be required by law May loose business without it 11/19/2018

27 BS7799 key control areas Section Number Control area 1 Security Policy
2 Security organisation 3 Assets classification and control 4 Personnel security 5 Physical and Environmental security 6 Computer and network management 7 System access control 8 Systems development & maintenance 9 Business continuity planning 10 Compliance 11/19/2018

28 Each section has subsections
E.g. Section 1 Allocation of security responsibilities Security Education and training Reporting of security incidents Virus controls Business continuity planning process Control of copyrighted software copying Safeguarding of business records Data protection including personal info Compliance with security policy 11/19/2018

29 Applying BS7799 for benchmarking and certification
Needed for Measurement of your companies level of security Comparison with other companies – essential for eCommerce There are 6 steps to go through to apply for certification Then request a certified auditor to evaluate the company – certificate valid for 3 years 11/19/2018

30 11/19/2018

31 Orange Book US DoD’s Orange Book “Trusted Computer System Evaluation Criteria”, 1983 Four general divisions A (most secure) B (subdivided into 3 classes) C (subdivided into 2 classes) D (least secure) Each level has all the functionality of the lower levels Involves a trade off increased security means increased resources 11/19/2018

32 Orange Book Security Levels
D Minimal Protection C Discretionary Protection C1 Discretionary Security - user decides security for own objects – system should separate users from objects C2 Controlled Access - auditing required for user accountability, protection implemented to the degree of single user. Audit trail of access and attempts to access 11/19/2018

33 Orange Book Security Levels
B Mandatory Protection B1 Labelled Protection - users have security levels, objects have sensitivity levels B2 Structured Protection - rigorous design, based on a formal security model, B3 Security Domain - security kernel must be rigorously designed and proven to be secure A Verified Protection A1 Verified Design - formal proof of system design, trusted distribution from supplier to customer 11/19/2018


Download ppt "CP3397 Design of Networks and Security"

Similar presentations


Ads by Google