Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Architectures Cyber Security Lab Spring 2010.

Published byRhoda Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Architectures Cyber Security Lab Spring 2010."— Presentation transcript:

1 Security Architectures Cyber Security Lab Spring 2010

2 Security Policy A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide – RFC 2196 Security policy separates the world into secure and insecure states –What is the information to be protected? –Who is responsible? Dictating what not how Must be feasible to implement

3 Security Policy The organizational security policy guides the requirements for a security design –The security policy is an English document –Hopefully rather precise –Defines the goals of the security implementation Often there is a hierarchy of policy –From broad organizational policy –To more detailed technology specific security guidelines

4 4 Hierarchy of Policies Organizational Policy Departmental Policy Department Standards CSIL-Linux10 SE Linux Policy Linux Lab Umask settings

5 5 Natural Language Security Policies Targeting Humans – Written at different levels To inform end users To inform lawyers To inform technicians Users, owners, beneficiaries (customers) As with all policies, should define purpose not mechanism – May have additional documents that define how policy maps to mechanism Should be enduring – Don't want to update with each change to technology Shows due diligence on part of the organization

6 Security Policy References RFC 2196 – Site Security Handbook –Discusses policy and more general design and implementation issues. Published in 1997, so some of the technology references are dated, but the general recommendations are still valid SANS policy examples – http://www.sans.org/resources/policies/http://www.sans.org/resources/policies/ Information Security Policies and Procedures, Thomas Peltier – In the library

7 7 University of Illinois Information Security Policies – System wide policy; Identifies what, not how – http://www.obfs.uillinois.edu/manual/central_p/sec1 9-5.html http://www.obfs.uillinois.edu/manual/central_p/sec1 9-5.html CITES UIUC standards and guidelines – DNS - http://www.cites.uiuc.edu/dns/standards.htmlhttp://www.cites.uiuc.edu/dns/standards.html – FERPA - http://www.cites.uiuc.edu/edtech/development_aids/ ferpa/index.html http://www.cites.uiuc.edu/edtech/development_aids/ ferpa/index.html CS Department policies – https://agora.cs.illinois.edu/display/tsg/Polici es https://agora.cs.illinois.edu/display/tsg/Polici es

8 What is a security architecture? A framework that guides the security implementation –Guided by the security policy –Breaks the problem into modular pieces Can implement and perfect a module Can repeat implementation of proven modules and organization grows, e.g. remote office module Abstracting from implementation specifics aids in understanding the guiding structure of the system

9 Architecture Abstractions May be useful to think in terms of physical analogs –Data in file cabinets Drawer granularity Locks –Fortresses or silos Gates or guards at limited access points Toll booths

10 Security Architectures Can generalize security architecture for classes of systems Can be found for many general system elements –J2EE applications –Client server applications –.Net applications

11 Cisco SAFE A series of network security architecture blueprints –Identifies frameworks for particular scenarios –Analyzes placement of security enforcement devices in the network design Even if you don’t use these modules, the analysis can help you understand reasons for using mechanisms at various points Modules enable people to incorporate portions of the blueprint into their environment Following diagrams are from the SAFE Enterprise document –Copies handed out in class

12 Cisco Icon Overview Complete overview at http://www.cisco.com/warp/public/503/2.html http://www.cisco.com/warp/public/503/2.html

13 Overall Enterprise Design

14 Enterprise Campus

15 Management Module

16 Building Distribution Module

17 Building Module

18 Server Module

19 Edge Distribution Module

20 Second portion of architecdture

21 More of the second portion

22 Corporate Internet Module

23 Corporate Internet – Another View

24 VPN/Remote Access Module

25 E-Commerce Module

26 E-Commerce Module, another view

Download ppt "Security Architectures Cyber Security Lab Spring 2010."

Similar presentations

Logical and Physical Design of an Information System

Logical and Physical Design of an Information System
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
The International Security Standard

The International Security Standard
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.

Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.

CAMP Med Building a Health Information Infrastructure to Support HIPAA Rick Konopacki, MSBME HIPAA Security Coordinator University of Wisconsin-Madison.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Developing a Culture of Information Management You’ve selected your ECM solution – Now what? Paul Bauman TOWER Software December 13, 2006.

Developing a Culture of Information Management You’ve selected your ECM solution – Now what? Paul Bauman TOWER Software December 13, 2006.
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.

CST 481/598 x.2.  Broad overview of policy material  What is a “process”  Tiers (not tears) Many thanks to Jeni Li.
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Introduction to Databases Transparencies

Introduction to Databases Transparencies
The Use of Zachman Framework Primitives for Enterprise Modeling

The Use of Zachman Framework Primitives for Enterprise Modeling
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Enterprise Network Architecture SAFE Suhento Gunawan Systems Engineer.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Enterprise Network Architecture SAFE Suhento Gunawan Systems Engineer.
THE BASICS OF THE WEB Davison Web Design. Introduction to the Web Main Ideas The Internet is a worldwide network of hardware. The World Wide Web is part.

THE BASICS OF THE WEB Davison Web Design. Introduction to the Web Main Ideas The Internet is a worldwide network of hardware. The World Wide Web is part.
Module 1: Introduction to Designing a Directory Services Infrastructure.

Module 1: Introduction to Designing a Directory Services Infrastructure.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Similar presentations

Ads by Google