Security Assurance Policy Helper (saph)

Sizin üçün oyun:

Google Play'də əldə edin


Yüklə 445 b.
tarix26.07.2018
ölçüsü445 b.


Security Assurance Policy Helper (SAPH)

  • 鄭伯炤

  • bcheng@ccu.edu.tw


Outline

  • What is the Problem ?

  • Security Management Life Cycle

  • SAPH (Security Assurance Policy Helper)

    • SLC (Security Language Composer)
    • VAST (Vulnerability Assessment & Security Testing)
  • SAPH and Security Assurance

  • Conclusion

  • Reference



The Reality



Attack Motivations, Phases and Goals



What is the Problem ?



Security Management Cycle Problems



Security Management Cycle Problems

  • Design

    • Defining a good security policy and the topology of network in accordance with the requirements of an enterprise and the goal of the business
  • Monitoring & Audit

    • Performing testing and scanning to appraise risk values on the target network
  • Implementation

    • Including installing, system level testing, education and technical transference, etc
  • Assessment & Testing

    • Check whether the security policy is implemented correctly and investigate any intrusions


SAPH Architecture



SLC: Get The Highest Level of Security



SAPH Components – Security Language Composer

  • GUI : a Graphic User Interface providing user interactions

  • Policy & Topology model: allowing user to define security policies and network topology based on business and service requirements .

  • Security Guardian : an engine evaluates the risk of exposure and the cost of security breaches based on built-in and user-define functions

  • Object Storage : store network objects and security policy definitions

  • Enforcement : an intelligent agent is able to produce configuration profiles based on acceptable risks, security policy settings and network topology.

  • Configuration Profile : a set of configuration parameters and running scripts for network element and security device



Policy & Topology Model

  • Display an idea

  • Communicate to System and other engineer

  • OAB (Object Association Binding)

    • Object
    • Association
      • Relation Between Two Object
      • Direction、Condition、Action & Transition
    • Binding


OAB (Object Association Binding)



Security Guardian : Check Policy & Topology and Evaluate the Risk



Risk Relationship



Evaluation Function (Built-In and User-Defined)



Enforcement



SLC: Get The Highest Level of Security

  • Make good security policies to protect your networks and services

    • Accomplishable
    • Enforceable
    • Definable
  • Identify real security needs for service and match business requirements

  • Assessment and risk evaluation



SAPH Architecture



VAST: Assure Information and Networking Security



SAPH Components - Vulnerabilities Assessment & Security Testing (VAST)

  • Import/Interpreter: a converter to import audit log/syslog from security audit tools and network elements into Black Hat Database or transform attack severity/structure to Evaluator for further analysis.

  • Black Hat Database: real hacker signatures and methods

  • White Hat Database: network architecture and network element (e.g., router and firewall) configuration, security profiles and well know security holes

  • Verifier: an engine use both Black Hat and White Hat Database to forecast/analyze possible vulnerabilities

  • Script Generator: generating script files to exploit vulnerabilities

  • Lighter: an engine launch attacks based on hacker scripts



Lighter



VAST: Assure Information and Networking Security

  • Assessment

    • Information reconnaissance and network scan
    • Vulnerability assessment and threat Analysis
  • Penetration

    • System penetration test
    • Security policy certification
  • Auditing

    • Log analysis


SAPH and Security Assurance

  • Design assurance

    • Policy & Topology Model : OAB (Object Association Binding)
    • Security Guardian
  • Development assurance

    • VAST
  • Operation assurance

    • Enforcement
    • GUI


Conclusion



Reference (1/2)

  • BCS Review 2001 Setting standards for information security policy http://www.bcs.org.uk/review/2001/html/p181.htm

  • B. Fraser, “RFC2196: Site Security Handbook”, IETF, September 1997.

  • BUGTRAQ http://www.securityfocus.com/archive/1

  • E. Carter, Cisco Secure Intrusion Detection System, Cisco Press, 2001

  • G. Stoneburner, A. Goguen, and A. Feringa "Risk Management Guide for Information Technology Systems", Special Publication 800-30, NIST.

  • J. Wack and M. Tracey, “Guideline on Network Security Testing”, Draft Special Publication 800-42, NIST, February 4, 2002



Reference (2/2)

  • Microsoft Security Bulletin MS03-028 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-028.asp

  • R. M. Barnhart, “High Assurance Security Mideical Information Systems”, Science Application International Corporation, 2000

  • SANS Institute - Security Policy Project. http://www.sans.org/resources/policies/

  • S. Northcutt, L. Zeltser, S. Winters, K. Kent Frederick, R. W.Ritchey, Inside Network Perimeter Security, New Riders , 2003

  • T. Layton, “Penetration Studies – A Technical Overview” SANS, May 30, 2002



  • Question ?

  • Thank You !




Dostları ilə paylaş:
Orklarla döyüş:

Google Play'də əldə edin


Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©muhaz.org 2017
rəhbərliyinə müraciət

    Ana səhifə