Security Assurance Policy Helper (saph)

Yüklə 445 b.

tarix	26.07.2018
ölçüsü	445 b.
	#59024

Security Assurance Policy Helper (SAPH)

鄭伯炤
bcheng@ccu.edu.tw

Outline

What is the Problem ?
Security Management Life Cycle
SAPH (Security Assurance Policy Helper)

SLC (Security Language Composer)
VAST (Vulnerability Assessment & Security Testing)

SAPH and Security Assurance
Conclusion
Reference

The Reality

Attack Motivations, Phases and Goals

What is the Problem ?

Security Management Cycle Problems

Design

Defining a good security policy and the topology of network in accordance with the requirements of an enterprise and the goal of the business

Monitoring & Audit

Performing testing and scanning to appraise risk values on the target network

Implementation

Including installing, system level testing, education and technical transference, etc

Assessment & Testing

Check whether the security policy is implemented correctly and investigate any intrusions

SAPH Architecture

SLC: Get The Highest Level of Security

Make good security policies to protect your networks and services

Accomplishable
Enforceable
Definable

Identify real security needs for service and match business requirements
Assessment and risk evaluation

SAPH Components – Security Language Composer

GUI : a Graphic User Interface providing user interactions
Policy & Topology model: allowing user to define security policies and network topology based on business and service requirements .
Security Guardian : an engine evaluates the risk of exposure and the cost of security breaches based on built-in and user-define functions
Object Storage : store network objects and security policy definitions
Enforcement : an intelligent agent is able to produce configuration profiles based on acceptable risks, security policy settings and network topology.
Configuration Profile : a set of configuration parameters and running scripts for network element and security device

Policy & Topology Model

Display an idea
Communicate to System and other engineer
OAB (Object Association Binding)

Object

Entity、Concept or Group
Data & Attribution

Association

Relation Between Two Object
Direction、Condition、Action & Transition

Binding

Relation Between Two Model
Object in Policy Model & Object in Topology Model

OAB (Object Association Binding)

Security Guardian : Check Policy & Topology and Evaluate the Risk

Risk Relationship

Evaluation Function (Built-In and User-Defined)

Enforcement

SLC: Get The Highest Level of Security

Make good security policies to protect your networks and services

Accomplishable
Enforceable
Definable

Identify real security needs for service and match business requirements
Assessment and risk evaluation

SAPH Architecture

VAST: Assure Information and Networking Security

Assessment

Information reconnaissance and network scan
Vulnerability assessment and threat Analysis

Penetration

System penetration test
Security policy certification

Auditing

Log analysis

SAPH Components - Vulnerabilities Assessment & Security Testing (VAST)

Import/Interpreter: a converter to import audit log/syslog from security audit tools and network elements into Black Hat Database or transform attack severity/structure to Evaluator for further analysis.
Black Hat Database: real hacker signatures and methods
White Hat Database: network architecture and network element (e.g., router and firewall) configuration, security profiles and well know security holes
Verifier: an engine use both Black Hat and White Hat Database to forecast/analyze possible vulnerabilities
Script Generator: generating script files to exploit vulnerabilities
Lighter: an engine launch attacks based on hacker scripts

Lighter

VAST: Assure Information and Networking Security

Assessment

Information reconnaissance and network scan
Vulnerability assessment and threat Analysis

Penetration

System penetration test
Security policy certification

Auditing

Log analysis

SAPH and Security Assurance

Design assurance

Policy & Topology Model : OAB (Object Association Binding)
Security Guardian

Development assurance

VAST

Operation assurance

Enforcement
GUI

Conclusion

Reference (1/2)

BCS Review 2001 Setting standards for information security policy http://www.bcs.org.uk/review/2001/html/p181.htm
B. Fraser, “RFC2196: Site Security Handbook”, IETF, September 1997.
BUGTRAQ http://www.securityfocus.com/archive/1
E. Carter, Cisco Secure Intrusion Detection System, Cisco Press, 2001
G. Stoneburner, A. Goguen, and A. Feringa "Risk Management Guide for Information Technology Systems", Special Publication 800-30, NIST.
J. Wack and M. Tracey, “Guideline on Network Security Testing”, Draft Special Publication 800-42, NIST, February 4, 2002

Reference (2/2)

Microsoft Security Bulletin MS03-028 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-028.asp
R. M. Barnhart, “High Assurance Security Mideical Information Systems”, Science Application International Corporation, 2000
SANS Institute - Security Policy Project. http://www.sans.org/resources/policies/
S. Northcutt, L. Zeltser, S. Winters, K. Kent Frederick, R. W.Ritchey, Inside Network Perimeter Security, New Riders , 2003
T. Layton, “Penetration Studies – A Technical Overview” SANS, May 30, 2002

Question ？
Thank You ！

Yüklə 445 b.

Dostları ilə paylaş:

Security Assurance Policy Helper (saph)

Security Assurance Policy Helper (SAPH)

鄭伯炤

bcheng@ccu.edu.tw

Outline

What is the Problem ?

Security Management Life Cycle

SAPH (Security Assurance Policy Helper)

SAPH and Security Assurance

Conclusion

Reference

The Reality

Attack Motivations, Phases and Goals

What is the Problem ?

Security Management Cycle Problems

Security Management Cycle Problems

Design

Monitoring & Audit

Implementation

Assessment & Testing

SAPH Architecture

SLC: Get The Highest Level of Security

Make good security policies to protect your networks and services

Identify real security needs for service and match business requirements

Assessment and risk evaluation

SAPH Components – Security Language Composer

GUI : a Graphic User Interface providing user interactions

Policy & Topology model: allowing user to define security policies and network topology based on business and service requirements .

Security Guardian : an engine evaluates the risk of exposure and the cost of security breaches based on built-in and user-define functions

Object Storage : store network objects and security policy definitions

Enforcement : an intelligent agent is able to produce configuration profiles based on acceptable risks, security policy settings and network topology.

Configuration Profile : a set of configuration parameters and running scripts for network element and security device

Policy & Topology Model

Display an idea

Communicate to System and other engineer

OAB (Object Association Binding)

OAB (Object Association Binding)

Security Guardian : Check Policy & Topology and Evaluate the Risk

Risk Relationship

Evaluation Function (Built-In and User-Defined)

Enforcement

SLC: Get The Highest Level of Security

Make good security policies to protect your networks and services

Identify real security needs for service and match business requirements

Assessment and risk evaluation

SAPH Architecture

VAST: Assure Information and Networking Security

Assessment

Penetration

Auditing

SAPH Components - Vulnerabilities Assessment & Security Testing (VAST)

Import/Interpreter: a converter to import audit log/syslog from security audit tools and network elements into Black Hat Database or transform attack severity/structure to Evaluator for further analysis.

Black Hat Database: real hacker signatures and methods

White Hat Database: network architecture and network element (e.g., router and firewall) configuration, security profiles and well know security holes

Verifier: an engine use both Black Hat and White Hat Database to forecast/analyze possible vulnerabilities

Script Generator: generating script files to exploit vulnerabilities

Lighter: an engine launch attacks based on hacker scripts

Lighter

VAST: Assure Information and Networking Security

Assessment

Penetration

Auditing

SAPH and Security Assurance

Design assurance

Development assurance

Operation assurance

Conclusion

Reference (1/2)

BCS Review 2001 Setting standards for information security policy http://www.bcs.org.uk/review/2001/html/p181.htm

B. Fraser, “RFC2196: Site Security Handbook”, IETF, September 1997.

BUGTRAQ http://www.securityfocus.com/archive/1

E. Carter, Cisco Secure Intrusion Detection System, Cisco Press, 2001

G. Stoneburner, A. Goguen, and A. Feringa "Risk Management Guide for Information Technology Systems", Special Publication 800-30, NIST.

J. Wack and M. Tracey, “Guideline on Network Security Testing”, Draft Special Publication 800-42, NIST, February 4, 2002

Reference (2/2)

Microsoft Security Bulletin MS03-028 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-028.asp

R. M. Barnhart, “High Assurance Security Mideical Information Systems”, Science Application International Corporation, 2000

SANS Institute - Security Policy Project. http://www.sans.org/resources/policies/

S. Northcutt, L. Zeltser, S. Winters, K. Kent Frederick, R. W.Ritchey, Inside Network Perimeter Security, New Riders , 2003

T. Layton, “Penetration Studies – A Technical Overview” SANS, May 30, 2002