Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IT security : a five-legged sheep

16 views

Published on

Admission control adds a desperately needed leg to the security stool. It’s conceptually simple. When a device attempts to connect to a network, we examine that device to verify that it is free of malicious code before we accept a single keystroke from a user at that device. We can verify that all security measures – firewall, antivirus, antispyware, host IDS – are have all the current patches, malware and intrusion signatures, are properly configured and are operating as anticipated. If an endpoint fails to meet these criteria, we can block admission, or quarantine the endpoint to a location on our network where the user can access the resources required to bring the endpoint into compliance.

Published in: Software
  • Be the first to comment

  • Be the first to like this

IT security : a five-legged sheep

  1. 1. IT security : a five-legged sheep Security begins with the letter “A” Authentication and authorization are the two most fundamental and commonly employed attributes of security. They sound alike, and their definitions are often confused, so let me begin by offering mine:  Authentication is the means by which a person proves he is who he claims to be in a non-refutable manner. Authentication is also a means whereby a computer system proves it is the originator of a packet, and how an application such as a web server proves it is the agent for an e-merchant’s online credit card transaction.  Authorization is the process of determining whether an identity is entitled or allowed access to a resource or asset. Authorization typically assumes that an identity has been authenticated. An identity that is allowed access is trusted and granted access permissions, in accordance with defined policy. Most organizations use one or more authentication methods, and extend these to branch office users. Fewer organizations devote as much attention to authorization. Commonly, authenticated users at branch offices have access to individual and group accounts on local servers as well as intranet servers hosted at HQ, but unrestricted access to the web and collaborative applications like IMs and VoIP. Assuming yours is an organization whose branch offices have an authentication strategy in place, I recommend that you add a security A. Revisit your authorization policy for branch offices. Consider implementing egress traffic filtering. Rather than allowing access to ANY external service, begin with a DENY ALL rule, and allow access the set of applications you determine are business-appropriate. So far, we’ve looked at two security attributes, and both begin with the letter A. Curiously, or perhaps intentionally, many other security attributes begin with the letter A: Accounting, Accuracy, Authenticity, Availability. Three-legged Stool (Triple-A) Not remarkably, security professionals took advantage of this happy circumstance and developed analog to explain the fundamentals of security. An early popular analog likened the essential attributes of security to a three-legged stool to illustrate why security, like a stool, needs more than two legs to stand on its own. Authentication server vendors, especially those who supported what is known as the RADIUS authentication protocol chose to add accounting for the third leg. They coined the term Triple A to kindle interest among Service Providers who were exploring alternatives to flat monthly rate Internet access. Today, some security professionals feel that accounting was the best choice to complement authentication and authorization as a third leg and replace accounting with the more general (and in my opinion) practical choice of auditing, which is the process of monitoring and recording networking and security-related events for subsequent correlation and analysis. Auditing is commonly implemented using event logging and most server, storage, networking and security
  2. 2. Four legs provide a sturdier seat For many security professionals, the fourth leg of choice is Authenticity or its security synonym, Accuracy. Authenticity is a process by which the integrity of data and its origin are verified. Authenticity assures the recipient of data that the data he received are an exact copy of the data that were transmitted, and that the data were indeed produced by the sender. You can implement this security A in many ways, and incrementally. Consider whether integrity protection measures would be appropriate for the data that is likely to reside, be stored at, or communicated to and from branch offices. For example, it might be useful to put anti-tampering measures on servers to protect against unauthorized or unintentional modification of critical system and configuration files. If your business routinely exchanges sensitive information using internal mail and document delivery systems, consider whether employees should hash and sign such documents. Four legs makes for a sturdy stool. But recently, security professionals are exploring ways to make the stool even sturdier if somewhat unusual in appearance. Historically, authentication has been considered the enabler of all security services. Let’s look at some examples where having verified that a person is who he claims to be isn’t enough.  Mary proves her identity to an air transportation security inspector using her government-issued passport. Knowing that Mary is indeed Mary doesn’t assure us that she’s not concealing a weapon.  John proves his identity to a US Customs and Immigration officer using his new Canadian high-security driver’s license. Knowing that John is who he claims to be doesn’t tell us whether he’s carrying a communicable disease.  Beth is on her way to a confidential board meeting where her company’s earnings will be reviewed prior to public disclosure of its annual report. She proves her identity to the security guard at her employer’s office using her company-issued ID. Knowing that Beth is who she claims to be doesn’t tell us whether an industrial spy’s planted a listening device on her clothing. Suppose Mary, John and Beth are not people but computers trying to connect to networks. Mary’s concealing a root kit. John’s infected with a virus. Beth’s hosting a keylogger. Just as in our real world examples, authentication alone doesn’t help us assert the trustworthiness of the endpoint device from which a user will authenticate and subsequently access data. Adding a Fifth Leg Admission control adds a desperately needed leg to the security stool. It’s conceptually simple. When a device attempts to connect to a network, we examine that device to verify that it is free of malicious code before we accept a single keystroke from a user at that device. We can verify that all security measures – firewall, antivirus, antispyware, host IDS – are have all the current patches, malware and intrusion signatures, are properly configured and are operating as anticipated. If an endpoint fails to meet these criteria, we can block admission, or quarantine the endpoint to a location on our network where the user can access the resources required to bring the endpoint into compliance. Many organizations have successfully implemented these five As throughout their main offices and campuses.

×