Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
A Case for Multi-tiered Security                                   WHITE PAPER                                   Introduct...
and/or complacency. Motivated by financial gain, attacks are becoming more focused and                                  so...
As shown in Figure 3, typical deployments of perimeter defenses first aggregate external                                  ...
E                                           ICAL S CUR                                         YS ASTRUC ITY              ...
Figure 5 illustrates these concepts, as well as several other prudent measures. Perimeterdefenses are used to protect the ...
Upcoming SlideShare
Loading in …5

A Case for Multi-tiered Security_WP_(EN)_web


Published on

  • Be the first to comment

  • Be the first to like this

A Case for Multi-tiered Security_WP_(EN)_web

  1. 1. A Case for Multi-tiered Security WHITE PAPER Introduction Perimeter network defense alone is insufficient to combat the full range of enterprise security threats. A defense-in-depth approach focused on protecting the confidentiality and integrity of data, while providing authenticated access to computing resources, is necessary to mitigate today’s risks. Paradigm shifts, such as cloud computing, software-as-a-service, and remote data warehousing, add significant challenges, as does the proliferation of sophisticated botnets and small, inexpensive, high-capacity portable storage devices. This paper outlines a balanced approach to enterprise security—defending the perimeter while protecting interior services and critical data. The Advancing Threat Environment Business or mission impacts result when threats exploit vulnerabilities through an access vector to affect targets, as shown in Figure 1. The relationship between these attack components is many-to-many, with a large Threat number of combinations yielding a vast set Vector of threads against which the enterprise Target Impact must be protected. Unk it no x plo wnAccording to Gartner’s 2008 For the purpose of illustration, we have yE Te g In te rn ch igin oreport on IT Security Threats1, used very coarse groupings; however, a ol Data At Res no t hn lO log r eccyber threats continue to evolve further decomposition of threats, vectors, nT y ns E xp tio Data Loss/and are driven by technology and targets would reveal even more Know ica Compromise n ppl External Origi loit Dat Compliancechanges, as well as increased threads of potential vulnerability. This User A a In Motion Violation/ Mission/ Liabilityuser trust and/or complacency. property, in which an attacker may exploit Business Disruption Loss of ploit Confidence/ multiple targets through multiple vectors Increased Reputation Com Operating y Ex in an attempt to produce a given impact, Costs ms S oc s ra I ce i nf log st rv reinforces the need for defense-in-depth to ru Se ial ctu g utin o re Comp hn /P protect critical assets. ro ec es T c s c Ex Hybrid hi plo orp According to Gartner’s 2008 report on IT it Polym Security Threats1, cyber threats continue Figure 1. Attackers use a range of exploits through multiple to evolve and are driven by technology access vectors to impact targets and damage the enterprise changes, as well as increased user trust A Case for Multi-tiered Security White Paper 1
  2. 2. and/or complacency. Motivated by financial gain, attacks are becoming more focused and sophisticated as targets have shifted from vulnerable PCs to websites and user data. Highly ranked vulnerabilities on the common vulnerability scoring system continue to soar, more than tripling from 2007 to 2008. Web and social networking sites are compromised with malware payloads, while spear phishing techniques are used to deploy botnets over email. Data from Microsoft Corporation’s Malicious Software Removal Tool indicates that, since late 2006, the fastest-growing category of malware is botnet clients. Serious incidents involving data compromise and loss, both deliberate and accidental, are also on the rise. Portable storage, especially universal serial bus (USB) devices, enables uncontrolled movement and modification of large volumes of data, resulting in information theft and loss. Additionally, these storage devices provide another convenient means to bypass network-based security and inject malware into the enterprise that can spread quickly to wired and wireless technologies.Serious incidents involving Figure 2 summarizes these challenges in the context of a typical enterprise. Threats exploitdata compromise and loss, all vectors, including witting and unwitting insiders. They include poor physical security, lackboth deliberate and accidental, of user security awareness, malicious downloads, weak authentication, limited or no securityare also on the rise. Portable monitoring, unauthorized access to applications, and even the supply chain to infiltrate anstorage, especially universal enterprise. Once in, threats propagate, multiply, steal, disrupt, and, above all, attempt to avoidserial bus (USB) devices, detection and remain persistent in the network.enables uncontrolled movementand modification of largevolumes of data, resulting in Data In Data Atinformation theft and loss. Motion Rest Enterprise Virtual “Cloud” Data At Data In Computer Rest Business & Use Computing Data In Mission Systems/ Use Data Servers Repositories Data In Public External Threats Use Threats End User Network(s) Systems Data In Threats Motion Users Data At Data In Data At Rest Communications Portable Motion Rest Infrastructure Assets Mobile Systems Data In Use Users Figure 2. The enterprise is threatened from both internal and external sources targeting data, technology, and users. Countermeasure Analysis Perimeter defense is a fundamental component of an enterprise defense-in-depth solution. Designed primarily to mitigate external threats, these approaches include network-based firewalls, intrusion detection, and intrusion prevention systems. The technology can be signature-based or attempt to detect traffic anomalies through statistical traffic and/or log analysis. Implementations range from basic header filtering to stateful deep packet inspection. A Case for Multi-tiered Security White Paper 2
  3. 3. As shown in Figure 3, typical deployments of perimeter defenses first aggregate external connections through common gateways to limit the number of protection points. Public/ Perimeter External Defense Network(s) System(s) Enterprise C Threats Border Enterprise B Gateway Real-time Enterprise A Inspection Signatures Thresholds Systems & Resources Policy/ Data Statistics Rules Users Figure 3. Perimeter defense systems focus on keeping external threats from penetrating the enterprise Protection is then applied at the aggregate, high-speed demarcation point into the public or transport network. While this is a prudent approach to reducing risk, its effectiveness is dependent upon a defined and functioning set of security policies governing the entire network using the external connection. If the external connection is servicing multiple networks with differing policies (for example, acceptable user applications), establishing the real-time rules and statistics needed by the perimeter defense technology will be problematic.The traditional perimeter- Complicating matters, today’s applications (and malware) use tunnels, masquerading, spoofing,centric security philosophy and encryption to bypass network-based controls and hide in normal traffic. The larger and moreassumes that perimeter heterogeneous the enterprise becomes, the higher the “noise floor” becomes, making it moredefenses “keep the bad guys difficult to distinguish normal behavior from threat behavior, and to identify covert channels.out” and ensure that sensitive Cloud-computing services, such as those offered via Google and Amazon, store and processdata is only accessed by trusted data on virtual machines located beyond the client’s enterprise. This growing trend, promisingusers within the enterprise. increased reliability, availability, and lower cost, has been hailed as the next big step in computing. However, from a security perspective, it reduces the applicability perimeter defense as it blurs the line defining the “perimeter.” In this paradigm, any assumption of privacy or confidentiality is naive and users are advised to adopt technologies such as encryption, identity management, and controlled access. The traditional perimeter-centric security philosophy assumes that perimeter defenses “keep the bad guys out” and ensure that sensitive data is only accessed by trusted users within the enterprise. While the perimeter provides one layer of protection, as depicted in Figure 4, sensitive data continues to escape the enterprise at an increasing frequency. As described on the National Institute of Standards and Technology’s (NIST’s) National Cyber Security Fact Sheet2: “Many of today’s tools and mechanisms for protecting against cyber attacks were designed with yesterday’s technology in mind. Information systems have evolved from room-size computer workstations shut off from the rest of the world to ubiquitous mobile devices interconnected by a global Internet. In this diverse ecology of communication devices, no cyber security solution works on all operating systems and can protect every type of computer and network component.” In fact, today’s enterprise networks include so many teleworkers, branch offices, network capable smartphones, and removable media platforms that traditional security solutions designed to protect network systems are no longer adequately protecting the data. In addition, a perimeter-based approach does not address insider threats or the real-world problem in which a breach of the perimeter defense provides unauthorized parties free access to the data. A Case for Multi-tiered Security White Paper 3
  4. 4. E ICAL S CUR YS ASTRUC ITY PH INFR TUR E RK AN D ACCESS MA NA D TY O G E F EN T TW TI EN EM EN NE SE ID Sensitive Data ks ection Fire TO wa ll , t K O ENS, PKI, SS De An tru ti-V ion oc irus, Intrus S ctu res, Barriers, LFigure 4. Sensitive data is escaping despite state-of-the-art perimeter defensesAdditional security layers are needed to protect the enterprise from unauthorized connectionswithin the network. This includes security technologies such as user authentication, deviceauthentication, network access control, and comprehensive wireless security. It is imperative toalso protect the data itself using strong encryption and key management technologies to preventinadvertent loss, intentional theft, or malicious injection of data.To highlight the benefits of a multi-tier security approach, consider the following scenario.An attacker, or unwitting user, introduces self-propagating malware (i.e., worm) from a USBportable storage device directly into the enterprise network via a host USB port.The worm contains a bot client designed to search for data of interest and exfiltrate the dataslowly over time using various covert channels. In this scenario, unless this botnet is well-knownand has been analyzed, perimeter defenses are highly unlikely to detect its first communicationswith the bot-herder or master. It is likely that the bot will operate for some time before detection,especially if it is polymorphic – changing its signature regularly – or if the duration betweencommunication to the bot-herder is spaced in an undetectable pattern. Upon suspicion of acompromise, perimeter defenses would be focused and fine-tuned in an attempt to detectand disrupt the covert channel. However, by the time perimeter defenses are successful,considerable data will likely have been compromised.Three principal countermeasures should be applied to protect against this scenario.1. Technical enforcement of policy governing controlled use of all external interfaces on host computers. Since this scenario involves deliberate misuse, administrative controls and physical security are not sufficient, and interfaces need to be either disconnected or logically controlled by software.2. Data at rest should be encrypted. This would not prevent the exfiltration, but it would prevent compromise as the data would not be exposed.3. Critical data and access to resources should be protected using multi-factor authentication. This would limit access to the data and resources that the worm could access, even if it is capable of capturing user names and passwords.A Case for Multi-tiered Security White Paper 4
  5. 5. Figure 5 illustrates these concepts, as well as several other prudent measures. Perimeterdefenses are used to protect the enterprise gateway. Within the enterprise, perimeter defensetechnologies are applied to protect high-value resources—forming protective enclaves. Data atrest and in motion is encrypted, both in the enterprise and “in the cloud.” Mobile systems boot toencrypted hard drives and use encrypted communications to connect to the enterprise. Tokensare used to augment user name and password credentials, communication and processingdevices such as routers and servers are hardened, and end-user systems and portable assetsare placed under tight configuration control with current antivirus and endpoint protectionsoftware. Enterprise Data In Data At Motion Rest Data At Data In Virtual Rest Business & Use “Cloud” Computing Computer Mission Systems/ Data Data In Servers Repositories Use Protected Enclave Protected Enclave Perimeter Defense Data In Public/ External Use System(s) Network(s) End User Systems Config Auth Data In Ctrl Token Motion Users Data In Data At Motion Rest Communications Portable Data At Infrastructure Assets Rest Mobile Systems Data In Use Auth Token UsersFigure 5. A multi-tiered security approach protects enterprise data and resources within and beyond the perimeterConclusionAs organizations focus considerable resources on deployment of advanced perimeterdefenses, care should be taken to avoid relying too heavily on this single approach. Increasinglysophisticated and focused attacks, the insider threat, and uncontrolled user behavior, as wellas changes in Internet services and computing architectures themselves, pose challenges thatcannot be addressed at the perimeter alone.Effective enterprise security applies a defense-in-depth approach—implementing securitypolicies, system monitoring, incident response, and user awareness training alongsidediversified technical solutions combining perimeter defense with data and resource protection.SAIC - Cyber PMO+1 (703) 676-8381SafeNet Federal office+ (703) 647 8400Contact Us: For all office locations and contact information, please visit www.safenet-inc.comFollow Us:©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet.All other product names are trademarks of their respective owners. WP (EN)-03.02.11A Case for Multi-tiered Security White Paper 5