Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Immune IT: Moving from Security to Immunity

  • Be the first to comment

Immune IT: Moving from Security to Immunity

  1. 1. Immune IT Moving from Security to Immunity... -Ajit Hatti Club Hack 2008 Presentation
  2. 2. Contents - I <ul><li>Security : What is it? </li></ul><ul><li>Security : Why we need it? </li></ul><ul><li>Security : How we see it? </li></ul><ul><li>Security : What does it cost? </li></ul><ul><li>Security : Do we own it? </li></ul><ul><li>Security : How much is adequate? </li></ul>
  3. 3. Contents II <ul><li>Immunity : What is it? </li></ul><ul><li>Immunity : How much does it cost? </li></ul><ul><li>Immunity : Who is responsible? </li></ul><ul><li>Immunity : How to get it? </li></ul>
  4. 4. Contents III <ul><li>Requirement Gathering & Analysis </li></ul><ul><li>Designing a Solution </li></ul><ul><li>Coding & Reviews </li></ul><ul><li>Testing </li></ul><ul><li>Documentation/User Guide </li></ul><ul><li>Deployment </li></ul><ul><li>Maintenance </li></ul>
  5. 5. Security : What is it?
  6. 6. Security: Why do we need it?
  7. 7. Security: How we see it?
  8. 8. Security : What does it cost? <ul><li>An average annual Security Overheads incurred at prime organizations </li></ul><ul><ul><li>Expense incurred on security system - 20% </li></ul></ul><ul><ul><li>Computational resources engaged in security operations - 15% </li></ul></ul><ul><ul><li>Each person spending time on securing personal assets - 21% </li></ul></ul><ul><ul><li>Latency introduced due to security operations per connection - 2 sec / MB . </li></ul></ul><ul><ul><li>Data transfer only for security updates - 17 % </li></ul></ul><ul><li>And these figures are bound to increase. ( http://www.itbusinessedge.com/blogs/top/?p=207 ) </li></ul>
  9. 9. Security : Do we own it?
  10. 10. Security: How much is adequate?
  11. 11. Immunity: What is it?
  12. 12. Immunity: How much does it costs?
  13. 13. Immunity: Who is Responsible ?
  14. 14. Immunity: How to achieve it? <ul><li>Embedding Security in each and every steps of our engineering process. </li></ul><ul><li>Practice Security; integrate it in all operations. </li></ul><ul><li>Greater awareness. </li></ul>
  15. 15. Requirement Gathering & Analysis <ul><li>Implicit Security Considerations </li></ul>Explicit Security Considerations
  16. 16. Designing a Solution <ul><li>Confidentiality </li></ul><ul><ul><li>Enforcing access privileges. </li></ul></ul><ul><ul><li>Encryption & Leakage prevention. </li></ul></ul><ul><li>Integrity </li></ul><ul><ul><li>Defining the limits </li></ul></ul><ul><ul><li>Backup and Recovery </li></ul></ul><ul><li>Availability </li></ul><ul><ul><li>Business Continuity Plan. </li></ul></ul><ul><ul><li>Troubleshooting & Failure recovery support </li></ul></ul>
  17. 17. Coding and Reviews <ul><li>Code Should be : </li></ul><ul><ul><li>Less </li></ul></ul><ul><ul><li>Clear </li></ul></ul><ul><ul><li>Secure </li></ul></ul><ul><li>Review for : </li></ul><ul><ul><li>Validations </li></ul></ul><ul><ul><li>Possible memory corruptions </li></ul></ul><ul><ul><li>Initializations </li></ul></ul>
  18. 18. Testing <ul><li>Sanity Checks </li></ul><ul><li>Challenging Access control </li></ul><ul><li>Fuzzing </li></ul><ul><li>Vulnerability and Pen-Testing </li></ul><ul><li>Dog fooding </li></ul>
  19. 19. Documentation/User Guides <ul><li>Enforcing access control & encryption. </li></ul><ul><li>Changing the default configurations, settings and passwords. </li></ul><ul><li>Methods of backup and recovery etc. </li></ul><ul><li>Advisory on best practices, do’s and don’ts. </li></ul><ul><li>Known issues and workarounds. </li></ul>
  20. 20. Deployment & Maintanance <ul><li>Deploy the solutions with feasibly best & secure configuration. </li></ul><ul><li>Follow best practices. </li></ul><ul><li>Apply security updates, patches provided by vendors. </li></ul><ul><li>Conduct security audits for the system </li></ul>
  21. 21. <ul><li>Security is defined by CIA . </li></ul><ul><li>Addressing CIA at each phases of engineering results in Immunity. </li></ul><ul><li>Security must be integr ated in our thoughts , process and operations. </li></ul><ul><li>Immunity comes through ow ne rship of se curity . </li></ul>Conclusion

×