Ajit - Immune IT: Moving from Security to Immunity - ClubHack2008

858 views

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
858
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ajit - Immune IT: Moving from Security to Immunity - ClubHack2008

  1. 1. Immune IT Moving from Security to Immunity... -Ajit Hatti Club Hack 2008 Presentation
  2. 2. Contents - I <ul><li>Security : What is it? </li></ul><ul><li>Security : Why we need it? </li></ul><ul><li>Security : How we see it? </li></ul><ul><li>Security : What does it cost? </li></ul><ul><li>Security : Do we own it? </li></ul><ul><li>Security : How much is adequate? </li></ul>
  3. 3. Contents II <ul><li>Immunity : What is it? </li></ul><ul><li>Immunity : How much does it cost? </li></ul><ul><li>Immunity : Who is responsible? </li></ul><ul><li>Immunity : How to get it? </li></ul>
  4. 4. Contents III <ul><li>Requirement Gathering & Analysis </li></ul><ul><li>Designing a Solution </li></ul><ul><li>Coding & Reviews </li></ul><ul><li>Testing </li></ul><ul><li>Documentation/User Guide </li></ul><ul><li>Deployment </li></ul><ul><li>Maintenance </li></ul>
  5. 5. Security : What is it?
  6. 6. Security: Why do we need it?
  7. 7. Security: How we see it?
  8. 8. Security : What does it cost? <ul><li>An average annual Security Overheads incurred at prime organizations </li></ul><ul><ul><li>Expense incurred on security system - 20% </li></ul></ul><ul><ul><li>Computational resources engaged in security operations - 15% </li></ul></ul><ul><ul><li>Each person spending time on securing personal assets - 21% </li></ul></ul><ul><ul><li>Latency introduced due to security operations per connection - 2 sec / MB . </li></ul></ul><ul><ul><li>Data transfer only for security updates - 17 % </li></ul></ul><ul><li>And these figures are bound to increase. ( http://www.itbusinessedge.com/blogs/top/?p=207 ) </li></ul>
  9. 9. Security : Do we own it?
  10. 10. Security: How much is adequate?
  11. 11. Immunity: What is it?
  12. 12. Immunity: How much does it costs?
  13. 13. Immunity: Who is Responsible ?
  14. 14. Immunity: How to achieve it? <ul><li>Embedding Security in each and every steps of our engineering process. </li></ul><ul><li>Practice Security; integrate it in all operations. </li></ul><ul><li>Greater awareness. </li></ul>
  15. 15. Requirement Gathering & Analysis <ul><li>Implicit Security Considerations </li></ul>Explicit Security Considerations
  16. 16. Designing a Solution <ul><li>Confidentiality </li></ul><ul><ul><li>Enforcing access privileges. </li></ul></ul><ul><ul><li>Encryption & Leakage prevention. </li></ul></ul><ul><li>Integrity </li></ul><ul><ul><li>Defining the limits </li></ul></ul><ul><ul><li>Backup and Recovery </li></ul></ul><ul><li>Availability </li></ul><ul><ul><li>Business Continuity Plan. </li></ul></ul><ul><ul><li>Troubleshooting & Failure recovery support </li></ul></ul>
  17. 17. Coding and Reviews <ul><li>Code Should be : </li></ul><ul><ul><li>Less </li></ul></ul><ul><ul><li>Clear </li></ul></ul><ul><ul><li>Secure </li></ul></ul><ul><li>Review for : </li></ul><ul><ul><li>Validations </li></ul></ul><ul><ul><li>Possible memory corruptions </li></ul></ul><ul><ul><li>Initializations </li></ul></ul>
  18. 18. Testing <ul><li>Sanity Checks </li></ul><ul><li>Challenging Access control </li></ul><ul><li>Fuzzing </li></ul><ul><li>Vulnerability and Pen-Testing </li></ul><ul><li>Dog fooding </li></ul>
  19. 19. Documentation/User Guides <ul><li>Enforcing access control & encryption. </li></ul><ul><li>Changing the default configurations, settings and passwords. </li></ul><ul><li>Methods of backup and recovery etc. </li></ul><ul><li>Advisory on best practices, do’s and don’ts. </li></ul><ul><li>Known issues and workarounds. </li></ul>
  20. 20. Deployment & Maintanance <ul><li>Deploy the solutions with feasibly best & secure configuration. </li></ul><ul><li>Follow best practices. </li></ul><ul><li>Apply security updates, patches provided by vendors. </li></ul><ul><li>Conduct security audits for the system </li></ul>
  21. 21. <ul><li>Security is defined by CIA . </li></ul><ul><li>Addressing CIA at each phases of engineering results in Immunity. </li></ul><ul><li>Security must be integr ated in our thoughts , process and operations. </li></ul><ul><li>Immunity comes through ow ne rship of se curity . </li></ul>Conclusion

×