This document discusses risk analysis and defense models for network security. It begins by outlining the components of risk analysis: asset identification and valuation, threat definition, and likelihood and impact analysis. Common threats include computer theft, exposure of confidential information, financial fraud, and denial of service attacks. Threat vectors describe where threats originate and which assets are exposed. The document then examines three defense models: the lollipop model which focuses on perimeter security, the onion model with multiple layered defenses, and identifying zones of trust within a network with varying levels of security for different areas.

1. Presented By,
T. Janani
II-M.sc(CS&IT)
Nadar Saraswathi College
of Arts and Science, Theni.

2. Risk Analysis and Defense Models
 Threat Definition and Risk Analysis
 Threat Vectors
 Defense Models
 The Lollipop Model of Defense
 The Onion Model of Defense
 Zones of Trust

3. Threat Definition and Risk Analysis
 A risk analysis must be a part of any security effort.
 It should analyze and categorize the things to be
protected and avoided, and it should facilitate the
identification and prioritization of protective
elements.
 Simply put, risk is the probability of an undesired
event(a threat)causing damage to an asset.

4. These are the three components of risk analysis:
• Asset identification and valuation
• Threat definition
• Likelihood and impact analysis
The most basic risk analysis assumes that all threats are
equally likely and takes the form of a simply definition of the
assets to be protected.
• Computer and peripheral equipment
• Physical premises
• Power,water,environmental control
• Communications utilities
• Computer programs
• Privacy of personal information
• Health and safety of people

5.  A more advanced risk analysis places a value on each
identified asset and enumerates the threats that could
damage those assets. Some common threats include
• Computer theft
• Confidential information exposed on the Internet
• Financial fraud
• Denial of service
• Corruption of data integrity
 A highly advanced risk analysis attempts to identify
the likelihood o each threat occurring to each asset and
estimates the monetary cost resulting from that even.

6. Threat Vectors:
 A threat vector includes information about a particular
threat—where it may originate and what asset it exposes to risk.
 The type of threat and the means by which it gains entry to the
protected asset constitute a threat vector
 For example, attackers that enter an internal network from the
Internet use three common threat vectors:
• Exploiting allowed services
• Bypassing the firewall
• Hijacking active connection
 Because the Internet connection is used to send and receive
data, all firewalls allow some access into the network from the
outside. These allowed services often include e-mail, DNS, java on
web browsers, and often virtual private
network(VPN)connections.

7. Some threat vectors originate from inside the network.
These provide routes for attackers and programs on the
outside to connect directly to a system on the inside.
• Server programs implanted by unsuspecting
employees(such as girlfriend programs)
• Back door(or tap door) configurations
• Trojan programs
• Viruses

8. Defense Models:
 Every network security implementation is based on some
kind of model, whether clearly stated as such or assumed.
 Every security design includes certain assumptions about
what is trusted and what is not trusted, and who can go
where.
 Starting out with clear definitions of what is fully trusted,
what is partially trusted, and what is not trusted along with an
understanding of .
 what type of defense model is being used can make a
security infrastructure more effective and applicable to the
environment it is meant to protect.

9. The Lollipop Model of Defense:
 Most common model
 Focuses on perimeter security
• Protection is concentrated on keeping the outsider out
 Has many Limitations
• Once attacker penetrated the
outside wall, no other defense measures.
• Does not provide different
levels of security appropriate to the assets.
• It protects everything equally against
everything.
• Does not protect against insider attacks.

10. The Onion Model of Defense:
 Defense is deployed many layers
• Does not rely on one, single layer of defense
 Much harder to predict and penetrate than lollipop model
 Can be achieved in many ways
• Segmenting network
(based on access and need)
• Defining zones of trust
• Protections at various levels
• Network
• System
Personal firewall software,
system access controls, etc.
• Application
Multi-factor authentication,
authorization levels, etc.

11. Zones of Trust:
 A security architecture must identify regions of the
network that have varying levels of rust
 Some computer systems or networks must be trusted
completely– these are where the critical data is stored.
 Some are trusted incompletely – these are where
important data is stored but they are also made available
to untrusted networks.
 Zones of trust are connected with one another, and
business requirements evolve and require
communications between various disparate networks,
systems, and other entities on the networks.

12. Remote users Branch Offices
The Internet
Web servers Mail servers
Internal Network
Fig 1.1: Zones of trust

13. Thank You