Upload
jon-sundrah
View
215
Download
0
Embed Size (px)
DESCRIPTION
discusses raid architecture
Citation preview
Network Architecture
Design principles, physical configuration, functional organization, operational procedures, and data formats for design, construction, and operation of a network.
Security
The condition achieved when designated systems and information are protected from espionage, sabotage, subversion, and terrorism, as well as against loss or unauthorized use and/or disclosure.
The measures necessary to achieve this condition.
Sosecurity architecture is the intersection of these definitions. Section 15: Security Architecture
Security Architecture - An Unprotected Network
Internal Network
Internet
RemoteOffice
RemoteOffice
Leased Line
Dial-UpService
Remote Control
Voice Trunks
1-800 Service
ISDN, DSL orCable Modem
DSL or Cable Modem
Home User
ISP
Web & ftpServices
Physical Media(e.g., cd or floppy)
Router
Physical Path
WirelessNetwork
The only interface to the Internet is a simple router.
All IP addresses and services on the internal network are exposed to the the Internet.
The network topology and services are easily mapped with any of the mapping tools readily available at both the IP (address mapping) and TCP (port mapping) layers.
There is no intrusion detection.
This is a common architecture through the late 1990s, is now beginning to change.
What then are the principles that should guide this change? Security Architecture - An Unprotected Network
Security Architecture high level principles
Principle - A consistent access architecture across all domainsWireless WiredHome or Small OfficeVPN + SecurID, Optional wireless LAN in home, 56k/DSL/ISDN/wireless to homeCampusVPN + SecurID, wireless LANTravelDial-in modem or VPN + SecurID/LANSTAFF MOBILITY
1. Control external visibility of the network. Make only those resources visible that are necessary to conduct business.
2. Control access to all systems on the network (e.g., routers, switches, servers, and workstations).
3. Control transmission across all security boundaries, internal and external.
4. Monitor, detect, and act on all suspicious behavior within the network and at it boundaries.
All of this begins by clearly and completely understanding the network topology of the security domain that needs to be protected. Security Architecture - Core Principles Protected network
1. Expose only that part of the DNS name/address space appropriate for external view (addresses that must be externally resolved).
2. Eliminate all unnecessary external services enabling only those required to interact with external users.
3. Locate publicly accessible resources on a network that does not expose the internal network - has no visibility of the internal network and cannot be used as an entry point to the internal network.
For example, anonymous ftp and public web servers go here, with no ability for the ftp server to establish a 2-way connection with an internal device - all connections should be one-way, in-to-out (push). Security Architecture - Control External Visibility
Security Architecture - Control User Access to Systems
IP source routing is prohibited. Limits a users ability to specify routeswhich could be hazardous.
2. Each internal system should require positive authentication before auser is granted access - only exception is anonymous access.
Passwords, 2-factor, or biometric authentication
3. Remote access services should impose security restrictions equivalent to those imposed on internal users.
4. Access authorizations should be based on need-to-know.
Security Architecture - Boundary Control
The entire network boundary needs to be identified and controlled.
Internet Wireless networksRemote officesDial-up access and ISDNAlways-on access (dsl, cable modems)Carry-in access (media like CDs, floppies, zip cartridges)
Any external network attached behind the firewall (e.g., remote office) must comply with the same security policy as the internal network since that traffic does not go through the boundary control device (i.e., no unsecured back doors).
Security Architecture Internet AccessInternet access is typically controlled by a filtering devicefiltering routerstateful inspection firewallproxy firewall These devices operate in accordance with a set of security policy rules that are enforced by the router or firewall. Traffic crossing the boundary is allowed or denied in accordance with the rules.Most of these devices can implement automatic alerts to notify a system administrator when an adverse event occurs in many cases these alerts are turned off or ignored because of large event volume. Logs are enabled on these devices and should be read regularly.
Wireless networks represent a rapidly emerging set of technologies that will be widely deployed in the future. These networks bring with them a new set of vulnerabilities and security issues.
Three classes of networks are being developed:
Wide Area Networks (worldwide in extent)Local Area networks (restricted to a campus/building setting)Personal Area Networks (restricted to an office/person setting)
Wide area and local area networks are similar in extent and services to their wired counterparts.
The personal area network does not have a wired counterpart. Security Architecture Wireless Networks
Security Architecture - Monitor, Detect, and Act
1. Logs should be turned on and reviewed.
2. Intrusion detection should be implemented (network and/or host).
3. Vulnerability scanning should be implemented.
4. Virus scanning at the firewall, mail server, and desktop should beimplemented.
5. An incident response procedure should be implemented.
Security Architecture - A Protected Network
Internal Network
Internet
RemoteOffice
RemoteOffice
Leased Line
Voice Trunks
1-800 Service
DSL or Cable Modem
Home User
ISP
Public Services
Firewall
Physical Media(e.g., cd or floppy)
Router
Remote AccessService
ISDN Dial-up
WirelessNetwork
The public network attached to the firewall is often called the DMZ.
It is a public area, its addresses are externally advertised, users can access servers here (e.g., web, ftp, external DNS) without authentication.
Consequently, these machines are 100% likely to be attacked. So
Keep them patched, scan them often, read logs daily.Do not allow them to see any traffic flowing throughthe firewall - user a separate Ethernet interface.Make their files read-only, remove other servicesDo not allow them access to the internal networkAdministrative access should be console only - not remote Security Architecture - The Demilitarized Zone (DMZ)
Security Architecture - With Intrusion Detection
Internal Network
Internet
RemoteOffice
RemoteOffice
Leased Line
Voice Trunks
1-800 Service
DSL or Cable Modem
Home User
ISP
Public Services
Firewall
Physical Media(e.g., cd or floppy)
Net Switch
Remote AccessService
ISDN Dial-up
Router
IntrusionDetection
Add a network switch with port mirroring (interface for the ID system to capture and observe all traffic).
ID device is connected to an interface on a mirrored port.
ID device has large storage capacity and signature capability.
Could be put behind the network router, but if router filtering is used, the ID device would not see all the traffic. Position depends on the extent of the traffic the device needs to see.
Could also be put on the internal network for internal ID (insider).
Most systems support multiple probes that can observe traffic at multiple locations. Each probe contains a unique signature capability. Security Architecture - Intrusion Detection
Have treated the internal network as a homogeneous security domain (i.e., same level of security everywhere). This means all segments must be equally secure - not always desirable (cost, ease of use).
Consider the concept of an enclave, where an enclave is a network or sub-net that has a consistent set of security requirements.
There may be multiple enclaves within an enterprise network. (e.g., a student enclave with relatively low security requirements and an administrative enclave with more restrictions - often done today by having a single network enclave and locking down certain hosts (e.g., ones containing student grades).
In a large environment, this becomes very difficult.
Security Architecture - Internal Network
Consider a network with four enclaves:
1. A public space (web, anonymous ftp) - open to anyone over the Internet.
2. A user facility that provides computing cycles to the international research community at large - must be capable of supporting remoteand local access to researchers from all over the world.
3. The general Intranet for employees - provides in-house web, mail, and other network service - needs to support employees, but restrict access to outsiders (web may contain IP, product design, etc.).
4. A business computing environment containing the organizations official books (profit, loss, project, cost data) as well as the Human Resources system (payroll, salaries, etc.) - only accessible to a limited set of internal staff members.Security Architecture - Internal Network
Security Architecture - Internal NetworkNOYES
Internal Network
Firewall
Router
Public Enclave
BusinessEnclave
IntranetEnclave
User Facility Enclave
The firewall is actually multiple firewalls, or may be a single firewall for the entire network with additional firewalls or filtering routers between internal enclaves.
An internal enclave might be an entire sub-net or a single system depending on the number of systems being protected.
The point is, staff are not free to move around everywhere, but must pass through a protection zone (e.g., a firewall) before movingbetween internal enclaves.
The motivation here is that each enclave has different protection requirements.Security Architecture - Internal Network