ISYS 0575-01 Information Security Management

profileEva Chan
SecurityArchitecturePrinciples.pdf

Security Architecture Principles ISYS 0575

General Attack Process

Recon

Weaponize

Deliver

Exploit

Control

Execute

AssetAgent

Maintain

Proactive Detection and Mitigation Containment and Incident Response

“Kill Chain”

What is Architecture? Architecture (Latin architectura, from the Greek ἀρχιτέκτων arkhitekton "architect," from ἀρχι- "chief" and τέκτων "builder") is both the process and the product of planning, designing and constructing buildings and other physical structures. Architecture can mean:

Different Things to Different People ● A general term to describe buildings and other physical structures ● The art and science of designing buildings and (some) nonbuilding structures ● The style of design and method of construction of buildings and other physical

structures ● Knowledge of art, science, technology, and humanity ● The practice of the architect, where architecture means offering or rendering

professional services in connection with the design and construction of buildings, or built environments

Traditional Security Architecture Starts With the perimeter

Network-centric

Versus data-centric

If work from home and BYOD didn’t kill the perimeter, Cloud certainly did.

Sherwood Applied Business Security Architecture

Other Architectures Zachman

The Open Group Architecture Framework (TOGAF)

Modern Architectural View

Then Account for the Agile

Defense in Depth

Another Perspective Horizontal defense in depth - Controls are placed in various places in the path of access for an asset

Vertical defense in depth - Control sare placed at different system layers - hardware, OS, application, database

Effective Defense in Depth Planning and understanding of each control types strengths and weaknesses and how controls interact.

What vulnerabilities are addressed by each layer?

How does the layer mitigate the vulnerability?

How do controls interact with or depend on the other controls?

Security Controls

Information Flow Control or Firewalls System or systems that enforce a boundary between one or more networks

General features

● Block access to sites on Internet ● Limit traffic on an organization's public service segment to ports and

addresses ● Prevent users from accessing certain servers or services ● Monitor and record communications between internal and external networks ● Encrypt packets sent between different physical locations (VPN)

Types of Firewall Packet filtering

Application firewall

Stateful inspection

Next generation

And web application firewall

Isolation and Segmentation

Logging and Monitoring What should we log?

● Time of event ● CRUD ● Startup / Shutdown ● Login / Logout (Failures) ● Errors / Violations

Challenges of Logs ● Too much data ● Difficulty searching ● Improper configuration ● Modification of logs (integrity)

SIEM

IDS / IPS Approaches

● Signature ● Statistical ● Neural Network

Don’t forget HIPS/HIDS

Antivirus / Antimalware Approaches

● Signature ● Heuristic ● Nextgen

Security Controls