ISYS 0575-01 Information Security Management
Security Architecture Principles ISYS 0575
General Attack Process
Recon
Weaponize
Deliver
Exploit
Control
Execute
AssetAgent
Maintain
Proactive Detection and Mitigation Containment and Incident Response
“Kill Chain”
What is Architecture? Architecture (Latin architectura, from the Greek ἀρχιτέκτων arkhitekton "architect," from ἀρχι- "chief" and τέκτων "builder") is both the process and the product of planning, designing and constructing buildings and other physical structures. Architecture can mean:
Different Things to Different People ● A general term to describe buildings and other physical structures ● The art and science of designing buildings and (some) nonbuilding structures ● The style of design and method of construction of buildings and other physical
structures ● Knowledge of art, science, technology, and humanity ● The practice of the architect, where architecture means offering or rendering
professional services in connection with the design and construction of buildings, or built environments
Traditional Security Architecture Starts With the perimeter
Network-centric
Versus data-centric
If work from home and BYOD didn’t kill the perimeter, Cloud certainly did.
Sherwood Applied Business Security Architecture
Other Architectures Zachman
The Open Group Architecture Framework (TOGAF)
Modern Architectural View
Then Account for the Agile
Defense in Depth
Another Perspective Horizontal defense in depth - Controls are placed in various places in the path of access for an asset
Vertical defense in depth - Control sare placed at different system layers - hardware, OS, application, database
Effective Defense in Depth Planning and understanding of each control types strengths and weaknesses and how controls interact.
What vulnerabilities are addressed by each layer?
How does the layer mitigate the vulnerability?
How do controls interact with or depend on the other controls?
Security Controls
Information Flow Control or Firewalls System or systems that enforce a boundary between one or more networks
General features
● Block access to sites on Internet ● Limit traffic on an organization's public service segment to ports and
addresses ● Prevent users from accessing certain servers or services ● Monitor and record communications between internal and external networks ● Encrypt packets sent between different physical locations (VPN)
Types of Firewall Packet filtering
Application firewall
Stateful inspection
Next generation
And web application firewall
Isolation and Segmentation
Logging and Monitoring What should we log?
● Time of event ● CRUD ● Startup / Shutdown ● Login / Logout (Failures) ● Errors / Violations
Challenges of Logs ● Too much data ● Difficulty searching ● Improper configuration ● Modification of logs (integrity)
SIEM
IDS / IPS Approaches
● Signature ● Statistical ● Neural Network
Don’t forget HIPS/HIDS
Antivirus / Antimalware Approaches
● Signature ● Heuristic ● Nextgen
Security Controls