Professional Documents
Culture Documents
ALHAD G APTE
BARC
PRESENTATION OUTLINE
• ISO Standards
Vulnerability:
y
An exploitable capability or weakness that could
result in a successful attack causing damage to the
asset
asset.
Threat:
An event which could have an undesirable impact
on an asset.
Risk:
The potential that a given threat will exploit
vulnerabilities and cause harm to the asset
asset.
Packet Spoofing/
Sniffing
Backdoors
er Knowle
Atttack Sop
Intrude
Password Cracking
Viruses
Value
Owners
O es Wish to minimise
Impose
To reduce
Countermeasures That may
That may posses
be reduced by
Vulnerabilities
May be aware of
L di to
Leading t
That
Attacker exploit Risk
PDCA ACT
DO
Model
CHECK
Secure network
and application setup
Monitoring
o to g anda d
S
Security
it Audit
A dit
knowledge update
Where
What
How
• ISO Standards
Firewall:
A set of security measures, located at a network
gateway,
to prevent unauthorized electronic access
to a networked computer system.
It is configured
to permit,
permit deny
deny, encrypt
encrypt, decrypt
decrypt, or proxy
all computer traffic
between different security domains
based upon a set of rules and other criteria.
DMZ
Firewall
Email
WWW DNS
GW
Extranet Servers
Firewall
E il
Email IIntranet
t t
Firewall
server servers
Intranet
Server Segment Intranet
Client Segment
• Server hardening
• Access Control
• Client Security
• Network Security
• Communication Security
• Storage Security
SACET09 October 28, 2009
Technological Solutions
Encryption
Symmetric Encryption
Client Security
Secure Network Access System
PRESENTATION OUTLINE
• ISO Standards
Data flow
CLASSIFIED
INTRANET Access
ASSETS
SERVERS
External Cyber-attacks
Denail of Service attacks
Security of client PCs:
Attacks through viruses/ malware
Possible network bridging by users
PC sharing over network
Official Data on PC used for Internet
Conformance to Security Guidelines of MHA
Limited services on separate networks
Balancing
security extreme views
I want tight security.
I want all services freely.
I don’t bother
Security is your responsibility.
what users get.
Classified/sensitive information
kept physically isolated
Defense-in-depth
p philosophy
p p y
DMZ-I-1 DMZ-A-1
DMZ I 2
DMZ-I-2
Secure INTRANET
Internet Server Controlled USER
Segment services* SEGMENT
Fire-wall Level 3 ( S
(USER PCs)
C )
Firewall Level 3
Secure
INTERNET Intranet
USER Services
SEGMENT
(USER PCs)
PRESENTATION OUTLINE
• ISO Standards
Controls
• Policy Versions and approvals
• Security Management Set-up
• Classification of Information Assets
• Network Security and Access Control
• Digital Media Security
• Information Exchange e.g.
e g email
• User Awareness and responsibilities
• Third Party Access/ Outsourcing
• Personnel Security
• Physical and Environmental Security
• Business Continuity y
• Policy Conformance/ Auditing
SACET09 October 28, 2009
PRESENTATION OUTLINE
• ISO Standards
1. Secu
Security
ty iss one
o e of
o the
t e most
ost important
po ta t issue
ssue in Grid
G d Environment.
o e t
¾ Privacy
¾ Integrity
¾ Authentication (& Authorization)
2 .Overcome the security challenges posed by grid applications through
th Grid
the G id S
Security
it IInfrastructure
f t t ( GSI).
(or GSI) It uses public
bli kkey
cryptography (asymmetric cryptography as the basis for its
functionality.
• The need for secure communication (authenticated and perhaps
confidential) between elements of a computational Grid.
• The need to support security across organizational boundaries
boundaries, thus
prohibiting a centrally-managed security system.
• The need to support "single sign-on" for users of the Grid, including
delegation of credentials for comp
computations
tations that in
involve
ol e m
multiple
ltiple
resources and/or sites.
SACET09 October 28, 2009
Proxy
Physical
Domain
Credentials 1
Virtual
Organisation
User Physical
Domain
2
Motivation:
Firewall SNAS
authorization Servers
Users with
SNAS Monitoring
Web Client
Network devices
INTRANET
S
Secure Network
N t kAAccess S
System
t (SNAS)
developed by BARC
User B User C
User A
Distribution Key
User A wants to communicant with User B
Encrypt with Decrypt with
PR(A) & PR(B) & PB(A)
PB(B)
send
User A User B
Name: A. G. Tole
##$$$%%%&
Emp.Id: 3385
!!!^^$$##
Email:tole@barc.gov.in
Private Key
Signature
Name: A. G. Tole
##$$$%%%& Emp Id: 3385
Emp.Id:
!!!^^$$##
Email:tole@barc.gov.in
Public Key
y
##$$
Name:A.G.Tole %%
Email:tole@bar %%
$$##
.:
Emp.No 335
Hash
H h function
f i M
Message digest
di P i
Private key
k Digital
( mix ) signature
##$$
N
Name:A.G.Tole
AGT l
%%
Email:tole@bar %%
$$##
.:
Emp.No 335
Get Message M
T: S(N) [ M + R ] Encrypt
E message and
d encrypted
d Digest
Di with
i h session
i key.
k
Transmit P & T
S M MD
Certificates Grid
Its all about trust - Having a certificate to prove to everyone else that
your public key is really, truly, honestly yours allows us to conquer
the third pillar of a secure conversation: authentication.