Professional Documents
Culture Documents
Information Security
for an Enterprise
Ramesh Shanmuganathan
Senior Vice President / Group CIO
John Keells Group
Natural
Human Threats
Disasters
Malicious Non-
Malicious
Un-patched
Unused Services
Left On Process Web Server
Denial of
Service
Network
Spoofing
Technology Excessive privileges
Poisons No
(Packets, DNS, No Auditing
etc.) Policies
Worms Packet Sniffing
The Internal Threat Is Real
Authentication,
Directory, Federation
Development
tools Policy, Code
for secure code (Identity,
Updates)
Isolation
(Firewall,
Quarantine)
Global Context for NextGen
InfoSec….
Business Is Changing
Yesterday Today
Internal Focus External Focus
Suppliers, customers, and
Access is granted to prospects all need some
employees only form of access
Convergence of technologies
SEC Regs
Sarbanes-Oxley
FISMA
Reduce
Objective React Manage complexity Agility
High, As
Resource Unknown Known, poor Optimized needed
Utilization
Processes Policy-
Ad hoc Defined Mature based
& Automation
Return on Investment
Insurance analogy – security is a necessary evil?
Risk Management =F (Fear, Uncertainty,
Doubt)?
Confidentiality-Integrity-Availability(CIA) vs
Disclosure-Alteration-Distruction (DAD)
The 3 “D”s and 5 steps for NextGen
InfoSec
3 “D”s
Defense
Deterrence
Detection
5 steps
Assets – What is to be protected?
Risks – What are the threats, vulnerabilities?
Protections – How will the assets be protected?
Tools – What will be done to protect them?
Priorities – In what order will the protective
steps be implemented ( multi-layered
methodology) ?
NextGen InfoSec Framework
(Hybrid of ISO 27001 & CoBIT)
Business drivers
B T
U Business / Technology E
IT
S User perspective & C
Perspective & POLICY MANAGEMENT Integration H
I Process management
N
N Management
User Security Systems O
E
Management Management Management L
S
Applications Infrastructure O
S
G
ICT Infrastructure Y
IT/IS Governance will pave the way
for Nextgen
It will result in reduced costs, improved reliability, and
increased responsiveness across the entire IT life cycle
o g y
o l
pr
Good IT governance
tec h
oc e s s
Comprehensive IT policy
Security Framework
eo
p
p le
Continuous Improvement is
inevitable!
Alignment Realignment
& &
Deployment Continuous
Improvements
Corporate IT
policy &
Governance
Management Assurance
& &
Review Risk Mitigation
Layered Security is the way
forward!
Security
Information Security
CORPORATE
CORPORATE
NETWORK
NETWORK
Assessment of IT infrastructure
Vulnerabilities
Web
Server Servers
Router Firewall
Networ
k
Router Firewall
E-Mail
Server Web Browsers
Assessment of Database
Vunerabilities
Microsoft
Oracle SQL Server Sybase
Router Firewall
Databases
Assessment of Operating
Systems Vulnerabilities
Solaris
Windows NT HP-UX
Router Firewall
Networ
k
AIX
Windows 95 & NT
Operating Systems
Assessment of Network
Vulnerabilities
Web
Server Servers
Router Firewall
TCP/IP
Netware
E-Mail
Server
Networks
Layered Defence Schema
APPLICATIONS
DATABASES
OPERATING SYSTEMS
NETWORK SERVICES
Comprehensive Security Framework
Full life-cycle Security Management
Operating Systems
Applications
Databases
Networks
Vulnerability: GetAdmin
Severity: High Risk
IP Address: 215.011.200.255
OS: Windows NT 4.0
Fix: From the Start menu, choose Programs/Administrative
Tools/User Manager. Under Policies/User Rights, check
the users who have admin privileges on that host.
Stronger action may be needed, such as reinstalling the
operating system from CD. Consider this host
compromised, as well as any passwords from any other
users on this host. In addition, Apply the post-SP3
getadmin patch, or SP4 when available. Also refer to
Microsoft Knowledge Base Article Q146965.txt.
Threat Management
EMAIL
ALERT/
LOG
SESSION
ATTACK SESSION TERMINATED
DETECTED LOGGED
RECONFIGURE
FIREWALL/
ROUTER
ATTACK
DETECTED
INTERNAL RECORD
SESSION
Risk Management
Vulnerability
Enterprise SecurityData
Risk Profile
Threat Data
Vulnerabilities
Firewall/Router Logs
Internal Threats
PKI/Authentication Data
External Threats
Time
Defense-in-depth Solutions for
NextGen InfoSec
Defense-in-depth Solution #1:
Blocking Network Attacks
YY oo uu rr FF iirrm
m ?? In te r n e t Filtering Router (NAT)
MSS
P r o v id e r
D D o S D e fe n s e Firewall and AntiVirus
P e rim e te r
/ Spyware Gateways
Secure E-Mail / Anti-
F ilte r in g
F ir e w a ll ID S /IP S R o u te r
O u ts id e
A V / S p y w a re
Spam
S e c u re W e b G a te w a y
F ilte r
In tr a n e t DMZ
D iiss cc o
& M
M iit iig
o vv e rr yy
g a ttiio
on
Discovery and
Mitigation
W o r k s t a t io n s
n
M a il F ilte r
A n ti-V ir u s
A n ti-S p a m
F ile
IDS / IPS
T ra n s fe r
D a ta b a s e
W e b S e rv e r
S e rv e r
F ile S e r v e r
Managed Security
D o m a in
M a il S e r v e r C o n tr o lle r
T e r m in a l
S e rv e r
L a p to p s Services
DDoS Defense Tools
Defense-in-Depth Solution #2:
Blocking Host Attacks
Host IPS
Spyware Removal
Personal Firewalls and Host IPS
File
Transfer
Application Security
Server
File Server
Database
Web Server
Mail Server
Domain
Controller
Terminal
Testing
Server
Laptops
Patch &
Configuration
Configuration
Management
Management
Defense-in-depth solution #4:
Safely Supporting Authorized Users
Customer
Need
Real-life example..
Corporate Network
Restricted Network
Remediation System Health
Servers Servers
Can I have
updates? Ongoing policy
updates to Network
May I have access.
access? Policy Server
Requesting Should this client be
Here ’s my
Here current
’s my new restricted based
health status.
health status. on its health?
According to
You are given policy, the client is Network
Client Network
restricted access notto
up update.
to date. Policy
until fix-up. Access
Quarantine client, Server
Device
request
(DHCP, VPN) Client it to access to full intranet.
is granted
Grant access.
update.
A parting thought……….
Contact: ramesh@keells.com