Need for New Approaches to Infrastructure Security By S K HIREMATH ME MAeSI MIETE Assistant Professor [email protected] CYBER SECURITY 2012 1
Nov 02, 2014
Need for New Approaches to
Infrastructure SecurityBy
S K HIREMATH ME MAeSI MIETE
Assistant [email protected]
CYBER SECURITY 2012 1
International Cyber Crime Top 10 Perpetrators)
2
Top Ten Countries (Cyber Crime Perpetrators)
1. UNITED STATES 66.1%2. UNITED KINGDOM 10.5%3. NIGERIA 7.5%4. CANADA 3.1%5. CHINA 1.6%6. SOUTH AFRICA 0.7%7. GHANA 0.6%8. SPAIN 0.6%9. ITALY 0.5%10. ROMANIA 0.5%
3
STAKEHOLDER AGENCIES 1 National Information Board (NIB) 2 National Crisis Management Committee (NCMC) 3 National Security Council Secretariat (NSCS) 4 Ministry of Home affairs 5 Ministry of Defence 6 Department of Information Technology (DIT) 7 Department of Telecommunications (DoT) 8 National Cyber Response Centre - Indian Computer Emergency
Response Team (CERT-In) 9 National Information Infrastructure Protection Centre (NIIPC) 10
National Disaster Management of Authority (NDMA) 11 Standardisation, Testing and Quality Certification (STQC) Directorate
12 Sectoral CERTs
4
NEED FOR NEW APPROACHES TO INFRASTRUCTURE SECURITY
Global infrastructures Security have become more complex and interconnected, their operation and control has become more complicated.
Area works with several government agencies in the area of cyber security to ensure the integrity and availability of the nation’s cyber infrastructure.
The performance of the nation’s infrastructure is an essential component of the nation’s economic prosperity.
The Infrastructure Security Area seeks to endow the infrastructure with five characteristics: security, reliability, safety, sustainability, and cost effectiveness.
5
ARCHITECTRUAL DESIGN OF INFRASTRUCTURAL SECURITY
Critical Infrastructure Security Systems
Video Content Analysis System
Thermal Monitoring Systems
Access Security Systems
Face Recognition System
Urban Security Systems
Military And Border Security Systems
Traffic Control Systems
Central Integration Management Systems
Building Management Systems
6
CYBER INFRASTRUCTURE
7
INFRASTRUCTURE SECURITY IDENTIFYING AND SECURING
VULNERABILITIES
Enterprise Application Security
Identity and Access Management
Infrastructure Security
Security Strategy and Risk Management
Business Continuity and Disaster Recovery Planning
Data Protection & Privacy Planning
8
Security Architecture
Security Planning
Secure Compliance Roadmaps
Network Vulnerability Assessment
9
10
The Four Phases of Infrastructure Security
Engagement•Business requirements
•Estimate
Assessment•On-site health assessment of Infrastructure & Processes
•Conduct Business Interviews
•Reporting Requirements
•Establish service dependencies
Transition•Establish connectivity
•Roles & responsibilities, processes & procedures
•Phased onboarding approach
•Monitoring/Reporting commences
Steady State •Ongoing Infrastructure Guardian Services
•Monthly Reporting (Alerts, distributions, assets, health)
•SME Advisory Service
11
CORPORATES BOARD
• Compliance to international security best practices and demonstration
• Pro-active actions to deal with and contain malicious activities, and protecting average end users by say of net traffic monitoring, routing and gateway controls
• Keeping pace with changes in security technology and processes to remain current (configuration, patch and vulnerability management)
12
Adequate security of information, resources, and systems that process within a company or organization is a fundamental management responsibility.
Management of an organization/agency must understand the current level of security within their infrastructure, and the risks that the organization may be exposed to in today's fully internet-worked environment.
The best way to mitigate this risk is to perform a security assessment & associated risk assessment at least once every year.
This will allow company management to address new trends in security vulnerability and penetration, and make informed judgments and investments that will appropriately mitigate these risks to an acceptable level.
13
Conform to legal obligations and cooperate with law enforcement activities including prompt actions on alert/advisories issued by CERT-In
• Use of secure product and services and skilled manpower
• Crisis management and emergency response.
• Periodic training and up gradation of skills for personnel engaged in security related activities
• Promote acceptable users’ behaviour in the interest of safe computing both within and outside
14
National Cyber Security Policy
“For secure computing environment and adequate trust & confidence in electronic transactions ”
15
INFRASRUCTURE CYBER SECURITY
Cyber Security consists of sets of techniques, policies, and activities intended to enhance trust and mitigate vulnerabilities inherent in the complex networked devices and services that permeate our lives today
16
“A general rule for cyber security is that it should be implemented ‘top-down’ through direction as well as ‘bottom up’ through technology “
17
MODEL FOR DESCRIBING INFRSTRUCTURE CYBER SECURITY
18
SECURITY AND SAFETY ARCHITECTURE
Sensors and Detectors ( Microwave Systems , Infrared Sensors, Car X-rays, Under Car Inspection Systems, Fence Mounted Sensors )
Physical Equipments (Mushroom Barriers, Road Blockers, Arm Barriers, Turnstile)
Access Controls (Face Recognition Systems, Card Readers , Finger Print Readers, other Biometric Access Controls)
Video Detection Systems (CCTV, VCA applications, Thermal Camera, Plate Recognition)
Data Communication Systems
Management Systems (Fire Detection, Call Management, Alarm Management)
19
INFRASTRUCTURE SECURITY
Network Infrastructure includes networks, network devices, servers, workstations, and other devices.
The software running on these devices are also the part of Network Infrastructure.
To make sure your network is secure, you should make sure every time a configuration is changed or new device is added, you are not creating a hole in your security.
A normal network comprise of routers, firewalls, switches, servers and workstations. A typical layout of network infrastructure devices is shown
20
Master the tools & techniques for effective information & network security.
Discover how to create a complete & sustainable IT security architecture.
Gain knowledge on how to develop sound security policy together with your
security architecture.
IT governance assessment using CoBIT 4.0( Control Objectives for Information
and Related Technology )
Smart security risk assessment within your organization.
Gain valuable insights on implementing a proactive & robust security management
system.
Detect & prevent information security breaches due to inadequate IT security
awareness within the organization.
21
INFRASTRUCTURE SECURITY
Network LevelHost LevelApplication Level
22
Application Security: Managing business and information risk through solutions for packaged SAP and Oracle ERP, and custom application security. Infrastructure Security: Providing visibility of information risks and defending enterprise assets through platform security technologies. Information Risk, Privacy & Strategy: Managing information risk through security strategy, governance, risk and compliance management. Security Outsourcing & Operations: Enabling application, infrastructure and business risk management through flexible managed services options.
23
ARCHITECTURE DESIGN OF
INFRASTRUCTURE SECURITY24
Evolution of Architectures
Utilization
Security
Individual Servers
10 to 20 %
Highest
Data Center
s
10 to 20 %
High
Virtualization
(1 app / server)
15 to 25%
Virtualization
(N apps / server)
40 to 45 %
Cloud
60 + %
Lowest
25
Infrastructure Security covering Data, Identity, Cloud, Threat, Network, Mobile, End User Computing, Virtualization and Cyber Security
26
PORTAL SECURITY ARCHITECTURE
27
CAMPUS DESIGN28
29
30
31
32
33
CASE STUDY: AMAZON'S EC2 INFRASTRUCTURE
Exploring Information Leakage in Third-Party Compute Clouds”
Multiple VMs of different organizations with virtual boundaries separating each VM can run within one physical server
"virtual machines" still have internet protocol, or IP, addresses, visible to anyone within the cloud.
VMs located on the same physical server tend to have IP addresses that are close to each other and are assigned at the same time
An attacker can set up lots of his own virtual machines, look at their IP addresses, and figure out which one shares the same physical resources as an intended target
Once the malicious virtual machine is placed on the same server as its target, it is possible to carefully monitor how access to resources fluctuates and thereby potentially glean sensitive information about the victim
34
Towards cyber operations - The new role of academic cyber security research and education
The cohesive cyber defense requires universities to optimize their campus wide resources to fuse knowledge, intellectual capacity, and practical skills in an unprecedented way in cyber security.
The future will require cyber defense research teams to address not only computer science, electrical engineering, software and hardware security, but also political theory, institutional theory, behavioral science, deterrence theory, ethics, international law, international relations, and additional social sciences.
Academic research centers, evaluating the collective group of research centers' ability to adapt to the shift towards cyber operations, and the challenges therein.
35
Towards cyber operations - The new role of academic cyber security research and education
The shift towards cyber operations represents a shift not only for the defense establishments worldwide but also cyber security research and education.
Traditionally cyber security research and education has been founded on information assurance, expressed in underlying subfields such as forensics, network security, and penetration testing.
Cyber security research and education is connected to the security agencies and defense through funding, mutual interest in the outcome of the research, and the potential job market for graduates.
The future of cyber security is both defensive information assurance measures and active defense driven information operations that jointly and coordinately are launched, in the pursuit of a cohesive and decisive execution of the national cyber defense strategy.
36
ONLINE ASSESSMENT FOR HANDS-ON CYBER SECURITY TRAINING IN A VIRTUAL LAB
Online (self) assessment is an important functionality e-learning courseware, especially if the system is intended for use in distant learning courses.
Precisely for hands-on exercises, the implementation of effective and cheating-proof assessment tests poses a great challenge.
That is because of the static characteristics of exercise scenarios in the laboratories: adopting the environment for the provision of a “unique” hands-on experience for every student in a manual manner is connected with enormous maintenance efforts and thus not scalable to a large number of students.
This work presents a software solution for the assessment of practical exercises in an online lab based on virtual machine technology.
The basic idea is to formally parameterize the exercise scenarios and implement a toolkit for the dynamic reconfiguration of virtual machines in order to adopt the defined parameters for the training environment.
The actual values of these parameters come to use again in the dynamic generation of multiple-choice or free-text answer tests for a web-based e-assessment environment.
37
COMPUTATIONAL INTELLIGENCE IN CYBER SECURITY
Fuzzy Logic
Evolutionary Computation,
Intelligent Agent Systems
Neural Networks
Artificial Immune Systems and other similar computational models.
A Survey of Security Challenges in Cognitive Radio Networks: Solutions and Future Research Directions
38
Security evaluation of data exchange path in infrastructure networks ( This method is based on Floyd-Warshall shortest path algorithm in MATLAB)
Improving Network Infrastructure Security
using Geospatial Technology.
A survey of information-centric networking
Aviation communication infrastructure security
39
Aircraft systems cyber security
Aircraft manufacturers, avionics / electronics vendors, and owners / operators are implementing technologies (e.g. packet switching devices, wireless interfaces) that are easier to implement, reduce cost /size /weight /power, and increase connectivity but could potentially introduce cyber security vulnerabilities that affect aircraft safety.
40
LIFECYCLE INFRASTRUCTURE SECURITY SERVICES
41
Conclusions/Recommendations
Efforts to promote cyber security in Academics
as a Capacity Building Support International Cooperation cyber
security community Cyber Security forums announced in
December 2011 that that "there’s no such thing as ‘secure’ any more...”
Cyber security community has settled on Continuous Monitoring (CM)
42
NEED FOR AN INTERNATIONAL CONVENTION ON CYBERSPACE
THE FUTURE OF CYBER SECURITY IS IN THE HANDS OF CORPORATE BOARDS
WHY CURRENT SECURITY PARADIGMS ARE LIKELY TO FAIL - THE FUTURE OF CYBER SECURITY
* SECURITY DATA VISUALIZATION
* ONLINE PRIVACY
* SECURE AND USABLE INTERFACE DESIGN
* CYBER WARFARE
43
Promoting a comprehensive national program
Fostering adequate training and education programs to support the Nation’s information security needs (Ex School, college and post graduate programs on IT security)
Increase in the efficiency of existing information security training programs and devise domain specific training programs (ex: Law Enforcement, Judiciary, E-Governance etc)
Promoting private-sector support for well-coordinated, widely recognized professional information security certifications
44
SURVEY ON DEMAND AND SUPPLY CHAIN
• Chief information security officer (CISO) • System operations and maintenance personnel • Network security specialists • Digital forensics and incident response analysis • Implementation of information security and auditing • Vulnerability analyst • Information security systems and software development • Acquisition of technology • Techno-legal • Law enforcement
45
The Thrust areas of R&D include: • Cryptography and cryptanalysis research and related aspects • Network Security – including wireless & Radio (WiFi. WiMax, 3G, GPRS) • System Security including Biometrics • Security architecture • Monitoring and Surveillance • Vulnerability Remediation & Assurance • Cyber Forensics • Malware Analysis Tools • Scalable trust worth systems and networks • Identity Management Situational understanding and Attack attribution • Survivability of critical systems and networks.
46
E-GOV 47
ANY QUESTIONS PLEASE ?
“Management Invests in the IT Infrastructure system; But IT Leadership work on development of Secure
Technology of IT Infrastructure system .”
48
THANK YOU!!!
CONTACT [email protected] No: 9765069841
The Infrastructure Security develops and applies technologies and analytical approaches to secure the nation’s infrastructure against natural or malicious disruption and we seek our vision towards independent and secure future of our Country.
49