Security Countermeasures

In security architecture, many countermeasures are needed to make an environment more secure. In this section, we discuss several concepts that will help a designer be able to design a more secure environment. A security specialist can also use these principles to help recognize and distinguish secure environments from those that are less so.

Defense in depth

Defense in depth is a security architecture concept that describes a strategy for resisting attacks. A system that employs a defense in depth will have two or more layers of protective controls that are designed to protect the system or data stored there.

An example defense-in-depth architecture would consist of a database protected by several components:

check.png Screening router

check.png Firewall

check.png Intrusion prevention system

check.png Hardened operating system

check.png OS-based network access filtering

All the layers listed here help to protect the database. In fact, each one of them by itself offers nearly complete protection. But when considered together, all these controls offer a varied (in effect, deeper) defense, hence the term defense in depth.

instantanswer.eps Defense in depth refers to the use of multiple layers of protection.

System hardening

Most types of information systems, including computer operating systems, have several general-purpose features that make it easy to set up the systems. But systems that are exposed to the Internet should be “hardened,” or configured according to the following concepts:

check.png Remove all unnecessary components

check.png Remove all unnecessary accounts

check.png Close all unnecessary network listening ports

check.png Change all default passwords to complex, difficult to guess passwords

check.png All necessary programs should run at the lowest possible privilege

check.png Security patches should be installed as soon as they are available

The Center for Internet Security has an especially nice collection of system hardening standards. You can find these at www.cisecurity.org.

Heterogeneous environment

Rather than containing systems or components of a single type, a heterogeneous environment contains a variety of different types of systems. Contrast an environment that consists only of Windows 2008 servers and the latest SQL Server and IIS Server, to a more complex environment that contains Windows, Linux, and Solaris servers with Microsoft SQL Server, MySQL, and Oracle databases.

The advantage of a heterogeneous environment is its variety of systems; for one thing, the various types of systems probably won’t possess common vulnerabilities, which makes them harder to attack.

The weakness of a homogeneous environment (one where all of the systems are the same) is its uniformity. If a weakness in one of the systems is discovered, all systems may have the weakness. If one of the systems is attacked and compromised, all may be attacked and compromised.

You can liken homogeneity to a herd of animals; if they are genetically identical, then they may all be susceptible to a disease that could wipe out the entire herd. If they are genetically diverse, then perhaps some will be able to survive the disease.

System resilience

The resilience of a system is a measure of its ability to keep running, even under less-than-ideal conditions.

Resilience can mean a lot of different things. Here are some examples.

check.png Filter malicious input. System can recognize and reject input that may be an attack. Examples of suspicious input include what you get typically in an injection attack, buffer-overflow attack, or Denial of Service attack.

check.png Redundant components. System contains redundant components that permit the system to continue running even when hardware failures or malfunctions occur. Examples of redundant components include multiple power supplies, multiple network interfaces, redundant storage techniques such as RAID, and redundant server architecture techniques such as clustering.

System resilience is described in more detail in Chapter 10.

check.png Maintenance hooks: Hidden, undocumented features in software programs that are intended to inappropriately expose data or functions for illicit use. We discuss this topic in Chapter 7.

check.png Security countermeasures: Knowing that systems are subject to frequent or constant attack, systems architects need to include several security countermeasures in order to minimize system vulnerability. Such countermeasures include

• Revealing as little information about the system as possible. For example, don’t permit the system to ever display the version of operating system, database, or application software that’s running.

• Limiting access to only those persons who must use the system in order to fulfill needed organizational functions.

• Disabling unnecessary services in order to reduce the number of attack targets.

• Using strong authentication in order to make it as difficult as possible for outsiders to access the system.

TEMPEST in a teapot?

The U.S. military conducted a series of experiments to determine whether emanations from computer equipment would reveal activities taking place. These experiments were controlled through a project named TEMPEST. Standards have been developed in the U.S. and other NATO countries that provide three levels of protection, depending upon the distance between a potential attacker and a target system. The Level I standard is for systems with only 1 meter of safe distance; Level II is for systems with 20 meters; Level III is for systems with 100 meters of safe distance between systems and potential attackers. Systems can be certified to these standards in the U.S. and other NATO countries.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.211.166