Security Measures in a Secure Computer Communications Architecture

1
Security Measures in a Secure Computer
Communications Architecture

• Presented by Louis J. Bottino
  
• Federal Aviation
  Administration
• William J. Hughes Technical
  Center
• October 18, 2006

2
Security Measures in a Secure Computer
Communications Architecture

• ? The Concept of Computer Communications
  
• Security
• ? Engineering Security in a Network
  Architecture
• ? Designing a Secure Computer Communications
  Architecture
• ? Economies of Beneficial Necessity
• ? Conclusions
• ? Acknowledgements

3
Security Measures in a Secure Computer
Communications Architecture

• ? The Concept of Computer Communications
  
• Security
• - The Insecure Computer Network
  Environment
• - Business, Medical and Industrial
  Applications
• For a Secure Computer
  Architecture
• - Government Interest and
  Applications For a
• Secure Computer Architecture

4
Security Measures in a Secure Computer
Communications Architecture

• The Concept of Computer Communications Security
• Security Concerns In Computer
  Communications And Software Applications Are
  A Relatively Recent Phenomena
• (1) Corporations, Industry, Financial
  Institutions and the Government
  
• Have Recognized the Risk and
  Responsibility of Using Computer
• Technology
• (2) Industry Has Always Known the
  Potential For Industrial
• Espionage is Real
• (3) Financial Institutions Listed On
  the Stock Market Have Sought
• To Protect Trading And Exchange
  Information
• (4) The Medical And Insurance
  Professions Are Acutely Aware of a
• Patients Right to Privacy

5
Security Measures in a Secure Computer
Communications Architecture

• The Concept of Computer Communications Security
• The Importance Of Security Awareness
  And Computer Security Awareness Has Increased
  Exponentially Since The Events Of September
  11, 2001
• (1) Law Enforcement As It Relates To
  Computer Security Has
• Changed the Perception of Privacy
• (2) Identifying Computer Network
  Attackers is Now a Priority By
• Large Companies and Government
  Entities
• (3) The Search For Terrorist Intentions
  Has Caused Some
• Compromises In the Privacy Areas
  of Ordinary Law-Abiding
• Citizens
• (4) New Computer Security Measures in
  Effect Have Been Adopted
• To Prevent the Pirating of
  Confidential Information and Threats
  
• Due To Terrorist Intentions

6
Security Measures in a Secure Computer
Communications Architecture

• The Insecure Computer Network Environment
• The World Is An Entirely Untrustworthy And
  Insecure Computer Network Environment
• (1) Different Security Appliances Have
  Been Developed To Protect The Corporate
  Enterprise From Various Methods of Attack
  
• (a) Firewall Architecture
  Installation
• (b) Intrusion Detection Systems
• (c) Intrusion Prevention Systems
• (d) Virtual Private Networks
• (2) Internet-Based Applications Have
  Grown More Complex And The
• Potential For Attacks Has Greatly
  Increased
• (3) Resiliency Of Computer Networks
  Against Sophisticated Attacks
• Models Has Become Necessary In a
  Paperless Society

7
Security Measures in a Secure Computer
Communications Architecture

• The Insecure Computer Network Environment
• The Computer Security Institute And The
  Federal Bureau Of Investigation (FBI) Has
  Reported Most Attacks Originate From The
  Internal Network
• (1) Some Potential Sources Of These
  Attacks Include
• (a) Disgruntled Employees (d)
  Malfunctioning Test Software
• (b) Corporate Spies
  (e) Hosts That Have Been Infected
• (c) Visiting Guests
  (f ) Inadvertent Users
• (2) The MITRE Corporation With A Few
  Computer Societal Groups
  
  And Industrial Stakeholders Have Compiled A
  Reference Library Of Common Vulnerabilities
  And Exposures
• (3) The National Security Agency (NSA)
  And The Computer Emergency Response
  Team (CERT) Have Also Contributed To This
  List And Have Their Own
• (4) There Are Specific Guidelines Which
  Define A Vulnerability And An Exposure
  In A Computing System

8
Security Measures in a Secure Computer
Communications Architecture

• The Insecure Computer Network Environment
• The Security Of A Computer Network Is
  Defined In Terms Of Trusting The Accuracy
  And Confidentiality Of The Data Received And
  Transmitted From The System
• (1) Four Basic Threats To A Good
  Security Policy Are
  (a) Masquerade (c)
  Modification
• (b) Interception
  (d) Denial of Service
• (2) Four Parameters Essential To A
  Good Security Policy Are
• (a') Authentication
  (c') Integrity
• (b') Confidentiality
  (d') Availability
• (3) Cryptography Incorporates
  Encryption And Decryption Data
• (a) Symmetric Encryption Uses
  The Same Key
• (b) Asymmetric Encryption Uses
  Different Keys
• (c) Hashing Functions Insure
  Integrity, Cannot Be Reversed
• (d) Digital Signatures Verify
  Originator Using X.509 Certificates (e)
  40-Bit , 56-Bit And 128-Bit Encryption For
  Sensitive Data

9
Security Measures in a Secure Computer
Communications Architecture

• The Insecure Computer Network Environment
• Different Types Of Attacks Can Penetrate
  A Computer Or Network
• (1) Large E-Mails Or Uploading Large
  Files With The File Transfer Protocol (FTP)
  Can Cause Data Flooding
• (2) Malware - Software That Possesses
  Evil Intentions Can Surface As (a) Virus
  (c) Worm
• (b) Trojan Horse (d)
  Hostile Macro
• (3) Network Or External Intrusion
  Attacks Fall Into Three Categories
• (a) Disruption Of IP Services
• (b) Resource Bombardment
• (c) Specific Protocol Attacks
• (4) There Are Security Protocols Such
  As
• (i) The Routing Information
  Protocol (RIP) Version 1
• (ii) Open Shortest Path First
  
  
• (iii) Interior Gateway Routing
  Protocol (IGRP)
• These Protocols Update Security
  Status In The Computer Environment

10
Security Measures in a Secure Computer
Communications Architecture

• Business, Medical and Industrial Applications
  For a Secure Computer Architecture
• Business, Medical And Industrial
  Communities Have Benefited With Computer
  Technology, But Using This Technology Has
  Opened The Door To Potential Threats
• (1) These Computer Threats Include
• (a) Denial-of-Service (c) Misuse
  of Data
• (b) Spam (d)
  Challenges From Regulatory Pressure
• (2) In The Security Business Industry
  
  (a) Software
  Has Evolved
• (b) Technology Has Advanced
• (c) Mergers Have Strengthened The
  Security Market
• (3) Some Business Activities Include
  
  (a) Computer Associates
  Introduced Program eTrust that addresses
  encryption, user authentication
  and access control
• (b) Aether Systems Uses Introduced
  Software Tools
• (c) Checkpoint Software Technologies
  Has Released New Management
• Appliances
  

11
Security Measures in a Secure Computer
Communications Architecture

• Government Interest And Applications For A
  Secure Computer
• 
  Architecture
  
• Government Agencies At All Levels Have
  Constantly Searched To Improve Computer
  Security Mechanisms Already In Place
• (1) Each Branch Of The Federal Government
  Has Identified Areas Where The
  Compromise Of Information Could Lead To
  Damaging Consequences. Some Of These Areas
  Include
  (i) Homeland Security (iv)
  Environment
• (ii) Miltary-Related Concerns (v)
  Social Security
• (iii) Foreign Affairs
  (vi) All Aspects Of Air, Surface
  Transportation
• (2) International Engineering Organizations
  And Technical Groups Collaborated And Agreed
  To Establish Standards Regarding Secure
  Computer Communications
• (i) DoD (ii) NSA (iii) ICAO
  Working Groups
• (3) The ISO Document 7498-2 Defines The
  Basic Terms Used In Aeronautical
  Telecommunications Network (ATN) Security

12
Security Measures in a Secure Computer
Communications Architecture

• Government Interest And Applications For A
  Secure Computer
• 
  Architecture
  
• Recent Federal Government Guidelines Have
  Been Introduced Such As (a) The Health
  Insurance Portability And Accountability Act
  (HIPAA)
• - to Secure Privacy For Patient
  Records
• (b) The Gramm-Leach-Bailey (GLB) Act
• - to Enable Security For Financial
  Institutions
• (c) Office Of Homeland Securitys Security
  Cyberspace Initiative
• - aimed at Mechanisms to Safeguard
  Personal Data And Information
• (1) New Security Aspects To Airborne And
  FAA Ground-Based Systems
• With Directives For A SCAP For
  Each New Program
• (2) The Government In The Workplace Has
  Recognized The Need For
• Secure Computer Architecture
• (3) Computer Surveillance In The Workplace
  While For The Common
• Can Be Detected Given Some
  Experience With Security Appliances

13
Security Measures in a Secure Computer
Communications Architecture

• ? Engineering Security in a Network
  Architecture
• - The Preparations and Management
  of a
• Protected Environment
• - Considerations and Implementation
  of a Security Policy

14
Security Measures in a Secure Computer
Communications Architecture

• The Preparations and Management of a
  Protected Environment
• Each Computer Communication System Or
  Network Should Be Evaluated Prior To
  Selecting The Proper Security Measures
• (1) Security Protocols And Mechanisms To
  Be Used Will Be
• Determined By (i) Environment
  (iii) Operating System
• (ii)
  Platform (iv) Type Of Data
• (2) Understanding The Corporation
  Enterprise In Terms
• (a) Operational Requirements
  
  
• (b) Risk Assessment
• (c) Anticipated Threats
• Should Be Examined
• (3) To Improve The Philosophy Of
  Protection Organizations Have
• Been Provided With (a) Integrated
  Intrusion Protection
• 
  (b) Denial of Service Protection
• To Defend Against Network And
  Application Layer Attacks

15
Security Measures in a Secure Computer
Communications Architecture

• The Preparations and Management of a
  Protected Environment
• The Management Of A Protected Computer
  Environment Entails Balancing Protection
  With The Containment Of Integrity
• (1) Most Components Of A Computer
  Network Already Have Some
• Security Mechanisms Inherent In The
  Software Of The Device
• (i.e. Network Routers Have Built-In
  Design Features Such As
• Packets Filters, Stateful
  Firewalls, VPN Support )
• (2) The Network Security Appliances
  Selected Can Have An
• Operational Affect On The
  Performance Of The Network
• ( Some Modifications In Network
  Design Can Prevent This )

16
Security Measures in a Secure Computer
Communications Architecture

• The Preparations and Management of a
  Protected Environment
• The Security Architecture For The Internet
  Protocol Is Another Important Security
  Technology That Should Be Combined And
  Managed With Other Security Technologies
• (1) The Security Mechanisms For IP
  Version 4 (IPv4) And (IPv6) Are
• Designed To Work In The TCP And
  UDP Level
• (2)
  These Mechanisms Use The (IP) Authentication
  Header And The
• Encapsulating Security Payload
  (ESP) Header
• (3) Security Protocols That Can Be Used
  With VPN Devices Include
• (a) The Secure Shell (SSH)
• (b) The Secure Socket Layer (SSL)
  
• (c) Transport Security Layer
  (TSL)
• (4) Router And Host Hardening Can Be
  Improved If The Components
• Used Demonstrate A Higher
  Granularity Intrusion Detection

17
Security Measures in a Secure Computer
Communications Architecture

• Considerations And Implementation of a
  Security Policy
• A Security Policy Is A Formal Statement
  Of Rules By Which People Are Given Access
  To An Organizations Technology And
  Information Assets Must Abide
• (1) The Following Benefits Are Derived
• (a) Creating A Framework For
  Security Features
• (b) Network Security Can Be
  Audited
• (c) Global Security Can Be
  Enforced
• (d) Basis For Legal Action Can
  Be Created
• (2) A Comprehensive Security Cannot Be
  Successful Without The
• Corporate Will To Succeed
• (3) To Ensure That A Security Policy
  Is Being Followed
• (i) Vulnerability Scanners (iii)
  Secure Management Techniques
• (ii) Accounting Procedures (iv)
  IDS Controls

18
Security Measures in a Secure Computer
Communications Architecture

• ? Designing a Secure Computer
  Communications Architecture
  
• - Elements of a Basic Security
  Architecture
• - An Enhanced Security Architecture
• - Tuning The Design For Performance

19
Security Measures in a Secure Computer
Communications Architecture

• Designing a Secure Computer Architecture
• Network Security Is A
  Systems Engineering Discipline
  
• 
  
  
• 
  
  
• 
  
  (1) Security Must Be Engineered Into
  Every Aspect Of The Network
• Design
• (2) Failure Of One Security Appliance
  Should Not Compromise The
• Entire System
• (3) Host Hardening Is One Process
  Which Involves Tightening The
• Operating System And Appliances
  So Unnecessary Openings On
• The System Can Be Closed

20
Security Measures in a Secure Computer
Communications Architecture

• Elements of a
  Basic Security Architecture

Figure 1. This Architecture Has No
Security Appliance, However Each Hardware
Device Does Have Software Security
Mechanisms
21
Security Measures in a Secure Computer
Communications Architecture

• Elements of a
  Basic Security Architecture
• The Physical Architecture For Any Simple
  Computer Network Should
• Be Easy To Maintain And The
  Administrative Tasks Should Not Be
• That Challenging
• (1) Data Received, Stored, And Transmitted
  To The Internal Servers
• Should Not Be Considered Highly
  Sensitive
• (2) Network Indicated Has The Capability
  To Receive, Store, And
• Handle Data Used By A Small
  Business Office Involved
• In Advertising, Marketing Or Real
  Estate Ventures
• (3) Communication With The Outside World,
  Internet Access, And
• E-Mail Are System Operations That
  May Not Be Regarded As
• Threatening
• (4) Different Methods Of Password
  Authentication Are Not A High
• Priority And Theres No Competition
  For The Network Assets

22
Security Measures in a Secure Computer
Communications Architecture

• Elements of a
  Basic Security Architecture
• Integrated Security Mechanisms Are
  Intrinsically Part Of Each
• Component Detailed In The Figure Whether
  Used By The Enterprise
• Or Not
• (1) Some Of The Security Elements Configured
  On The Ethernet Switch
• Include (a) Network Device
  Hardening
• (b) Port Security
  and
• (c) Address
  Resolution Protocol Inspection
• (2) Network Hardening On The Switch Can
  Entail
• (a) Disabling Unneeded Services Or
  Resources
• (b) Ensuring Password Encryption
• (c) Enabling Authentication Settings
• (3) Port Security On The Switch Can
  Involve Limiting The Number
• of Media Access Control (MAC)
  Addresses Per Port

23
Security Measures in a Secure Computer
Communications Architecture

• An
  Enhanced Security Architecture

Figure 2. This Architecture Has An L3
Ethernet Switch And A Network Intrusion
Detection System (NIDS)
24
Security Measures in a Secure Computer
Communications Architecture

• An
  Enhanced Security Architecture
• An Elevated Computer Security Environment
  Requires An Architecture
• With Increased Hardware, Software And
  Physical Security Attachments
• (1) The Network Configuration Indicated Has
  The Capability To
• Receive, Store And Handle Data That
  Can Be Considered Highly
• Sensitive In The Medical, Investment,
  Industrial or Large Business
• Community
• (2) The Question Of Trust Is A Serious
  Issue Without Security
• Apparatus In This Environment

25
Security Measures in a Secure Computer
Communications Architecture

• 
  Tuning The Design For
  Performance

Figure 3. The Computer Architecture Above
Has Been Tuned For Performance And An
Integrated Stateful Firewall Appliance Has
Been Added.
26
Security Measures in a Secure Computer
Communications Architecture

• Tuning
  The Design For Performance
• The Next Escalation In Secure Computer
  Architecture Starts To
• Combine Multiple Security Appliances With
  Additional Integrated
• Hardware Components And Software Modules
• (1) This Network Has The Capability To
  Receive, Store And
• Handle Data That Can Be Extremely
  Sensitive In Terms Of
• (a) Homeland Security
• (b) National Defense Issues
• (c) Diplomatic Conversations
• (d) Aviation-Security Matters

27
Security Measures in a Secure Computer
Communications Architecture

• Tuning
  The Design For Performance
• (3) The Stateful Firewall Technology Used
  Allows An Historical
• Account Of Activities And Events To
  Be Recorded.
• (4) The Performance Tuning Process Should
  Include
• (a) The Compatibility of Software On
  Security Mechanisms
• (b) The Robust Connectivity of All
  Components
• (c) A Means To Measure And Examine
  The Forensic
• Evidence Should An Attack
  Occur

28
Security Measures in a Secure Computer
Communications Architecture

• ? Economies of Beneficial Necessity
  
• - Cost Analysis of a Secure Network
  Architecture
• - Cost Effectiveness of a Secure
  Network Architecture

29
Security Measures in a Secure Computer
Communications Architecture

• Beneficial Economies / Cost Analysis of a
  Secure Network Architecture
• The Analytical Means To Measure The Cost
  Benefits Of Securely
• Designed Computer Architectures Are Practiced
  By Every Corporation
• Enterprise
• (1) Investment of Corporate Resources Into
  The Design Is A Serious Decision And
  Weighted Against The Cost Of Not Having A
  Secure
• Architecture
• (2) A Balanced Cost Analysis Is Necessary
  When Confronted With Opposing Technical
  Methods
• (3) During A Cost-Benefit Evaluation
  Remember Dedicated Connections Over Long
  Distances Are Difficult To Maintain
• (4) Special Switches Used By Some Of These
  Appliances May Or May Not Be Cost-Effective
  

30
Security Measures in a Secure Computer
Communications Architecture

• Beneficial Economies / Cost Effectiveness of
  a Secure Network Architecture
• Cost Effectiveness Can Sometimes Be Measured
  In Terms Of Longevity Of The Network Device
• (1) Versatility Can Be Considered A
  Cost-Effective Parameter
• (2) A VPN Can Be Summed As The Price
  Effectiveness Of Being Able To Utilize A
  Public Medium To Transport Private
  Information
• (3) Some Cautionary Measures Can Be
  Interpreted As Cost Effective Measures
• (4) Periodic Software Updates On Security
  Devices Should Not Be Done Immediately,
  Establish A Test Environment
• (5) Only The Required Of Security Deemed
  Necessary Should Be Implemented To Protect
  The Data Communications Stored On The Network

31
Security Measures in a Secure Computer
Communications Architecture

• 
  Conclusions
• (1) The Business And Medical Communities,
  Banking Institutions,
• Industrial And Investment Firms, And
  All Levels Of Government
• Agencies Have Recognized The
  Importance Of A Secure
• Computer Communications Architecture.
• (2) Different Kinds Of Businesses In The
  Private Sector And
• Government Agencies In The Private
  Sector Have Adopted
• Various Robust Security
  Technologies.
• (3) Vulnerabilities And Exploits In Any
  Computer Architecture Can
• Pose Threats To National Security,
  Compromise Private Medical
• Records, Or Divulge Personal
  Financial Information.

32
Security Measures in a Secure Computer
Communications Architecture

• 
  
  
  
  
  
  
  
  Conclusions
  
• (4) Engineering Security In A Network
  Architecture Is Not An Easy
• Task.
• (5) The Optimum Security Philosophy
  Involves The Best
• Combination Of Integrated Security
  Technologies Available.
• (6) Network Security Is A Systems
  Engineering Discipline.

33
Security Measures in a Secure Computer
Communications Architecture

• 
  Conclusions
• In The End, A Secure Computer Network
  Architecture Is Not
• Enough, A Personal Commitment To
  Security Awareness, And
• A Dedication To A Security Policy Might
  Protect Us In An
• Insecure Computer Network Environment.
• The Author Wishes To Acknowledge The
  Support And Encouragement Received From
  Members Of The Air Traffic And Systems
  Engineering Organizations. These Groups Are
  At The FAA William J. Hughes Technical
  Center.