INFORMATION

SECURITY
MODELS
Defense-in-Depth: A Layered
Security Approach

1
DEFENSE-IN-DEPTH

 Definition: Defense-in-depth is the

practice of implementing multiple
layers of security controls to protect
systems, networks, and applications.

 Goal: To provide robust protection by

creating overlapping security
measures that complement each other.

 Analogy: A bank's security measures

(guards, alarms, safes) serve as a good
example of defense-in-depth.
2
THE LAYERS OF DEFENSE-IN-DEPTH

 Computer Security:
 Hardware security (e.g., BIOS, firmware)
 Operating system security (e.g., user rights, patches)
 Data encryption
 Network Security:
 Firewalls (e.g., perimeter, internal)
 Intrusion detection systems (IDS)
 Virtual private networks (VPNs)
 Service Security:
 Authentication and authorization
 Access control lists (ACLs)
 Vulnerability scanning
 Application Security:
 Input validation
 Output encoding
 Secure coding practices
3
THE IMPORTANCE OF OVERLAPPING
CONTROLS

 Redundancy: Multiple layers provide

redundancy, ensuring that if one control
fails, another can still protect the system.

 Complementary Controls: Different

controls address various attack vectors,
making it harder for attackers to bypass
all layers.

 Example: A firewall combined with

intrusion detection can provide more
comprehensive protection than either
alone.
4
THE SECURITY
ARCHITECTURE
 Definition: A security architecture is a
framework that defines how security
controls are organized and managed
within an organization.

 Components:
 Resources (e.g., servers, networks, data)
 Perimeter (e.g., external network boundaries)
 Controls (e.g., firewalls, encryption)

 Relationship: The security architecture

guides the implementation of defense-in-
depth by defining how the layers of
controls should be structured.
5
COMBINING DEFENSE-IN-DEPTH
AND SECURITY ARCHITECTURE

 Thesecurity architecture provides a

framework for organizing and
managing security controls.

 Defense-in-depth ensures that

multiple layers of controls are in
place to protect resources.

 Thecombination of these two

concepts creates a robust and
effective security posture.
6
7
COMPUTER SECURITY

 Definition:
 - Overview of computer security
and its importance.
 - Diverse areas: Access control,
user management, software
management, etc.
 - Key Point:
 - Security provided by the
operating system as a crucial layer.

8
OPERATING SYSTEMS
AND SECURITY
 Definition :- Interface between
hardware, software, and user.

 - Importance in controlling access

and privileges.

 Examples (Windows, UNIX, Linux,

etc.).

9
HISTORICAL CONTEXT
 - **Early Computer Systems:**
 - Centralized systems with dumb
terminals.
 - Simple security controls
(Mandatory Access Control - MAC).
 - **Key Point:**
 - Limited access with tightly
controlled privileges.

10
EVOLUTION OF PERSONAL
COMPUTING
 **The Shift:**
 - Computers become affordable
and widely used.

 - Introduction of Lotus 1-2-3 in the

1980s.

 - **Impact on Security:**
 - Growth of individual computers
with minimal security concern.

11
DISCRETIONARY ACCESS
CONTROLS (DAC)
 - **Introduction of DAC:**
 - Managing user privileges based
on file/application ownership.

 - **Example:**
 - Alice’s control over her files and
deciding access rights.

 - **Challenge:**
 - Decentralized computing makes
security management complex.
12
SECURITY CHALLENGES IN A
DISTRIBUTED ENVIRONMENT
 - **Key Questions:**
 - How to control access to
information, applications, and
privileges?

 - **Complexity:**
 - Multiple users, systems, and
rights create convoluted security
scenarios.

13
APPLICATION SECURITY
 - **Importance:**
 - Applications as the core reason
for computer existence.

 - **Challenges:**
 - Controlling type, privileges, and
integrity of applications.

 - Legal issues with application

copying and licensing.

14
THEORETICAL SECURITY
MODELS
 - **Rainbow Series:**
 - Theoretical models from the Department of
Defense.

 - **Orange Book:**
 - Trusted Computer System Evaluation Criteria (DOD-
5200.28-STD).
 - Security ratings (D through A).

 - **Bell-LaPadula Model:**
 Defines objects, subjects, and access operations. In theory,
the Bell LaPadula model was an excep tional application of
security controls but could not be applied in a cost-effective

 - Security principles: Reading and writing data based

on access levels.
15
OPERATING SYSTEM
KERNELS
 **Definition:**
 - The kernel as the core of an
operating system.

 - **Historical Perspective:**
 - Small kernels (e.g., UNIX) vs.
large kernels (e.g., Windows NT).

 - **Key Point:**
 - Complexity in large kernels leads
to security vulnerabilities.
16
PERIMETER CONTROLS
AND MODERN SECURITY
 - **Evolution:**
 - Development of firewalls, filtering routers,
and network security.

 - **Trusted Operating Systems (TOS):**

 - Compartmentalization in TOS for enhanced
security. Construct compartments for services to run
and users to work. Compartments are internally
controlled, logical boundaries in the system other
applications are completely unaware exist. Each
compartment is assigned a security level and a low
security level cannot access system resources of a
higher security level.

 - **Examples:**
 - Trusted Solaris, HP Presidium, Argus PitBull.
17
HARDENING A SYSTEM:
PHYSICAL SECURITY
 **Importance of Physical Security:**
 - Prevent unauthorized access.

 - **Practices:**
 - Case locks, locked cabinets,
disabling external ports, BIOS
passwords, etc.

18
HARDENING A SYSTEM:
INSTALLING THE OS
 **Best Practices:**
 - Install OS from scratch, choose
secure file systems, disable
unnecessary services.

 - **Role of Services:**
 - Enable only what’s necessary for
operation.
 Select the appropriate file system.

19
SYSTEM POLICIES AND
ADMINISTRATION
 **Setup Tasks:**
 - Set password policies, enable
logging, define directory structure.

 - **Administrative Configurations:**
 - User account management,
system permissions, audit
functions.

20
 Implement access control lists
restricting only the protocols that are
going to be used on the system.

 Make protocol stack changes. For
example, change the number of per
mitted open connections or shorten the
wait time associated with half open
connections.

 Configure the system to accept or deny

remote login and remote procedure calls
that are associated with execution of
remote applications.
21
CONCLUSION: ONGOING SECURITY
MANAGEMENT
 Importance of regular updates and patching

 - Types: Functionality, feature, security

 Functionality. A patch that fixes or enhances a certain
function of the system. For example, how memory is
handled, performance of network connections, or
adding more options to an administrative program.

 Feature. A feature patch increases the use of the

system, an added feature.

 Security. A security patch fixes a vulnerability in the

system due to unex pected conditions the system is in
or a misstep in programming.

22
KEY MESSAGE
 - Continuous security management
is essential for system integrity.

23
INTRODUCTION TO
NETWORK SECURITY
 **Quote:** "It is tough enough to
build a singular secure system,
much less thousands of them
connected together.“

 - **Key Point:** Network security

challenges increase with the
complexity and scale of
interconnected systems.

 - **Example:** A hacker can attack

a system from halfway around the
24
CHARACTERISTICS OF
NETWORK SECURITY
 Transmission Security. The protection of data
as it is transmitted from one location to another.

 Protocol Security. The construction of packets

and how they are processed and used to transmit
information.

 Routing Protocol Security. The information

that is shared by network devices to work
together to support communications.

 Network Access Security. Controlling

connectivity from one network to another based
on protocol specifics
25
TRANSMISSION SECURITY
 Ensuring sensitive data is not altered
or viewed by unauthorized entities
during transmission.

 - Common Security Protocols:**

 - IPSec (Internet Protocol Security)
 - SSL (Secure Sockets Layer)
 - SSH (Secure Shell)

 Threats:Network sniffers can capture

packets in cleartext (e.g., emails, FTP,
Telnet).
26
PROTOCOL SECURITY
 :Protocols like TCP/IP were not designed
with security as a priority

 Vulnerabilities
 Denial-of-Service (DoS) Attacks: Exploit
basic protocol features.

 IP Spoofing: Forging the source IP

address to appear as a trusted system.

 Impact: Protocol weaknesses can be

manipulated to bypass security measures
and compromise systems.
27
CASE STUDY: IP
SPOOFING ATTACK
Scenario:
 A hacker sends a packet with a forged IP address.
 The server assumes the packet is from a trusted
source.

 Challenges for the Attacker:

 Disabling the legitimate client system.(the attacker
has to disable the client so that it can receive the
packets on behalf of client)
 Responding correctly within the expected
timeframes.(attacker need to behave like legitimate
client and must respond within timeframe, else the
server may detect that it is a fake client”

 Implication: Predictable sequence numbers in TCP/IP

make such attacks possible.
28
NETWORK SECURITY
CHALLENGES
 Complex and evolving, requiring
robust strategies.
 Key Areas to Focus
 Transmission Security
 Protocol Security
 Routing Protocol Security
 Network Access Security

 Takeaway: Continuous vigilance and

adaptation are necessary to
mitigate network security threats.
29
ROUTING PROTOCOL
SECURITY
 Overview:
 Routing protocols facilitate
communication between network devices
by sharing network information.

 These protocols enable efficient data

routing based on network availability,
performance, and cost.

 Example: OSPF (Open Shortest Path First)

 Uses "areas" to organize and summarize

network routes.
30
31
32
THREATS TO ROUTING
PROTOCOLS
 Routing protocols are prime targets
for hackers.

 - Potential Attacks:
 Manipulating Routing Information:
 Hackers can reroute data or hide their
location by altering routing data.

 Denial of Service:
 Overloading a specific network area
by manipulating routing protocols.
33
SECURING ROUTING
PROTOCOLS: OSPF EXAMPLE
 OSPF Security Mechanism:
 Authentication: Apply authentication to
OSPF to ensure data integrity.

 Example:
 MD5 Authentication
 (Message Digest 5) applied to OSPF
communications.

 Figure:
 OSPF Network Design Example with MD5
Authentication(Visual representation of
the configuration).
34
CONFIGURING OSPF WITH
MD5 AUTHENTICATION
 Configuration Example:

 Router 1.1.1.1 Configuration:

 Set up MD5 authentication for OSPF
communications in area 0.
 Code Snippet:
 `ip ospf message-digest-key 1 md5 cisco`

 Router 3.3.3.3 Configuration:

 Establish a virtual link with MD5
authentication.
 Code Snippet:
 `area 1 virtual-link 1.1.1.1 message-digest-key
1 md5 cisco`
35
36
37
ENHANCING ROUTING PROTOCOL
SECURITY WITH VPNS
 Combining GRE and IPSec:
 GRE (Generic Routing
Encapsulation): Simplifies firewall
and router configuration for OSPF.
 IPSec VPN:
 Provides encryption and
authentication, securing OSPF
traffic over the Internet.
 Figure
 VPN and GRE Securing OSPF
Protocols (Illustrates the
combination of GRE and IPSec for38
39
 In Figure 4.4, we see two networks that share information
over the Internet, including routing protocols.

 As with typical Internet connections there is a firewall

connecting the network to the Internet and an internal
router supporting the intranet, in this example, networks
11.11.11.11 and 22.22.22.22.

 A Generic Rout ing Encapsulation (GRE) tunnel is created

between the two intranet routers, Rodney and House. A
GRE tunnel is a very simple form of encapsulation—no
security—that effectively simplifies configuring the
firewalls and intermediate routers to allow OSPF to pass.

 An IPSec VPN is established between the two firewalls,

Tiger and Lion, to protect all the communications
between the two networks. By combining GRE and IPSec,
the OSPF protocol is provided isolation and security while
traversing the Internet.
40
BENEFITS OF SECURING
ROUTING PROTOCOLS
 Advantages:
 Protection Against Attacks: Secure
routing protocols prevent
unauthorized access and data
manipulation.
 Maintains Network
Integrity:Ensures accurate routing
information across the network.
 Impact: Combining security
mechanisms like VPNs and
authentication protects the
network's critical infrastructure.
41
ROUTING PROTOCOLS IN
PENETRATION TESTING
Key Point: Routing protocols can
reveal the network layout during
penetration tests.

 Value in Testing:
 - Access to routing tables can be
crucial for creating an effective
attack plan.
 - Even if network mapping tools
fail, routing information provides
insight into internal systems.
42
CONCLUSION
 Summary:
 - Routing protocols are essential
but vulnerable to attacks.
 - Security measures like
authentication and VPNs are critical
to protecting routing information.

 Final Thought:
 Strengthening routing protocol
security is a crucial step in
safeguarding the entire network.
43
INTRODUCTION TO NETWORK
ACCESS CONTROLS
 Definition:

 - Network access controls limit the

availability of communications
between systems or applications.

 - These controls are essential for

enforcing security policies within a
network.

44
UNDERSTANDING TCP/IP HEADERS
AND APPLICATION PORTS
 TCP/IP Headers:
 - TCP/IP headers contain collections of bits
that identify specifics about the
communication.

 Application Ports:
 - Ports are numbers ranging from 1 to 65535
that identify services associated with
communication.
 - Examples of Common Ports:
 - POP: Port 110
 - SMTP: Port 25
 - FTP: Port 21
 - Telnet:Port 23
45
STANDARD AND HIGH
PORTS
 Standard Ports (1-1023):
 - Reserved for well-known services and
applications.
 - Critical for basic network functions
and standard communication protocols.

 High Ports (1024-65535):

 - Used for the responding port in
established bidirectional
communications.
 - Commonly used by client applications
during active communication sessions.
46
ROLE OF FIREWALLS IN
NETWORK ACCESS CONTROL
 Firewall Functionality:
 - A firewall checks the application ports in the
TCP/IP header to determine whether to allow or
block the packet.
 - Decision is based on an installed rule base
that defines permitted and denied
communications.

 Example Scenario:
 - An internal system might accept
communications on ports 21, 23, 25, 80, and
110.
 - The firewall may only permit traffic on port
80 (HTTP) from the Internet, enforcing a
specific security policy.
47
DEFENSE-IN-DEPTH
STRATEGY
 Concept:
 - Network security is enhanced
through multiple layers of controls
on system interactions and data
movement.
 -Each layer provides a barrier
against potential attacks.

 Impact on Security:
 - By restricting access at various
levels, a defense-in-depth strategy
makes it harder for hackers to 48
EXPLOITING NETWORK
ACCESS CONTROLS
 Potential Vulnerabilities
 Hackers may attempt to exploit specific
attributes of network access controls to
perform attacks.
 Common targets include misconfigured
firewalls, open ports, and unprotected
services.

 Importance of Vigilance:
 Regular audits and updates to access
control policies are crucial for
maintaining a secure network
environment.
49
CONCLUSION
 Summary:
 Network access controls are a vital
component of network security, regulating
the flow of data between systems.

 Proper configuration and management of

these controls are essential to protect
against unauthorized access and attacks.

 Final Thought:
 Continual monitoring and updating of
access controls are necessary to adapt to
evolving security threats.
50
INTRODUCTION TO
SERVICE SECURITY
 Definition:
 Services are processes running on a
computer that provide common
functions for applications, users, or
other services.

 Categories of Services:
 1. Operational Services: Provide
functionality to applications or users.
 2. Network Services: Support the
exchange of information across the
network. 51
OPERATIONAL SERVICES
IN WINDOWS
 Security Accounts Manager:
 Stores security information for local
user accounts, managing credentials
and user rights.

 Plug and Play:

 Automatically recognizes and adapts to
hardware changes with minimal or no
user input, ensuring hardware
compatibility.

52
 Net Logon:
 Facilitates pass-through authentication of account
logon events, particularly for computers within a
domain environment.

 Event Log:
 Collects and allows viewing of event log messages
from Windows programs and components; this
service is critical and cannot be stopped.

 Logical Disk Manager:

 Configures hard disk drives and volumes during
setup or when changes are made, then stops
running.

 Indexing Service:
 Indexes content and properties of files on both local
and remote computers, enabling rapid file search
through a flexible querying language.
53
NETWORK SERVICES
 DNS (Domain Name System):
 Resolves and caches DNS names to IP addresses;
critical for the operation of Internet services.

 Telnet:
 Enables remote users to log in to a computer and
run programs; necessary for remote management.

 FTP (File Transfer Protocol

 Facilitates the exchange of files across the
network, widely used for transferring data
between systems.

54
SECURITY RISKS OF
SERVICES
 Vulnerabilities in Services:
 Services often interact closely with the network,
applications, and the operating system, making them a
target for attacks.

 Many services have weak security configurations, which

can be exploited by attackers.

 Potential Impact:
 Services usually have privileged access to system
resources, meaning a compromised service can lead to
significant damage.

 A typical computer runs numerous services (e.g., Windows

XP has 42 running services and over 30 disabled),
providing hackers with multiple attack vectors.
55
CASE STUDY: SQL
SLAMMER WORM
Overview of SQL Slammer:
 Date: January 25, 2003
 Target: SQL Server Resolution Service (SSRS)
on UDP port 1434, used by MS SQL 2000.
 Mechanism: Slammer exploited SSRS’s
“Keepalive” protocol to propagate and infect
other SQL servers.

Impact:
 The SQL Slammer worm became the fastest
spreading worm in Internet history, causing
widespread disruption and highlighting the
vulnerabilities in SQL services.
56
CASE STUDY: RPC SERVICE
AND BLASTER WORM
RPC Service Vulnerability:
 Remote Procedure Call (RPC) service allows programs
on one system to execute on another; widely
implemented in Microsoft platforms.
 Vulnerabilities specific to Microsoft's implementation
were exploited by the Blaster worm.

Blaster Worm Impact:

 Mechanism: pread through the RPC service, causing
infected systems to crash and spread the worm
further.

 Denial-of-Service: Included the capability to launch a

TCP SYN flood attack against windowsupdate.com,
exacerbating the damage.
57
IMPORTANCE OF
PATCHING
Proactive Security Management:
 SQL Slammer and Blaster Worm:
Security patches were available before
the worms were released, yet many
systems remained unpatched and
vulnerable.

Lesson Learned: Timely application of

patches is crucial to protect systems from
known vulnerabilities.

58
CONCLUSION: MANAGING
SERVICE SECURITY
Services as Attack Vectors:
 Services are a significant attack vector due to their
privileged access and the potential vulnerabilities in their
implementation.

Best Practices for Service Security:

 Regularly audit and monitor services for vulnerabilities.
 Restrict access to necessary services and ensure proper
configuration.
 Implement a robust patch management process to
quickly address vulnerabilities.

Final Thought:
 Proper management and security of services are
essential to safeguarding network and system security
from potential attacks.
59
INTRODUCTION TO
APPLICATION SECURITY
Overview:
 Final Layer of Security: Applications are
the last line of defense in a layered
security approach.
 Composition: Applications consist of
libraries, executables, and utilities, e.g.,
Microsoft Word.
 Significance: They perform essential
tasks, but also introduce potential
vulnerabilities.

60
APPLICATION
VULNERABILITIES
Vulnerabilities Overview:
Types of Vulnerabilities:
 Applications may have bugs, security flaws, and
configuration errors.

Impact:
 These weaknesses can be exploited by hackers, leading to
unauthorized access or system disruption.

Potential Consequences:
 System Failures:
 Bugs can cause crashes or malfunction, affecting
operations.

Unauthorized Access:
 Exploited vulnerabilities can lead to data breaches.
61
EXAMPLES OF APPLICATION
VULNERABILITIES
Microsoft Internet Explorer (IE): Versions:** IE 5.5
and 6.0.
 Vulnerability: Exploitable script execution via
cookies due to security zone mismanagement.

Snort Intrusion Detection System: Version:Snort

1.8.3.
 Vulnerability: Susceptible to a Denial of Service
(DoS) attack via malformed ICMP packets.

RealPlayer:Version:8.0 and earlier.

 Vulnerability: Remote code execution due to
header length issues.
62
BUFFER OVERRUNS AND
CODE INJECTION
Buffer Overruns:
Definition: A condition where data overflows into
adjacent memory, allowing execution of arbitrary
code.

Impact: Can be exploited to inject malicious

commands or scripts.

Real-World Examples:
Example: Microsoft’s Internet Explorer 5.5 and
6.0 vulnerability where scripts can run through
cookies.

63
OTHER NOTABLE
VULNERABILITIES
MS Outlook: Version:8.5.
Vulnerability: Auto-adding reply-to addresses
without verification, enabling address spoofing.

Microsoft Exchange Server 2000:

Vulnerability: “Everyone” group given excessive
privileges, allowing registry modifications.

Internet Explorer 5.01, 5.5, and 6.0:

Vulnerability: Remote file access through
malformed GetObject function requests.

64
SECURITY PRACTICES IN
APPLICATION DEVELOPMENT
Development Guidelines:
Key Practices: Establish coding standards,
perform code reviews, and enforce security
during development.

Code Review Focus:

Common Issues: Buffer overflows, race
conditions, tainted input, format string issues,
and trust management.

Component Analysis: Assess encryption, access

controls, authentication, and interdependencies.

65
CASE STUDIES OF
SECURITY OVERSIGHTS
Microsoft SQL Server:
Issue:
Default null password on the admin account, posing a
significant security risk.
Lesson:
Importance of enforcing strong password policies.

Oracle Database Server 9iAS:

Issue:
Default accounts with known usernames and
passwords, compromising server security.

Lesson: The necessity of secure default configurations.

66
CONSEQUENCES OF POOR
SECURITY PRACTICES
Undocumented User Accounts:
Example: Avaya Cajun switches with undocumented
default users and passwords.
Unauthorized access with developer privileges.

Vendor Responses:
Patch Deployment:
 Software vendors typically provide patches, updates,

or workarounds to address security oversights.

Human Error Factor:

Reality:
 Application security is heavily impacted by human

error, requiring constant vigilance and updates.

67
CONCLUSION: IMPORTANCE
OF APPLICATION SECURITY
Summary:

Layered Security: Applications are critical in

the overall security posture.

Continuous Improvement: Ongoing patching,

monitoring, and secure development
practices are essential.

Final Thought: Application security demands

a proactive approach to protect against
evolving threats.
68
INTRODUCTION TO
SECURITY ARCHITECTURE
What is Security Architecture?
Definition and importance in aligning
with business objectives.
Interaction with technology and business
demands.
 - **Visual:** Diagram illustrating the
intersection of business objectives and
security requirements.

69
70
THE NEED FOR SECURITY
ARCHITECTURE
Why Do We Need a Security Architecture?

 Integration with the Internet to stay

competitive.

 Challenges due to dynamic business

relationships and technologies.

 The growing complexity in security

management.

71
: KEY LAYERS OF
SECURITY ARCHITECTURE
Four Layers of a Common Security
Architecture
Resource,
Control,
Perimeter,
and Extended.

72
 RESOURCE LAYER
Description: The resource layer is where
services and data reside. It is the home of
servers, applications, databases,
workstations, and storage.Home of servers,
applications, databases, etc.
Importance of identifying and protecting core
resources.
Challenges in determining resources and their
value.

73
74
CONTROL LAYER
Description: Manages identity and
access.

Importance in enforcing policy and

managing access.

Challenges due to fragmented systems

and legacy issues.
 - **Visual:** Flowchart of identity and
access management processes.

75
76
PERIMETER LAYER
Description: enforces a logical boundary
between the Internet and the intranet,
departments, applications, and even
users.
Importance of firewalls, intrusion
detection, and prevention systems.
The role of perimeter as the first line of
defense.

77
78
EXTENDED LAYER
Description: External-facing security for
remote access, partners, and customers.

Examples: VPNs, extranets, and remote

access.

Challenges with managing security

beyond the traditional perimeter.

79
80
IMPORTANCE OF FLEXIBILITY
IN SECURITY ARCHITECTURE
 Necessity for an adaptable architecture
due to changing business needs.

 How layered security allows for

changes without compromising integrity.

 The importance of abstract deployment

to separate physical and logical layers.

81
COMMON SECURITY
ARCHITECTURE CHALLENGES
Due to merger and acquisitions, legacy systems
that may not support a higher form of adopted
security measures, and highly complex business
requirements, security infrastructures today rarely
follow a comprehensive overlying architecture.

Point solutions - focuses on limited control of

specific information flows, or strengthening within
a layer,
Instead of integrated layers

Impact of mergers, acquisitions, and rapid

economic changes.
82
: CONCLUSION
 Recap of the importance of a well-
conceived security architecture.

 The need for ongoing adaptation and

management.

 Final thoughts on the role of security

architecture in today’s business
environment.

83
QUESTIONS

84