Beruflich Dokumente
Kultur Dokumente
Security
Rafal Lukawiecki
Strategic Consultant, Project Botticelli Ltd
rafal@projectbotticelli.co.uk
www.projectbotticelli.co.uk
Copyright 2005 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all
information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in
File/Properties.
2
Objectives
Session Agenda
Defining Security
Concepts
5
Security
Challenge
Security must be balanced with usability (and
accessibility)
Cost-Effectiveness of Security
Adequate Security
1st Conclusion
Aspects of Security
Static, passive, pervasive
Confidentiality
◄ Your data/service provides no useful information to unauthorised
people
Integrity
◄ If anyone tampers with your asset it will be immediately evident
Authenticity
◄ We can verify that asset is attributable to its authors or caretakers
Identity
◄ We can verify who is the specific individual entity associated with your
asset
Non-repudiation
◄ The author or owner or caretaker of asset cannot deny that they are
associated with it
12
Aspects of Security
Dynamic, active, transient
Authorisation
◄ It is clear what actions are permitted with respect to your asset
Loss
◄ Asset is irrecoverably lost (or the cost of recovery is too high)
Denial of access (aka denial of service)
◄ Access to asset is temporarily impossible
13
Cryptography
Static + Active
Across
All Your Assets
Based On
Ongoing Threat Risk Assessment
18
Building a Secure
Environment
19
Defense in Depth
Using a layered approach:
Increases an attacker’s risk of detection
Reduces an attacker’s chance of success
Secure Environment
Processes
Operating Processes
Microsoft Operations Framework (MOF)
IT Infrastructure Library
BS7799 and related ISO
Informal: Standard and Emergency Operating Procedures
Risk and Threat Analysis Processes
Simple Security Risk Analysis
Attack Vectors and Threat Modelling
OCTAVE
22
Operating Processes
As a minimum, define
Standard Operating Procedures
Set of security policies used during “normal” conditions
Could be based on Windows AD Group Policies
Emergency Operating Procedures
Tighter policies used during “high-risk” or “under-attack”
conditions
OCTAVE
25
OCTAVE
Concept of OCTAVE
Workshop-based analysis
Collaborative approach
Guided by an 18-volume publication
Very specific, with suggested timings, personnel selection etc.
www.cert.org/octave/omig.html
OCTAVE Process
Progressive Series of Workshops
Phase 1
Organizational Assets
View Threats
Current Practices
Org. Vulnerabilities Phase 3
Security Req.
Strategy and Plan
Development
Planning
Risks
Phase 2 Protection Strategy
Tech. Vulnerabilities Mitigation Plans
Technological
View
28
Simplified Security
Risk Analysis
30
Examples
Asset:
Internal mailbox of your Managing Director
Risk Impact Estimate (examples!)
Risk of loss: Medium impact
Risk of access by staff: High impact
Risk of access by press: Catastrophic impact
Risk of access by a competitor: High impact
Risk of temporary no access by MD: Low impact
Risk of change of content: Medium impact
31
Formal Threat
Modelling
37
Threat Modeling
Bob
Login
Alice IIS ASP.NET
Firewall
Bill Main
State
Decomposition (Step 3)
Forms Authentication URL Authorization
Bob
Login
Alice
IIS ASP.NET
Firewall
Bill Main
State
STRIDE
A Technique for Threat Identification (Step 4)
Type of Threat Examples
Threat Tree
Inside Attack
Enabled
Attack domain
controller
from inside
OR
AND AND
OR
AND AND
Unencrypted Cross-Site XSS
Eavesdropping
Connection Scripting Vulnerability
Cookies travel Attacker uses Attacker Application is
over sniffer to possesses vulnerable to
unencrypted monitor HTTP means and XSS attacks
HTTP traffic knowledge
43
Rate Risk
Probability-Impact-Exposure
Risk Exposure = Probability * Damage Potential
DREAD
45
DREAD
D – Damage Potential
R – Reproducibility
E – Exploitability
A – Affected Users
D – Discoverability
Summary
47
Summary