Dorian Tool
The Security Infrastructure Design Document helps to document and track the necessary information required to effectively define architecture and.
Security Infrastructure Design Guideline
This document applies to both new building construction and refurbishment of existing buildings. In the case of refurbishment all existing security devices
System Design Document - Volume I
Jul 11 2009 The features include hardware infrastructure
Oracle Cloud Infrastructure Security Architecture (PDF)
It's intended solely to help you assess the business benefits of OCI and to plan your IT projects. Disclaimer. This document in any form software or printed
Shifting the Balance of Cybersecurity Risk: Principles and
Apr 13 2023 manufacturers in building software security into their design ... Defense-in-Depth: Design infrastructure so that the compromise of a single ...
DoD Enterprise DevSecOps Reference Design
Aug 12 2019 Automation
Network Infrastructure Security Guide
Jun 15 2022 Zero Trust is a security model
Digital Government Security Infrastructure Design Challenges
they also create significant infrastructure challenges. Key challenges include1. • ensuring secure interoperability among systems from several agencies
A Guide to a Critical Infrastructure Security and Resilience
Security and resilience should be considered during the design of infrastructure elements. establish accountability; document actual performance; facilitate ...
Dorian Tool
The Security Infrastructure Design Document helps to document and track the necessary information required to effectively define architecture and.
Security Infrastructure Design Guideline
from Security Infrastructure Design Standard v4.0 This document applies to both new building construction and refurbishment of existing buildings.
SECURITY TECHNOLOGY INFRASTRUCTURE Standards and
This document describes the security technology infrastructure recommended for stakeholders principles that form the trust foundation for GA4GH.
System Design Document Template
Sep 30 2017 System Architecture and Architecture Design . ... Security Software Architecture . ... 1.1 Purpose of the System Design Document (SDD).
Oracle Cloud Infrastructure Security Architecture (PDF)
This document in any form software or printed matter
Security ReportJune 2014.indd
Nov 19 2015 school safety infrastructure criteria for school building ... security and other security infrastructure features and design strategies.
How to Implement Security Controls for an Information Security
This document is designed to assist CBRN facilities in developing a comprehensive set of security controls to support the implementation of a risk-based
Report of the School Safety Infrastructure Council
Nov 19 2015 school safety infrastructure criteria for school building ... security and other security infrastructure features and design strategies.
DoD Enterprise DevSecOps Reference Design
Aug 12 2019 Automation
[PDF] Sample Security Infrastructure Design Document
The Security Infrastructure Design Document helps to document and track the necessary information required to effectively define architecture and
[PDF] Secure Infrastructure Design
In the realm of physical security for example this concept is demonstrated in the distribution of keys and other access devices Does Bob have a legitimate
[PDF] Security Infrastructure Design Guideline - Curtin Properties
Curtin University has a strong commitment to the security of its buildings land and spaces and for the personal safety of all users of these areas
Create A Security Infrastructure Design Document For A Fictional
Assignment: In this project you'll create a security infrastructure design document for a fictional organization The security services and tools you describe
[PDF] Designing and Implementing a Secure Network Infrastructure
You need to add security functionality to create secure VPNs That means using firewalls for access control and probably IPsec for confidentiality and data
Create a security infrastructure design document - Studypool
Assignment: In this project you'll create a security infrastructure design You should upload your document in PDF format (i e my_submission pdf )
Create a security infrastructure design document for Cheggcom
Create a security infrastructure design document for an imaginary organization The security services and tools you describe in the document must be able to
What is a security infrastructure design document?
The Security Infrastructure Design Document helps to document and track. the necessary information required to effectively define architecture and. system design in order to give the guidance on the security architecture of the. IT environment that is going to be established.How do you build a secure IT infrastructure?
With that, some of the ways to build secure IT infrastructure for your small business include:
1Limit User Access To Your Business Network. 2Install Necessary Cybersecurity Tools. 3Have Security Awareness Training For Employees. 4Establish Solid IT Policies. 5Invest In High-Performance Storage Solutions. 6Update Your Firewall.How to design network security architecture?
Principles of Secure Network Design
1Defense in depth.2Compartmentalization.3Least privilege.4Weakest link.5Separation and rotation of duties.6Hierarchically trusted components and protection.7Mediated access.8Accountability and traceability.- Google Front End service
The GFE ensures that all TLS connections are terminated with correct certificates and by following best practices such as supporting perfect forward secrecy. The GFE also applies protections against DoS attacks.
Designing and Implementing a
Designing and Implementing a
Secure Network Infrastructure
Secure Network Infrastructure
NANOG October 19, 2003
NANOG October 19, 2003
Merike Kaeo
Merike Kaeo
kaeo@merike.com kaeo@merike.comAgenda
Agenda
§Session I (1:30 Session I (1:30 --3:00)3:00)Security Technology Details
Security Technology Details
§Session II (3:30 Session II (3:30 --5:00)5:00)Secure Infrastructure Architectures
Secure Infrastructure Architectures
§Session III (7:30 Session III (7:30 --9:00)9:00)Sample Configuration Scenarios
Sample Configuration Scenarios
Security Technology Details
Security Technology Details
Who cares about technology if
Who cares about technology if
you don you don''t know what you want t know what you want or need to protect or need to protect............First Step
First Step........Security Policy..Security Policy §What are you trying to protect?What are you trying to protect? -What data is confidential?What data is confidential? -What resources are precious?What resources are precious? §What are you trying to protect against?What are you trying to protect against? -Unauthorized access to confidential data?Unauthorized access to confidential data? -Malicious attacks on network resources?Malicious attacks on network resources? §How do regulatory issues affect your policy?How do regulatory issues affect your policy?Characteristics of a Good
Characteristics of a Good
Security Policy
Security Policy
§Can it be implemented technically?Can it be implemented technically? §Are you able to implement it organizationally?Are you able to implement it organizationally? §Can you enforce it with security tools and /or Can you enforce it with security tools and /or sanctions? sanctions?§Does it clearly define areas of responsibility for Does it clearly define areas of responsibility for
the users, administrators, and management? the users, administrators, and management? §Is it flexible and adaptable to changing Is it flexible and adaptable to changing environments? environments?Why Should You Care?
Why Should You Care?
§Your job may be at stakeYour job may be at stake §Your reputation may be at stakeYour reputation may be at stake§Why do you Why do you notnotcare?care?
Time for reality check.....most
companies STILL DO NOThave corporate sanctioned security policies....operators define them ad-hocTypical Network Components
Typical Network ComponentsInternet
Remote
AccessCorporate Network
Customer
CustomerAuthentication /
Syslog ServersNOC Hosts
Elements of a Security
Elements of a Security
Architecture
Architecture
§AuthenticationAuthentication
§AuthorizationAuthorization
§Data IntegrityData Integrity
§Data Origin AuthenticationData Origin Authentication§Data ConfidentialityData Confidentiality
§Network AvailabilityNetwork Availability
§AuditAudit
Questions To Ask
Questions To Ask
ØWho can have access to what?Who can have access to what? ØHow to provide authentication?How to provide authentication? ØPhysical device security?Physical device security? ØDevice network access security?Device network access security? ØNeed for data confidentiality?Need for data confidentiality? ØNeed for data integrity?Need for data integrity? ØHow to verify security policy?How to verify security policy?ØHow to enforce policy?How to enforce policy?
ØHow to detect intrusions?How to detect intrusions?Varying Degrees of Robustness for
Varying Degrees of Robustness for
Security Elements
Security Elements
Will I Go Bankrupt ?
•Spend More Money •Spend More Time Is It An Embarrassment ?NEED TO DO A RISK ANALYSIS !Risk Assessment
Risk Assessment
§Identify critical assetsIdentify critical assets -Hardware, software, data, people, documentationHardware, software, data, people, documentation§Place a value on assetPlace a value on asset
-Intangible asset Intangible asset --importance or criticalityimportance or criticality -Tangible asset Tangible asset --replacement value and/or training replacement value and/or training costs costs §Determine likelihood of security breaches Determine likelihood of security breaches -What are threats and vulnerabilities?What are threats and vulnerabilities?Risk Mitigation vs Cost of
Risk Mitigation vs Cost of
Security
Security
Risk mitigation:theprocess of selecting appropriate controls to reduce risk to an acceptable level.The level of acceptable riskis determined by
comparing the risk of security hole exposure to the cost of implementing and enforcing the security policy. Assess the cost of certain losses and do not spend more to protect something than it is actually worth.The Security Policy Should
The Security Policy Should
Include
Include..........
§Physical security controlsPhysical security controls -Media Media -Equipment locationEquipment location -Environmental safeguardsEnvironmental safeguards §Logical security controlsLogical security controls -Subnet boundariesSubnet boundaries -Routing boundariesRouting boundaries -Logical access control (preventative / detective)Logical access control (preventative / detective) §System and data integritySystem and data integrity -FirewallsFirewalls -Network servicesNetwork services§Data confidentialityData confidentiality
The Security Policy Should
The Security Policy Should
Include
Include........
§Mechanisms to verify and monitor security controlsMechanisms to verify and monitor security controls
-AccountingAccounting -ManagementManagement -Intrusion detectionIntrusion detection§Policies and procedures for staff that is responsible for the coPolicies and procedures for staff that is responsible for the corporate rporate networknetwork
-Secure backupsSecure backups -Equipment certificationEquipment certification -Use of Portable ToolsUse of Portable Tools -Audit TrailsAudit Trails -Incident HandlingIncident Handling§Appropriate security awareness training for users of the corporaAppropriate security awareness training for users of the corporate te networknetwork
Incident Handling
Incident Handling
§You will have to deal with a security breachYou will have to deal with a security breach §Software will always require upgrades due Software will always require upgrades due to vulnerability discovery to vulnerability discovery§DONDON''T PANICT PANIC
Have procedures in place before a
Have procedures in place before a
security breach happens!!! security breach happens!!!Useful Resources
Useful Resources
default.asp§Security Policy Summary
Security Policy Summary
§Need to have a comprehensive document Need to have a comprehensive document for legal support for legal support §Need a companion document which all Need a companion document which all corporate users will actually read corporate users will actually readSecurity Technology Fundamentals
Security Technology Fundamentals
§Crypto 101Crypto 101
§Authentication TechnologiesAuthentication Technologies §Application Layer SecurityApplication Layer Security §Transport Layer SecurityTransport Layer Security §Network Layer Security (IPsec)Network Layer Security (IPsec)§Link Layer SecurityLink Layer Security
Cryptography Is Used For ?
Cryptography Is Used For ?
§Authentication ProtocolsAuthentication Protocols §Data Origin AuthenticationData Origin Authentication§Data IntegrityData Integrity
§Data ConfidentialityData Confidentiality
Public Key Encryption
Public Key Encryption
Uses public/private keys
Uses public/private keys
-Keep private key privateKeep private key private -Anyone can see public keyAnyone can see public keyPrivatePrivatePublicPublicComputing Key pair is computationally expensive!!
Common Algorithms: RSA, El Gamal
Data Origin Authentication
Data Origin Authentication1.Router A generates public/private key pair2.Router A sends its public key to Router B
3.Router A encrypts packet with its private key and
sends encrypted packet to Router B4.Router B receives encrypted packet and decrypts with
Router A's public keyPriPriPubPubPubPub11223344PriPriPubPubClearEncrypted
ClearRouter A
Router BENCRYPTDECRYPT
Secret Key Encryption
Secret Key Encryption
Sensitive
InformationShared Secret KeyShared Secret Key
Sensitive
Information
(Cleartext) (Ciphertext)(Cleartext)DESDESInternetENCRYPTDECRYPT
Common Algorithms: DES, 3DES, AES, IDEA
Scalability with Secret Key Crypto
Scalability with Secret Key Crypto
Configuring shared secret keys easily
Configuring shared secret keys easily
becomes administrative nightmare becomes administrative nightmareAutomated mechanism to securely derive
Automated mechanism to securely derive
secret keys => Diffie secret keys => Diffie--Hellman HellmanDeriving Secret Keys Using Public
Deriving Secret Keys Using Public
Key Technology (e.g., Diffie
Key Technology (e.g., Diffie--Hellman)Hellman)Y
A= (aXA) mod pY
B= (aXB) mod p
Z= (YB) XAmod pZ= (YA)XBmod pDES
XAXBa , p
By exchanging numbers in the clear,
By exchanging numbers in the clear,
two entities can determine a new unique two entities can determine a new unique number (Z), known only to them number (Z), known only to themDH Man
DH Man--inin--thethe--Middle AttackMiddle Attack
§DiffieDiffie--Hellman is subject to a manHellman is subject to a man--inin--thethe--middle attackmiddle attack
§Digital signatures of the Digital signatures of the ''public valuespublic values''can enable each can enable each
party to verify that the other party actually generated the party to verify that the other party actually generated the value value => DH exchanges need to be authenticated!!XAXBa , p
Y AYBHash Functions
Hash Functions
A Ahash functionhash functiontakes an input messagetakes an input message of arbitrary length and outputs fixed of arbitrary length and outputs fixed--lengthlength code. The fixed code. The fixed--length output is called thelength output is called the hash hash, or the , or the message digestmessage digest, of the original, of the original input message. input message.Common Algorithms: MD-5 (128), SHA-1 (160)
Exclusive
Exclusive --OR Function (XOR Function (X--OR)OR)
1 xor 1 = 0 0 xor 0 = 0
1 xor 1 = 0 0 xor 0 = 0
1 xor 0 = 1 0 xor 1 = 1
quotesdbs_dbs5.pdfusesText_9[PDF] how to create a simple database in excel vba pdf
[PDF] how to create a yahoo.ca account
[PDF] how to create a youtube channel pdf
[PDF] how to create a zip code
[PDF] how to create alert in kibana
[PDF] how to create an arraylist in java
[PDF] how to create an online business
[PDF] how to create an online course for free
[PDF] how to create an online petition
[PDF] how to create an online portfolio
[PDF] how to create an online signature
[PDF] how to create an online store
[PDF] how to create an online survey
[PDF] how to create apa format table in word
