Security Architecture

1.1 Security Architecture
Information Security is a process whose objective is to ensure the confidentiality, integrity and availability of an organization¶s information. An information security program, to be comprehensive, should be founded on a sound information security policy, supported by appropriate technology (like anti -virus, access control mechanisms, firewalls, and Intrusion Detection System), resiliency mechanisms and regularly monitoring of the implemented controls. Industry best practices suggest defense in depth conc ept for implementing information security. Defense in depth is a practice that combines several different security components, such as firewalls, IDS/IPS, antivirus software, operating systems security and application security, to create a comprehensive an d secure architecture. A multi -layer security system, supported by a comprehensive information security policy, can significantly reduce the risk of attack. We need to follow the defense in depth strategy to implement security as required. overall Security Model that can be depicted as follows: The

Security Policy

Security Management Framework

Controls

Technologies

Figure Error! No text of specified style in document.-1: Security Model Diagram

At the highest level is the Security Policy. This Security Policy could be realized by implementing a Security Management Framework designed to manage the overall security of the entire system, in accordance with the ISO 27001 standard. At the broad level the Security Model should be designed to ensure the security of all assets and ensure that no interference is possible with the delivery services. The system should be set up in such a way that it should not be possible to alter any data, bypass any processing stages or change the priority of any work item without authorization. Each action should be carried out in such a manner that clear accountability can be fixed for the authorization and performance of that action.

Adopt a defense -in-depth strategy in order to protect the confidentiality, integrity and availability of the information as well as the Assets. This strategy covers security at all possible layers like Physical, Perimeter, Network, Opera ting System, and Application. Accordingly, Develop all the required policies and procedures that are required for the implementation and management of the solution based on international security standard ISO27001. ISO 27001 encompasses various Administra tive, Operational, and Technological and Physical Security measures covering the following 11 domains: Information security policy Organization of information security Asset management Human resource security Physical and environmental security Communications and operations management Access control Information systems acquisition, development & maintenance Information security incident management Business continuity management Compliance Every component of the solution has been designed keeping security as one of the critical design factors. The system should governed by a well -defined Information System Security policy and this should adhered to at all times during the currency of contract in order to ensure Confidentiality, I ntegrity and Availability of the system. The overall security architecture proposed for the solution is organized into the following categories: 1. Network Security a. Firewalls b. Intrusion Protection System c. Antivirus System d. Log management and correlation e. E-mail security f. Patch Management g. Domain Controllers

2. Application & Database Security a. User & Role Management b. Authentication & Authorization c. Cryptographic Services for Digital Signature and Encryption d. Audit Logs 3. Security Management a. Information Security Policies and Procedures

b. Business Continuity / Disaster Recovery plan c. Security Audits and Penetration tests

1.1.1 Network Security
Various zones in the Data Centre for connecting homogenous sets of servers running one application or integration among applications or servers accessed by one category of users. This will facilitate controlled access to the network and application resource s only to the intended users. Following zones should be implemented in the Data Centre. Functions of each zone and IT equipment are explained in the subsequent sections:

External server segment Local server segment IFMIS server segment Admin segment Internal Network

1.1.1.1 A Proposed Solution
When it comes to information security these days, it¶s a mixed up muddled up world out there. The terms being used to describe network defense capabilities are just as blurry and hard to pin down as the latest flavor of ble nded threat. Not surprisingly, the result is a growing state of misunderstanding and confusion, culminating in the inability to readily separate fact from fiction. Indeed, amidst the haze of imprecision there is even a proposition that achieving comprehens ive network-based protection requires little more than intrusion prevention and, of course, firewall capabilities. A comprehensive solution that will not only protect the entire network resources from threats on all levels, but will also provide interopera bility and seamless implementation, and centralized management should be implemented . A network-based security approach should be implemented which has the advantage of at least intending to stop threats before they are allowed to spread throughout an org anization¶s entire computing environment. To achieve this, firewalls with integrated SSL gateway and Intrusion Prevention capabilities should be put in place : The appliance based firewalls combines feature rich security operating system with dedicated processors to provide a high performance array of security and network functions including:  firewall, VPN, and traffic shaping  Intrusion Prevention system (IPS)  antivirus/ antispyware / antimalware  web filtering  Anti -spam

 multiple redundant WAN interface options These dedicated appliances provide comprehensive protection against network, content, and application -level threats, including complex attacks favored by cyber criminals, without degrading network availability and uptime. The proposed platform includes sophisticated networking features, such as high availability (active/active, active/passive) for maximum network uptime, and virtual domain capabilities to separate various networks requiring different security policies. The firewall policies will control all traffic attempting to pass through the appliance unit, between interfaces, zones, and VLAN sub interfaces. When the firewall receives a connection packet, it analyzes the packet¶s source address, destination address, and service (by port number), and attempts to locate a firewall policy matching the packet. The appliance will provide a secure connection between the remote client s and the unit through the SSL VPN. After the connection has been established, the unit provides access to selected services and network resources through a web portal. The appliance delivers antivirus protection to HTTP, FTP, IMAP, POP3, SMTP, IM, and NNTP sessions. Antivirus scanning function includes various modules and engines that perform separate tasks. The unit performs antivirus processing in the following order:  File size  File pattern  File type  Virus scan  Grayware  Heuristics The three main sections of the web filtering function, the Web Filter Content Block, the URL Filter, and the Web filter, interact with each other in such a way as to provide maximum control and protection for the Internet users. The appliance is proposed to be configured to manage unsolicited commercial email by detecting and identifying spam messages from known or suspected spam servers. The antis pam service will use both a sender IP reputation database and a spam signature database, along with sophisticated spam filtering tools, to detect and block a wide range of spam messages. The Intrusion Protection system combines signature and anomaly detect ion and prevention with low latency and exc ellent reliability. The unit will log suspicious traffic, send alert email messages to system administrators, and log, pass, or block suspicious packets or sessions. Intrusion Protection system matches network tra ffic against patterns contained in attack signatures. Attack signatures reliably protect network from known attacks and ensures the rapid identification of new threats and the development of new attack signatures. With intrusion Protection, multiple IPS se nsors should created, each containing a complete configuration based on signatures. DoS sensors are also proposed to examine traffic for anomaly-based attacks.

A (5) E-mail Security
The Email statistics are based on email protocols. POP3 and IMAP traffic is registered as incoming email, and SMTP is outgoing email . Gateway level E-mail security should provided by the firewall with integrated SSL VPN. The appliance supports A ntivirus protection to IMAP, POP3, SMTP, IM, sessions. proposes to configure spam filtering for IMAP, POP3, and SMTP emails.

1.1.2 Servers Security
A comprehensive solution that will not only protect the entire network resources from threats on all levels, but will also provide interoperability and seamless implementation, and centralized management has to be implemented. To achieve this, the use a group of products providing the following capabilities: 1. Antivirus / Anti -spam 2. Patch Management 3. HIDS/HIPS 4. Domain controllers

1.1.2.1 A Proposed Solution
For providing security at the Operating system layer the following key points have to be considered: Dedicated servers for applications and databases should used. Sharing the servers with other applications introduces more complexity and risks.

Maintain a current, well -patched operating system on all the systems (servers, desktops). This eliminates well -known bugs that have already been addressed by the vendor. Restrict access to the servers only to authorized users. Hardening of servers and des ktops using industry best practices, security benchmarks. Host Intrusion Detection System (HIDS) to protect the servers from attacks and unauthorized use. Antivirus solution to protect the servers from viruses/worms Backup and restoration mechanisms for im portant/critical data and systems files Properly configuring the required policies (like auditing, password, user rights etc.) on the servers based on the Industry best practices and security benchmarks. A (1) Anti-virus / Anti-Spam All the Application ser vers, database servers and the Web -servers should have the latest anti-virus kits to detect new viruses. These anti -virus kits should updated with the latest versions frequently. Additional security features like disabling of drives and control on internet site usage and download for further data security , have to be implemented . One can consider Symantec Protection Suite for Antivirus and Anti -spam or any other suitable product. A (2) Patch Management One can consider CA IT Client Manager Solution for patch management A (3) HIDS/HIPS Symantec Critical System Protection A (4) Domain controllers For Domain controller one can consider Microsoft Windows solution. A (5) E-mail Security Symantec Protection Suite Enterprise Edition addresses this need by inc luding the following, industry-leading mail security solutions to protect its infrastructure from email -borne threats.

1. Symantec Brightmail Gateway 2. Web Gateway URL filtering

1.1.3 Application & Database Security
Through infrastructure security is a critical element of the overall security paradigm; application security is also an equally critical area where security is often slack, thereby providing a back door for attackers to compromise computer systems. Application security is also significant in the sense that Application -level attacks often cannot be blocked or detected by infrastructure security components.

recognizes the importance of Application Security in operating a truly secure IT infrastructure. Application security has two primary objectives: y Ensure that the data an application creates, updates, stores, and/or transmits are protected from unauthorized disclosure, tampering, corruption, and destruction, by the application¶s users, by processes external to the application, and by the application it self and y Provide another security layer within the overall system The application and database security requirements can be broken down into the following: 1. Secure Application Development Methodology 2. Security requirements of the application 3. Database security requirements

1.1.3.1

Secure Application Development Methodology

The following diagram describes the methodology has adopted to provide its services for assessing and managing security in applications. The methodology and the activities mentioned below a re followed during the development of the solution to ensure compliance to standards and guidelines such as ISO27001.

Figure Error! No text of specified style in document.-2: Enterprise View of SW Solution

The eview f the li ti hitect e esi sed the software requirement -holes in the specification S S for securit will point out the possi ilit of the securit loop application-desi n; which may result in disclosure of information, memory exhaustion, denial of service and uffer overflow etc. As a part of the desi n review process one should use the Threat odelling technique using proprietary Threat and Analysis tool to record and manage the risks to the applications eing developed. The following diagram provides a rief description of the processshould e followed.

The code review of the application is to ensure compliance to security standard of the coding. The code review ensures robust validation mechanisms in code, robust authentication and access control mechanisms in code and increase overall robustness of the code. Various areas such as n-validated parameters, Broken access control, Buffer overflows, ommand injection flaws, Error handling problems, Insecure use of cryptography, emote administration flaws, ommunication between client server, onnection time-out etc are covered in the code review.

 #

 "

A

S

i

d

£ £

A

S

i

d

£ ¦  ©



§ ¥ ¤£ ¨ ¦   ! 

¡ ¢    

i

i w

i w

A

S

The security testing of the application is targeted to simulate the attacks to the application like a hacker, and try to penetrate into the application to find the weaknesses in different area: Authentication mechanism Access ontrol

A

C

To summari e and recap, we utili e an end-to-end security approach for all phases of application development and incorporate Application security assessment services using various tools like Security ode eview, automated Application Security scanners etc. The following diagram depicts the entire process in a more simplistic manner.

1 '1 1 ) ( ' 2 0 54 3

9 B A 9 @ C @

$ &% 6 87

i

i

ata validation Buffer overflow enial of Service oS

Information disclosure Error handling Insecure configuration l i