Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

HFN Brown Bag Essential Security Practices for Hastily Formed Networks NPS CISR

advertisement 
HFN Brown Bag
Essential Security Practices for
Hastily Formed Networks
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
1
William Hugh Murray
Bill Murray is an executive consultant in the office of the CTO, Cybertrust Corporation, and an Associate
Professorat the Naval Postgraduate School. He is Certified Information Security Professional (CISSP)
and serves as Secretary of (ISC)2, the certifying body, Bill is an advisor on the Board of Directors of the New
York Metropolitan Chapter of ISSA.
He has more than fifty years experience in information technology and more than forty years in security. During
more than twenty-five years with IBM his management responsibilities included development of access control
programs, advising IBM customers on security, and the articulation of the IBM security product plan. He is the
author of the IBM publication Information System Security Controls and Procedures.
Mr. Murray has made significant contributions to the literature and the practice of information security. He is a
popular speaker on such topics as network security architecture, encryption, PKI, and Secure Electronic
Commerce. He is a founding member of the International Committee to Establish the "Generally Accepted
System Security Principles" (GSSP, now referred to as the GISSP) as called for in the National Research
Council's Report: Computers at Risk. Bill remains as an active member of this committee. He is a founder
and board member of the Colloquium on Information System Security Education (CISSE).
He has been recognized as a founder of the systems audit field and by Information Security Magazine as a
Pioneer in Computer Security. In 1987 he received the Fitzgerald Memorial Award for leadership in data
security. In 1989 he received the Joseph J. Wasserman Award for contributions to security, audit and
control. In 1995 he received a Lifetime Achievement Award from the Computer Security Institute. In 1999 he
was enrolled in the ISSA Hall of Fame in recognition of his outstanding contribution to the information security
community.
He holds a Bachelor Science Degree in Business Administration from Louisiana State University. He is a
graduate of the Jesuit Preparatory High School of New Orleans.
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
2
Abstract
This presentation discusses Essential Security Policies, Practices, Measures, and
Methods for Hastily Formed Networks. While "hastily formed" is not the
equivalent of ad hoc, "hasty" does suggest that traditional formal development
methods may not apply. However, history suggests that the absence of any
method is rarely hasty; that which is put together in haste and without method
rarely performs at all, much less as intended.
This presentation will quickly revisit the concepts of security, network, "hastily
formed," and "essential" to arrive at recommendations for meeting security
requirements using:
•
•
•
•
NPS CISR
Generic policies suitable for most network applications in hostile environments
Traditional and accepted strategies and tactics
Commercial-of-the-shelf products and components, and
Broadly applicable standards, guidelines, procedures, and controls
HFN Brown Bag: Security for Hastily
Formed Networks
3
Essential Security Practices
•
•
•
•
~ 0.8 effective
Can be done by anyone
Using available resources
Synergistic in layered defenses or defense in
depth.
• Sufficient to get one off the target of opportunity
list …..
• ….and for emergency missions.
• May not be sufficient for a hardened target
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
4
Examples of Essential Practices
•
•
•
•
•
•
Wearing a helmet
Digging a hole
Wearing body armor
Using Anti-virus
Personal firewalls
Putting mission critical data on a file server
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
5
Hastily formed…*
• Surprising precipitating event (e.g., 9/11, Katrina)
• Chaos
• Insufficient resources
• Multi-agency response
• Distributed response
• Insufficient (pre-existing) (broken or failing) infrastructure
• (Minimum of pre-arrangement)
• (Bound late)
* http://www.nps.edu/cebrowski/HFN.html
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
6
Network
• Collection of nodes and links
• Typically communicating nodes over communication links
• We speak of PANs, LANs, WANs (also MANs, SANs,
NANs); also agencies, commands, enterprises, and other
affinity groups
• Usually for the purpose of cooperation and collaboration
• e.g., disaster response, war-fighting
• “A ‘cloud’ with routers at its boundaries”*
* Rex Buddenberg
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
7
Desiderata of HFNs
•
•
•
•
•
•
•
•
Robustness (e.g., mesh topology)
Open as to connection
Ease of repair
Inter-operability
Cross-domain addressability
Minimal required pre-arrangement
Fail-soft under load
Other
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
8
Network Security
• Network Integrity: getting traffic from any node to any
other node with an acceptable signal-to-noise ratio. (No
interference or contamination)
• Network Confidentiality: getting traffic from any node
only to a specified node. (minimal leakage).
• Network Availability: getting traffic from any node to any
other on a specified schedule, even in the presence of
interference.
Said another way, a node must be able to protect itself from any traffic
that it sees, nodes and links must not leak, there must always be a path.
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
9
Policies
• Trust is essential to cooperation and
coordination….
• …..but communication trumps security.
• Availability is necessary
• Signal-to-noise must be “good enough”
• Confidentiality is merely nice, but….
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
10
Examples of Essential Practices
•
•
•
•
•
•
•
•
•
•
Restrictive policy (using e.g., proxies and f/ws)
Redundant capacity (links) (over-provisioned)
Media diversity (e.g. radio and wire, Internet and PSTN)
Path diversity (e.g., mesh routing across multiple media)
Peer-to-peer (link) and End-to-end (layer 7) cryptography (e.g., SSH,
SSL, other VPNs) (belt and suspenders)
Layered defenses
Peer-to-peer mutual authentication (e.g., 2-way SSL) (may imply
mutually trusted third-party)
COTS Crypto
Out-of-band (VPN) connection setup and control
Physical security of nodes and links
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
11
Examples of
•
•
•
•
•
•
•
rd
3
Party Introducers
AOL
Yahoo!
MSN
ICQ Servers
Enterprise IM servers
Skype
WebEx
NPS CISR
HFN Brown Bag: Security for Hastily
Formed Networks
12
Related documents
Case Study - Hudson Fiber Network
Case Study - Hudson Fiber Network
Document10711818 10711818
Document10711818 10711818
Brown Bag Speech
Brown Bag Speech
Hastily Formed Networks The Profession of IT
Hastily Formed Networks The Profession of IT
Professional Development Impact Map
Professional Development Impact Map
SELLASOL HFN liq. - Mellow retanning agent with softening effect
SELLASOL HFN liq. - Mellow retanning agent with softening effect
Download
advertisement