|
|
October 21, 2003 In this issue: * Security Architecture Elements, Part II * Reader Views * Enterprise Architecture News * Arctec Group News: Arctec Group is featured speaker at Blackhat Federal Security conference (www.blackhat.com) ************************************* Arctec Group is an architectural services company focused on Enterprise Architecture issues. With this newsletter, we aim to serve our clients, partners, and colleagues by providing our view on current issues and best practices in Enterprise Architecture as well as aggregating interesting news from around the globe. We hope you find the newsletter useful and enlightening. We would like to hear your thoughts on current affairs and ideas to improve this offering. If you would like to unsubscribe to Arctec Views monthly newsletter, simply send an email to views@arctecgroup.net from the email account you would like to unsubscribe. Please include the word "unsubscribe" in the subject or first line of the email. Previous issues are available at www.arctecgroup.net/views.htm ************************************* Beyond Prevention: Security Architecture Elements, Part II In last month's newsletter (http://www.arctecgroup.net/030905.htm), we introduced common security architectural elements and the purpose they serve within organizations. This month we will take a more detailed look at the elements in the Prevention, Detection, and Response security spectrum. These elements should not be considered a comprehensive list for a full blown security system, but rather a broad overview of some important yet less publicized security architectural elements. Prevention, Detection, Response Looking at Security Architecture through the lens of Prevention, Detection and Response gives a holistic view of security processes and technologies and how they interact with the enterprise architecture. This viewpoint also engenders a perspective on how the security architectural elements relate to each other, i.e. How does firewall design impact intrusion detection? Design decisions and relationships amongst the elements should be driven by risk and business analysis. Prevention Elements The goal of prevention in the security architecture is to ensure that breaking in to the system is as difficult as possible. Note that this is not the same as “impossible” or “unbreakable”, systems which are impossible for attackers to break into also tend to be impossible for legitimate users to use, therefore “preventing” business. Currently, preventative technologies comprise the bulk of security mindshare. Firewalls are easily the single most well-renowned security tool. Firewalls and network address translation form an important part of defending the system's perimeter and enforcing policies. In addition to firewalls, there are several other preventative measures to consider with regard to the prevention layer. Detection is the pragmatic wing of the Security Architecture. The role of Detection is to identify that a security incident has occurred and to alert and report in a manner commensurate with the threat posed. Much of the security industry's focus is currently on the detection space, Intrusion Detection Systems (IDS) in particular. IDS deployments require a balanced approach to be effective.The IDS system must not be too “noisy” so that every event sends a catastrophic alarm, or so quiet that the intruder can get by with an obvious attack. Getting an effective reporting balance from your IDS is harder than it sounds (or harder than many vendors would have you believe); in our opinion, effective reporting is currently one of the largest problems to solve going forward for IDS. In addition to reporting challenges, getting proper breadth of IDS coverage requires both network and host based IDS systems to ensure that both network and OS/Application types of attacks are monitored. Other important Detection areas to address include: Response Elements Security Response includes personnel and technology driven responses to security incidents. Incident response planning is a proactive way to anticipate security issues and ensure that people and processes are identified to intervene accordingly. Organizations such as CERT (www.cert.org) and SANS provide excellent resources for response planning. Planning response action when the organization is not in fire drill mode allows for clear, direct, and effective action to be taken when it matters most. Other important Response areas to address include: -Gunnar Peterson CTO, Arctec Group ************************************* Reader Views Gerrit Muller writes: Your description of the enterprise architect is highly recognizable. I am trying myself to make the job of system architecting more well defined and accessible, but in the embedded systems domain. I have seen quite often that many of the issues and methods have a huge overlap, although the domains can be very different. You can find all of these articles on the public internet at the website Gaudi systems architecting: http://www.extra.research.philips.com/natlab/sysarch/ ************************************* Enterprise Architecture News Sun On The Record Excellent, no holds barred interview with Sun chief Scott McNealy. http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2003/09/14/BU141353.DTL @Stake CTO dismissed Security pioneer Dan Geer was relieved of his duties as @Stake CTO after participating in a report with a consortium of security experts. The report was critical of the effects of technological monoculture. Read the report here: http://www.ccianet.org/papers/cyberinsecurity.pdf Information around the firing: http://www.zdnet.com.au/newstech/security/story/0,2000048600,20279018,00.htm Another viewpoint: Marcus Ranum debunks the monoculture metaphor http://www.ranum.com/security/computer_security/index.html Tablet PCs Finally Taking Off Is freedom from cubicles far behind? http://www.wired.com/news/technology/0,1282,60623,00.html Massachusetts Embraces Open Technologies Open source software will receive preferential treatment under a new procurements policy. http://news.com.com/2100-7344_3-5084442.html?tag=nefd_top Comparison of Linux and Windows Viruses http://www.securityfocus.com/columnists/188 Security in Cyprus October features the 3rd annual Cyprus Infosec conference. The conference brings together leaders from industry and academia.http://www.cyprusinfosec.net/ ************************************* Have your say Agree? Disagree? Insufficient data to judge? Email us at views@arctecgroup.net, we want to hear from you. ************************************* Arctec Group News Arctec Group CTO Gunnar Peterson spoke regarding "Security Design Patterns" at the Black Hat Federal briefing in Washington, DC. Gunnar's slides are available online at:http://www.arctecgroup.net/articles.htm. The Black Hat conference was keynoted by Keith Rhodes, a Chief Technologist at the GAO. Mr. Rhodes' highly illuminating talk focused on the intersection of humans and technology with regard to security. All of the presentations should be available online in the next few weeks at the Blackhat website: http://www.blackhat.com/html/bh-federal-03/bh-federal-03-schedule.html ************************************* Arctec Group: Strategic Technology Blueprints www.arctecgroup.net Arctec Group Newsletter is a free monthly newsletter. If you would like to subscribe to Arctec Views, simply send an email to views@arctecgroup.net from the email account you would like to receive the newsletter. Please include the word "subscribe" in the subject or first line of the email. If you would like to unsubscribe to Arctec Views monthly newsletter, simply send an email to views@arctecgroup.net from the email account you would like to unsubscribe. Please include the word "unsubscribe" in the subject or first line of the email. |