SlideShare uma empresa Scribd logo

Understanding security operation.pptx

Piyush Jain
Piyush Jain

Understanding security operation

Tecnologia
1 de 23
Baixar para ler offline
Understanding Security Operation
1. Creating collaboration across teams to account for security in the application and software development lifecycle. 2. Increase visibility of the security infrastructure for stronger security practices. 3. Ensure that management has bought in at all levels to create a roadmap to increase and improve the organization’s security. Goals to Security Operations
Components of Security Operations • Earlier detection and prioritization: SecOps tends to focus on checking smaller, more productive segments rather than large batches or entire programs at once. • Increased transparency: The increased ties and collaboration between development, security, and operations can create transparency. • Security improvements: SecOps improves security alongside the programming and operational aspects of DevOps. • Threat awareness: SecOps teams are typically trained in security operations to ensure that everyone understands the security threats.
There are two types of operational security problems: 1. Accidental misconfigurations: These are accidental in nature, and are by far the most frequent type of operational issues. Mistyping a value (such as the route target in MPLS VPNs) is one example, or forgetting statements in a firewall is another example. 2. Deliberate misconfigurations: These are deliberate in nature but vary in their degree of maliciousness. For example, violation of the security policy to allow an operator's home system access through the corporate firewall is not as likely to be as severe as acts of sabotage by a disgruntled employee. Operational Threats
What does Security Operation Centre do? ● Continuous network monitoring: Careful monitoring of a network includes everything in the IT environment, including public, private, and cloud infrastructures. ● Incident response: Any sign of unexpected activity on a network can be indicative of a security event. It is the role of the SecOps team to implement incident response protocols and take the appropriate steps to contain any damage or take preventative measures. ● Forensics and root cause analysis: Post-incident analysis is a crucial responsibility of the SecOps teams. This is the opportunity to assess and analyze security incidents and other unexpected events to find the root cause, whether there was a breach and loss of data or if there was just a software performance issue. ● Threat intelligence: The process of gaining knowledge about possible security threats, and planning methods to prevent or respond to events.
1. Security threats grow and become more and more creative every day. It almost seems like there won’t ever be enough people in an IT security program to dodge every attack and prevent every security incident from occurring. A more robust team can help with the deployment of applications and help oversee the security during all phases of deployment in order to grow a team and put more hands on deck. 2. Speed and tool adoption are prioritized over security. Often, operations and development teams are concerned with the speed of applications and their usefulness as a tool. When there isn’t enough emphasis on security, an application can be vulnerable to attacks and become compromised. 3. Innovation has outpaced security and it is crucial to keep security side by side with innovation. Otherwise, an innovation can just be a liability and a vulnerability. 4. Time to exploit vulnerability has decreased as cybercriminals are becoming more and more creative with their attack methodologies. Faster security responses are crucial to protecting data and the integrity of a company’s information. Why Operational Security needed?
The typical reaction when looking for a solution to a security problem is to look for features to configure. It is important to understand that operational problems cannot be fully solved by features, because the person making the misconfiguration may also remove the feature that is meant to protect against misconfigurations. Operational problems require operational solutions, and operational competence of the organization. Few points must be included in Operational Solutions: Operational Security Measures
1. Operational Security Policy: There should be clear guidelines on what operators are allowed to do and what they are not allowed to do. Escalation paths need to be defined that outline the steps to follow if an operator does not have the authorization required for a specific action. The operational security policy should clearly define the responsibilities and authorization, as well as disciplinary actions in case of breaches. The policy also acts as a deterrent against deliberate misconfigurations.
2. Change Management Process: Every company running a network should create precise processes that define and control how changes to the network are executed. The state of the hardware, operating system, and configurations should be monitored, and all changes should be logged and executed in a controlled way. The logs should be evaluated and checked for potential misconfigurations. The logs can also be used to demonstrate a deliberate breach of the operational security policy.
3. Access Control: It is a good practice to restrict access to network devices. Access restrictions are traditionally implemented in networks via any authentication. This security measure is typically executed, although in many networks too many operators have access to network devices. Restricting this number to the minimum amount of operators necessary reduces the risk.
4. Authorization: The access an operator has should be restricted to the minimum access needed for the operator to do their job. In most cases it is not a good idea for all operators to have full-enable access to devices. This practice can be more difficult to implement; however, simple distinctions, for example, who can and cannot enter configuration mode, go a long way.
5. Dual Control: Security control and network control should not be the responsibility of the same group. Ideally, a security group controls who has access to what, and a network group executes the configuration actions. Typically the logs are controlled by the security group. This way it is much harder to deliberately misconfigured devices, since the security team could recognize a misconfiguration in the log files.
6. Secure And Verify: All of the above measures are active attempts to detect a change in the network, such as a configuration change. It is also possible to detect policy violations by analyzing the traffic on the network, or the state of dynamic information such as routing tables, ARP tables, etc. For example, intrusion detection systems can create alerts when flows are seen on the network that do not correspond to the policy. There are many other ways to monitor for traffic anomalies. For example, Cisco NetFlow can be instrumental in detecting misrouted packets on the network and routing tables can be checked for missing or unknown routing prefixes.
7. Automation: It is generally recommended to automate processes and procedures, specifically recurring verification processes, because humans tend to overlook details in log files and similar processes. Automated processes are also less likely to make mistakes, although if a mistake does happen, it is often systematic and therefore easily detectable.
Here are underlying principles for building secure systems. • Accountability: Hold principals responsible for their actions. • Defense in Depth: Prefer a set of complementary mechanisms over a single mechanism. • Non-Secrecy of Design: Security shouldn't depend upon the secrecy of design (or mechanism). • Economy of Mechanism: Prefer mechanisms that are simpler and smaller. • Failsafe Defaults: Presence of privilege, rather than absence of prohibition, should be basis for allowing operation. • Least Privilege: A principal should have the minimum privileges it needs to accomplish its desired operations. • Complete Meditation: Every operation requested by a principal must be intercepted and determined to be acceptable according to the security policy. • Separation of Privilege: Different operations should require different privileges. Single operations might require multiple privileges. Principles of Security
This is a principle behind real-world security, and it holds for software security, too. Consider a bank vault. It has a lock, key(s), and a video camera: • The lock prevents most principals from taking any action. • The key enables certain principals to take actions. • The camera holds any principals responsible for visible actions. In the real world, we don't make perfect locks or keys or cameras. Instead, we do risk management. We buy insurance. (It's cheaper than building perfect locks, etc.) Mechanisms for accountability are separated into three classes: • Authorization: mechanisms that govern whether actions are permitted. e.g., file permissions, firewalls, visibility restrictions in FB • Authentication: mechanisms that bind principals to actions. e.g., passwords, digital signatures, EV certificates in browsers • Audit: mechanisms that record and review actions and the principals who take them. e.g., log files, log browsers, intrusion detection systems 1. Accountability:
Complementary means • independent, such that attacks can't penetrate all at the same time, and • overlapping, such that attackers must penetrate all. For example, your bank might use both a password and a hardware token to authenticate customers. Your apartment building might have multiple door locks and a security system. And your university IT department might use firewalls and virus scanners to prevent spread of malware. 2. Defense in Depth:
Assume the enemy knows the system. For example, assume the enemy knows the encryption algorithm, but not the key. Or, assume the enemy knows the model of a lock, but not the cuts made in the key. We saw this principle appear in cryptography, where it's called "Kerckhoffs's Principle." Non-secrecy is frequently violated by beginner. Note that there's nothing wrong with keeping a design secret if security can be established by other means. That's just defense in depth. The principle of open design asserts that complexity does not add security…it just makes things more complex. Security through obscurity is not security! 3. Non-Secrecy of Design:
They're easier to understand and easier to get right. It's easier to construct evidence of trustworthiness for small, simple things. In any system, there's some set of mechanisms that implement the core, critical security functionality hence must be trusted. That set is called the trusted computing base (TCB). Economy of Mechanism says keep the TCB small. 4. Economy of Mechanism: 5. Failsafe Defaults: It's safer to forget to grant privilege (in which case a principal complains) than to accidentally grant privileges (in which case principal has an opportunity to exploit them). For example, • default access to your files should be that only you get to read and write them; and • default privilege for your web browser should be that it isn't allowed to read or write your disk.
Experienced system administrators know not to login as root for routine operations. Otherwise, they might accidentally misuse their root privileges and wreak havoc. Likewise, a web browser doesn't need full access to all files on the local filesystem. And a web front-end doesn't need full write access to a database back-end for most of its operation. 6. Least Privilege: 7. Complete Meditation: The component that does the mediation is called a reference monitor. Reference monitors should be tamper proof and transparently correct. Each time the subject tries to interact with an object it should be checked again and not cached.
Financial institutions frequently employ this principle. Two tellers might be required in order to open a vault or disperse a large amount of cash. Separation of privilege restricts access to system entities. A system should not grant permission based on a single condition. Example: in IT when someone wants to request elevated permissions they must be administered by a separate entity and possible also a document that describes the work to be done. 8. Separation of Privilege:
❖ Security depends on architecture, implementation and its operations. ❖ There can be accidental misconfigurations and deliberate misconfigurations. ❖ Implementation of Security Operation Centre is important for a big organization. ❖ There are some security principle that we should keep in mind when we implement security operations. Summery
Thank You

Recomendados

Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldArun Prabhakar
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&AMatt Tortora
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 

Recomendados

Logging, monitoring and auditing
Logging, monitoring and auditingLogging, monitoring and auditing
Logging, monitoring and auditingPiyush Jain
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodologyPiyush Jain
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Building a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldBuilding a Product Security Practice in a DevOps World
Building a Product Security Practice in a DevOps WorldArun Prabhakar
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&AMatt Tortora
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Layered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsLayered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsMichael Kaishar, MSIA | CISSP
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident ResponseFIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident ResponseAnton Chuvakin
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
 
System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0Rasmi Swain
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 
IDS Research
IDS ResearchIDS Research
IDS ResearchYehan Gunaratne
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 

Mais conteúdo relacionado

Mais procurados

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
Layered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsLayered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsMichael Kaishar, MSIA | CISSP
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident ResponseFIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident ResponseAnton Chuvakin
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0Rasmi Swain
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterMichael Nickle
 

Mais procurados (20)

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Incident Response
Incident Response Incident Response
Incident Response
 
Layered Approach - Information Security Recommendations
Layered Approach - Information Security RecommendationsLayered Approach - Information Security Recommendations
Layered Approach - Information Security Recommendations
 
Security operations center 5 security controls
Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
FIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident ResponseFIRST 2006 Full-day Tutorial on Logs for Incident Response
FIRST 2006 Full-day Tutorial on Logs for Incident Response
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 

Semelhante a Understanding security operation.pptx

Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfNeilStark1
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxNeilStark1
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded SystemsMEN Micro
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded SystemsMEN Mikro Elektronik GmbH
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
10 Best Practices for Implementing DevOps Security
10 Best Practices for Implementing DevOps Security10 Best Practices for Implementing DevOps Security
10 Best Practices for Implementing DevOps SecurityDev Software
 
Describe two methods for communicating the material in an Informatio.pdf
Describe two methods for communicating the material in an Informatio.pdfDescribe two methods for communicating the material in an Informatio.pdf
Describe two methods for communicating the material in an Informatio.pdfarchgeetsenterprises
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancementcyberprosocial
 
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESCOMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESIJNSA Journal
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptxdotco
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Kirti Ahirrao
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 

Semelhante a Understanding security operation.pptx (20)

IDS Research
IDS ResearchIDS Research
IDS Research
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docx
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
How to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdfHow to Secure Your Enterprise Network.pdf
How to Secure Your Enterprise Network.pdf
 
How to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docxHow to Secure Your Enterprise Network.docx
How to Secure Your Enterprise Network.docx
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems5 Things to Know about Safety and Security of Embedded Systems
5 Things to Know about Safety and Security of Embedded Systems
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
10 Best Practices for Implementing DevOps Security
10 Best Practices for Implementing DevOps Security10 Best Practices for Implementing DevOps Security
10 Best Practices for Implementing DevOps Security
 
Describe two methods for communicating the material in an Informatio.pdf
Describe two methods for communicating the material in an Informatio.pdfDescribe two methods for communicating the material in an Informatio.pdf
Describe two methods for communicating the material in an Informatio.pdf
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should Know
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
 
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security EnhancementDemystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
Demystifying Penetration Testing: A Comprehensive Guide for Security Enhancement
 
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCESCOMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
COMPLETE NETWORK SECURITY PROTECTION FOR SME’SWITHIN LIMITED RESOURCES
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptx
 
Chapter 1 introduction(web security)
Chapter 1 introduction(web security)Chapter 1 introduction(web security)
Chapter 1 introduction(web security)
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 

Último

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 

Último (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 

Understanding security operation.pptx

  • 2. 1. Creating collaboration across teams to account for security in the application and software development lifecycle. 2. Increase visibility of the security infrastructure for stronger security practices. 3. Ensure that management has bought in at all levels to create a roadmap to increase and improve the organization’s security. Goals to Security Operations
  • 3. Components of Security Operations • Earlier detection and prioritization: SecOps tends to focus on checking smaller, more productive segments rather than large batches or entire programs at once. • Increased transparency: The increased ties and collaboration between development, security, and operations can create transparency. • Security improvements: SecOps improves security alongside the programming and operational aspects of DevOps. • Threat awareness: SecOps teams are typically trained in security operations to ensure that everyone understands the security threats.
  • 4. There are two types of operational security problems: 1. Accidental misconfigurations: These are accidental in nature, and are by far the most frequent type of operational issues. Mistyping a value (such as the route target in MPLS VPNs) is one example, or forgetting statements in a firewall is another example. 2. Deliberate misconfigurations: These are deliberate in nature but vary in their degree of maliciousness. For example, violation of the security policy to allow an operator's home system access through the corporate firewall is not as likely to be as severe as acts of sabotage by a disgruntled employee. Operational Threats
  • 5. What does Security Operation Centre do? ● Continuous network monitoring: Careful monitoring of a network includes everything in the IT environment, including public, private, and cloud infrastructures. ● Incident response: Any sign of unexpected activity on a network can be indicative of a security event. It is the role of the SecOps team to implement incident response protocols and take the appropriate steps to contain any damage or take preventative measures. ● Forensics and root cause analysis: Post-incident analysis is a crucial responsibility of the SecOps teams. This is the opportunity to assess and analyze security incidents and other unexpected events to find the root cause, whether there was a breach and loss of data or if there was just a software performance issue. ● Threat intelligence: The process of gaining knowledge about possible security threats, and planning methods to prevent or respond to events.
  • 6. 1. Security threats grow and become more and more creative every day. It almost seems like there won’t ever be enough people in an IT security program to dodge every attack and prevent every security incident from occurring. A more robust team can help with the deployment of applications and help oversee the security during all phases of deployment in order to grow a team and put more hands on deck. 2. Speed and tool adoption are prioritized over security. Often, operations and development teams are concerned with the speed of applications and their usefulness as a tool. When there isn’t enough emphasis on security, an application can be vulnerable to attacks and become compromised. 3. Innovation has outpaced security and it is crucial to keep security side by side with innovation. Otherwise, an innovation can just be a liability and a vulnerability. 4. Time to exploit vulnerability has decreased as cybercriminals are becoming more and more creative with their attack methodologies. Faster security responses are crucial to protecting data and the integrity of a company’s information. Why Operational Security needed?
  • 7. The typical reaction when looking for a solution to a security problem is to look for features to configure. It is important to understand that operational problems cannot be fully solved by features, because the person making the misconfiguration may also remove the feature that is meant to protect against misconfigurations. Operational problems require operational solutions, and operational competence of the organization. Few points must be included in Operational Solutions: Operational Security Measures
  • 8. 1. Operational Security Policy: There should be clear guidelines on what operators are allowed to do and what they are not allowed to do. Escalation paths need to be defined that outline the steps to follow if an operator does not have the authorization required for a specific action. The operational security policy should clearly define the responsibilities and authorization, as well as disciplinary actions in case of breaches. The policy also acts as a deterrent against deliberate misconfigurations.
  • 9. 2. Change Management Process: Every company running a network should create precise processes that define and control how changes to the network are executed. The state of the hardware, operating system, and configurations should be monitored, and all changes should be logged and executed in a controlled way. The logs should be evaluated and checked for potential misconfigurations. The logs can also be used to demonstrate a deliberate breach of the operational security policy.
  • 10. 3. Access Control: It is a good practice to restrict access to network devices. Access restrictions are traditionally implemented in networks via any authentication. This security measure is typically executed, although in many networks too many operators have access to network devices. Restricting this number to the minimum amount of operators necessary reduces the risk.
  • 11. 4. Authorization: The access an operator has should be restricted to the minimum access needed for the operator to do their job. In most cases it is not a good idea for all operators to have full-enable access to devices. This practice can be more difficult to implement; however, simple distinctions, for example, who can and cannot enter configuration mode, go a long way.
  • 12. 5. Dual Control: Security control and network control should not be the responsibility of the same group. Ideally, a security group controls who has access to what, and a network group executes the configuration actions. Typically the logs are controlled by the security group. This way it is much harder to deliberately misconfigured devices, since the security team could recognize a misconfiguration in the log files.
  • 13. 6. Secure And Verify: All of the above measures are active attempts to detect a change in the network, such as a configuration change. It is also possible to detect policy violations by analyzing the traffic on the network, or the state of dynamic information such as routing tables, ARP tables, etc. For example, intrusion detection systems can create alerts when flows are seen on the network that do not correspond to the policy. There are many other ways to monitor for traffic anomalies. For example, Cisco NetFlow can be instrumental in detecting misrouted packets on the network and routing tables can be checked for missing or unknown routing prefixes.
  • 14. 7. Automation: It is generally recommended to automate processes and procedures, specifically recurring verification processes, because humans tend to overlook details in log files and similar processes. Automated processes are also less likely to make mistakes, although if a mistake does happen, it is often systematic and therefore easily detectable.
  • 15. Here are underlying principles for building secure systems. • Accountability: Hold principals responsible for their actions. • Defense in Depth: Prefer a set of complementary mechanisms over a single mechanism. • Non-Secrecy of Design: Security shouldn't depend upon the secrecy of design (or mechanism). • Economy of Mechanism: Prefer mechanisms that are simpler and smaller. • Failsafe Defaults: Presence of privilege, rather than absence of prohibition, should be basis for allowing operation. • Least Privilege: A principal should have the minimum privileges it needs to accomplish its desired operations. • Complete Meditation: Every operation requested by a principal must be intercepted and determined to be acceptable according to the security policy. • Separation of Privilege: Different operations should require different privileges. Single operations might require multiple privileges. Principles of Security
  • 16. This is a principle behind real-world security, and it holds for software security, too. Consider a bank vault. It has a lock, key(s), and a video camera: • The lock prevents most principals from taking any action. • The key enables certain principals to take actions. • The camera holds any principals responsible for visible actions. In the real world, we don't make perfect locks or keys or cameras. Instead, we do risk management. We buy insurance. (It's cheaper than building perfect locks, etc.) Mechanisms for accountability are separated into three classes: • Authorization: mechanisms that govern whether actions are permitted. e.g., file permissions, firewalls, visibility restrictions in FB • Authentication: mechanisms that bind principals to actions. e.g., passwords, digital signatures, EV certificates in browsers • Audit: mechanisms that record and review actions and the principals who take them. e.g., log files, log browsers, intrusion detection systems 1. Accountability:
  • 17. Complementary means • independent, such that attacks can't penetrate all at the same time, and • overlapping, such that attackers must penetrate all. For example, your bank might use both a password and a hardware token to authenticate customers. Your apartment building might have multiple door locks and a security system. And your university IT department might use firewalls and virus scanners to prevent spread of malware. 2. Defense in Depth:
  • 18. Assume the enemy knows the system. For example, assume the enemy knows the encryption algorithm, but not the key. Or, assume the enemy knows the model of a lock, but not the cuts made in the key. We saw this principle appear in cryptography, where it's called "Kerckhoffs's Principle." Non-secrecy is frequently violated by beginner. Note that there's nothing wrong with keeping a design secret if security can be established by other means. That's just defense in depth. The principle of open design asserts that complexity does not add security…it just makes things more complex. Security through obscurity is not security! 3. Non-Secrecy of Design:
  • 19. They're easier to understand and easier to get right. It's easier to construct evidence of trustworthiness for small, simple things. In any system, there's some set of mechanisms that implement the core, critical security functionality hence must be trusted. That set is called the trusted computing base (TCB). Economy of Mechanism says keep the TCB small. 4. Economy of Mechanism: 5. Failsafe Defaults: It's safer to forget to grant privilege (in which case a principal complains) than to accidentally grant privileges (in which case principal has an opportunity to exploit them). For example, • default access to your files should be that only you get to read and write them; and • default privilege for your web browser should be that it isn't allowed to read or write your disk.
  • 20. Experienced system administrators know not to login as root for routine operations. Otherwise, they might accidentally misuse their root privileges and wreak havoc. Likewise, a web browser doesn't need full access to all files on the local filesystem. And a web front-end doesn't need full write access to a database back-end for most of its operation. 6. Least Privilege: 7. Complete Meditation: The component that does the mediation is called a reference monitor. Reference monitors should be tamper proof and transparently correct. Each time the subject tries to interact with an object it should be checked again and not cached.
  • 21. Financial institutions frequently employ this principle. Two tellers might be required in order to open a vault or disperse a large amount of cash. Separation of privilege restricts access to system entities. A system should not grant permission based on a single condition. Example: in IT when someone wants to request elevated permissions they must be administered by a separate entity and possible also a document that describes the work to be done. 8. Separation of Privilege:
  • 22. ❖ Security depends on architecture, implementation and its operations. ❖ There can be accidental misconfigurations and deliberate misconfigurations. ❖ Implementation of Security Operation Centre is important for a big organization. ❖ There are some security principle that we should keep in mind when we implement security operations. Summery