typespartnersonline

partnersonline  时间:2021-03-19  阅读:()
87Chapter7ANewSecurityArchitecturetoImproveBusinessAgilityRealityandRhetoricAnorganization'sabilitytolearn,andtranslatethatlearningintoactionrapidly,istheultimatecompetitiveadvantage.
—JackWelchSomeStarTrekepisodesfeaturesuspense-filledbattlesinwhichadversariesusesophisticatedphase-shiftingweaponsthatcanberapidlyadjusteduntiltheyfindawaytopenetratestaticforce-fielddefenses.
Forabeleagueredstarship,theonlyeffectiveresponseistousesimilarlyadaptableandfast-changingshields.
Asinformationsecurityprofessionals,wealsoneedextremelyagiledefensesthatcanbequicklyadaptedtomeetnewdemands.
Attackersarecontinuallyadapting,anddefendersalsoneedtocontinuallyadapt.
Butrapidlyevolvingthreatsareonlypartofthechallenge.
ThetechnologylandscapeischangingjustasfastduetotrendslikeITconsumerization.
AsIntel'sinformationriskandsecuritygroupconsidersthefuture,werealizethatweneedtoradicallychangeourapproachinordertofacethechallengesaheadandsupporttheProtecttoEnablemission.
Weneedamoreagilesecurityarchitecturethatcanquicklylearnandadapttonewchallengesastheyemerge.
Becausetheenvironmentischangingsoquickly,inwayswecannotcontrol,it'simpossibletopredictallthefuturechallengeswe'llneedtoface.
Weneedanarchitecturethatcanlearntomanagewhatwedon'tknow.
Thisflexibilitywillhelpthebusinessmovemorequickly,byenablingustorapidlyadoptnewtechnologiesandemergingusagemodelswhilecontinuingtoprovidesecurityintheever-evolvingthreatlandscape.
Alearningsystemishardertodefeatbecauseitcanmorequicklyadaptinresponsetonewattacks.
Afterintensebrainstormingsessions,ourinformationriskandsecurityteamdevisedanewsecurityarchitecture.
ThisarchitectureisourimplementationoftheProtecttoEnablestrategy.
Inthischapter,I'llprovideahigh-leveloverviewofthearchitectureanddescribehowitmeetssomekeysecuritychallenges.
ThoughtheoverviewisbasedonourworkatIntel,IbelievethatthisisanovelapproachtoenterprisesecuritythatmaybevaluableChapter7ANewSecurityArchitecturetoImproveBusinessAgility88tomanyotherorganizationsfacingtheseuniversalchallenges.
Myconversationswithpeersatothercompanieshavevalidatedthisview.
Manyofthemareconsideringsimilarstrategiesandinsomecaseshavebegunimplementingthem.
WeareimplementingthisarchitectureacrossIntel'sITenvironmentinaradicalfive-yearredesignofourinformationsecuritytechnology.
Evenwhiletheimplementationisinprogress,thenewarchitecturehasalreadydeliveredresultsbyhelpingusprovideinnovativesolutionstochallengingusecaseswhileactuallyreducingrisk.
IntelIThaspublishedmoredetaileddescriptionscoveringseveralaspectsofthearchitecture(Ben-Shalometal.
2011,SunderlandandChandramouly2011,Gutierrezetal.
2012),andweexpecttocontinuetopublishinformationinthefuture.
Akeyaspectofthearchitectureisthatitprovidesmoreflexible,dynamic,andgranularsecuritycontrolsthantraditionalenterprisesecuritymodels.
Thishelpsusaccommodateusagemodelssuchasbring-your-own-device(BYOD).
Wecanprovideuserswithdifferentlevelsofaccessdependingonfactorssuchasthedevicestheyareusingandtheirlocation.
Toachievethis,thetechnologydynamicallyadjustsauser'saccessprivilegesasthelevelofriskchanges.
Forexample,anemployeeshouldhavemorelimitedaccesstooursystemswhenusingaless-securedevicethanwhenusingahardened,fullymanagedenterprise-classsystem.
Thenewarchitecturegreatlyimprovesthreatmanagement.
Asnewrisksappear,weneedtobeabletoquicklyrecognizewhichoneswecanmitigate,learnasmuchaswecan,andtakeactionasquicklyaspossible.
AtIntel,weusemanyinformationsourcestogainanunderstandingoftherisks.
Collectively,thesesourcesprovideacontinuousfeedofcollectiveintelligencethatwecanusetolearn,adapt,andevolve.
AsIdescribedinChapter6,weuseemergingthreatanalysistohelpusanticipatefuturerisks.
Butourarchitecturealsoassumesthatcompromiseisinevitableandfocusesheavilyonsurvivability.
Weareapplyingsecuritymonitoringandbusinessintelligencetoanalyzepatternsofbehavioranddetectanomaliesthataresymptomsofattacks.
Withthisknowledge,wecanfurtherinvestigateandapplymitigationwherenecessary.
Inthefuture,thisapproachcouldbeextendedbyautomaticallytakingcorrectiveactionwhereitmakessensetodoso.
BusinessTrendsandArchitectureRequirementsBeforedivingintothespecificsofthearchitecture,I'llrecapsomeofthekeybusinessandtechnologytrends,focusingonhowtheydrivetheneedforspecificcapabilitiesinsecuritytechnology.
ITConsumerizationAsIdiscussedinChapter5,consumerizationisamajorITthemewithever-broadeningimpact.
Itincludesseveraltrends,includingtheadoptionofnewapplicationsandsupportforconsumerdevices.
ManyofIntel'shighlymobileemployeeswanttousetheirownconsumerdevices,suchassmartphonesandtablets,forwork.
Thisincreasesproductivitybyenablingemployeestocollaborateandaccessinformationfromanywhere,atanytime.
TosupportChapter7ANewSecurityArchitecturetoImproveBusinessAgility89this,weprovideaccesstocorporatee-mailandotherapplicationsfromemployee-ownedsmartphonesandtablets.
Somepeoplebelievethatinthefuture,alldeviceswillbeconsumer-owned,andthatenterpriseswillnolongerpurchasedevicesfortheirusers.
Ibelievethismightbethecaseinsomeworkenvironments,butIdoubtthatitwillsuitallorganizations.
Foracompanyprovidingcallcenterservices,withmostemployeesworkingfromhome,itmightmakesensethatemployeesexclusivelyusetheirownpersonalsystemsforwork.
Butthisstrategywouldbemoreriskyforafinancialservicescompanywhoseemployeeshandlehighlysensitiveinformationthat'ssubjecttoextensiveregulatoryrequirements.
Nevertheless,theconsumerizationtrendcontinuestogrowatIntelandotherorganizations.
Accordingly,we'llneedtoprovideemployeeswithalevelofaccesstoIntelresourcesfromanexpandingcontinuumofclientdevices,someofwhichhavemuchweakersecuritycontrolsthantoday'senterpriseclients(seesidebar).
CONSUMERIZINGENTERPRISEITAND"ENTERPRISING"THECONSUMERDiscussionsofITconsumerizationtendtodrawaclearlinebetweenbusinessdevicesthatcanbemanagedandtrusted,andpersonalconsumerdevicesthatareessentiallyunmanagedanduntrusted.
However,notallconsumerdevicesarecreatedequal.
Fromasecuritystandpoint,itmaybemorevaluabletothinkaboutadevice'scapabilitiesthantocategorizeitbasedsolelyonwhetherit'smarketedasanenterprisedeviceorapersonaldevice.
Thesecurityofadevicedependsontheinherentfeaturesofthehardware,operatingsystem,andapplications,andonwhetheritenablesustoaddfurthersecurityandmanageabilitycapabilitiesthatmitigatetherisksofenterpriseuse.
Asthevarietyofconsumerdevices,suchassmartphones,continuestoexpand,usersmaychoosefromdozensofmodelswithdifferentlevelsofsecuritycapabilities.
GreatersecurityandmanageabilitymeansthatITcanplacegreatertrustinthedeviceandprovideacorrespondinglygreaterlevelofaccesstoenterpriseresources.
Extendingthisideafurther,theinformationsecuritygroupcouldevaluatethesecurityofavailableconsumerdevicesandprovideguidanceaboutthelevelofenterpriseaccessthatuserswillbeallowedwitheachdevice.
Usersmayprefertobuyamoresecuredevicebecauseitwillprovidethemmoreaccess.
Withgreateraccess,theycanusethedeviceformoreoftheirdailyworkactivities.
Thisabilityinturnenablesthemtobemoreproductive.
Atthesametime,employeesincreasinglyexpecttohaveavailabletothematworkthetypesofconsumerservicesandcloudapplicationsthattheyuseintheirpersonallives.
Theseincludesocialcomputingapplicationssuchasblogsandwikis,video-sharingsites,andfile-sharingservices.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility90Weneedasecurityarchitecturethatenablesustomorequicklysupportnewdevicesandprovideaccesstoagreaterrangeofapplicationsanddata,withoutincreasingrisk.
Weneedtobeabletodynamicallyadjustthelevelsofaccessweprovideandthemonitoringweperform,dependingonthesecuritycontrolsoftheclientdevice.
NewBusinessNeedsNearlyallcompaniesnowrelyonagrowingnetworkofbusinesspartners,andconductmanyoftheirinteractionswiththosepartnersonline.
Intelisnoexception—wearedevelopinganincreasingnumberofsystemsforonlinecollaborationwithbusinesspartners.
Also,likemanycompanies,Intelisexpandingintonewmarketsthroughbothorganicgrowthandacquisitions.
Becauseofthesebusinesstrends,mostorganizationsneedtoprovideaccesstoabroaderrangeofusers,manyofwhomarenotemployees.
Manyalsoneedtobeabletosmoothlyintegrateacquiredcompaniesandprovidethemwithaccesstoresources.
Ingeneral,weneedtoquicklyprovidenewusersaccesswhileminimizingriskandprovidingselective,controlledaccessonlytotheresourcestheyneed.
CloudComputingMostorganizationsarealreadyusingcloudservicesinsomeformtoachievebenefitssuchasgreateragilityandlowercost.
Likemanycompanies,IntelITisimplementingaprivatecloudbasedonvirtualizedinfrastructure,andwearealsousingexternalcloudservicesfornoncriticalapplications.
Inthefuture,weexpectgreateruseofhybridcloudsthatusebothinternalandexternalresources.
ThistrendmeansthatITservicesatmanyorganizationswillbeprovidedbyamixtureoftraditionalandcloud-basedinternalandexternalservices.
Duringatypicalday,employeesmayaccessavarietyofdifferentservices,someofwhichareinternalandsomeexternal.
Ultimately,theyshouldbeabletoeasilymovebetweentheseserviceswithoutneedingtologinmultipletimesorevenknowwheretheservicesarelocated.
Securingaccesstocloud-basedservicespresentschallengesthataren'teasilyaddressedusingconventionalsecuritycontrols.
Incloudenvironments,systemsandtheirdataarevirtualizedandmaymigratedynamicallytodifferentnetworklocations.
Thismakesitdifficulttoeffectivelyrestrictaccessusingtraditionalsecuritycontrolssuchasfirewalls,whichrelyonfixedlocationsofsystemsandamorestaticnatureofthedata.
Weneedmuchmoregranularanddynamiccontrolsthatarelinkedtotheresourcesthemselvesratherthanjusttheirnetworklocation.
ChangingThreatLandscapeThethreatlandscapeisevolvingrapidly.
Increasingly,attackersaretakingastealthyapproach,creatingmalwarethatquietlygainsaccessandattemptstoremainundetectedinordertomaintainaccessovertime.
Asthenumberofthreatsincreasesandnewtypesofmalwareemerge,weneedtoassumethatcompromiseisinevitable.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility91Traditionalenterprisesecurityarchitectureshavereliedlargelyonpreventativecontrolssuchasfirewallslocatedatthenetworkperimeter.
However,ourprimaryfocushasshiftedtoprovidingcontrolledaccesstoabroaderrangeofusersanddevices,ratherthansimplypreventingaccess.
Inaddition,thecontinuallychangingthreatlandscapemakesitnecessarytoassumethatcompromisewilloccur.
Onceattackershavegainedaccesstotheenvironment,thepreventativecontrolstheyhavebypassedareworthless.
Althoughtheseperimetercontrolswillcontinuetohavesomevalue,weneedtoolsthatincreasetheabilitytosurviveandrecoveronceattackershavegainedaccesstotheenvironment.
PrivacyandRegulatoryRequirementsThegrowingemphasisonprivacyrequirementsandtheincreasinglycomplexregulatoryenvironmenthavemanyimplicationsforthewaywemanageinformation.
Someregulationscreatetheneedformorecontroloverwhereinformationisstoredandrequirespecificlevelsofprotectionandtracking.
Ourarchitecturemustprovidethisassurance,allowingustobuildahigh-securityenvironmentandaccesscontrolsappropriatefortheprotectionofhighlyregulatedinformation.
NewArchitectureTomeettheserapidlychangingrequirements,weneedahighlyflexibleanddynamicarchitecture.
Thearchitectureshouldenableustomorequicklyadoptnewdevices,usemodels,andcapabilities;providesecurityacrossanincreasinglycomplexenvironment;andadapttoachangingthreatlandscape.
AtIntel,weformedateamcharteredwithdesigningthisarchitecturefromscratch,takingafreshapproachtoenterprisesecurity,thendetermininghowtoimplementthisnewarchitectureacrossourexistingITenvironment.
Keygoalsincludehelpingincreaseemployeeproductivitywhilesupportingnewbusinessrequirementsandtechnologytrends,includingITconsumerization,cloudcomputing,andaccessbyabroaderrangeofusers.
Atthesametime,thearchitectureisdesignedtoreduceourattacksurfaceandimprovesurvivability—evenasthethreatlandscapegrowsincomplexityandmaliciousness.
Thearchitecturemovesawayfromthetraditionalenterprisetrustmodel,whichisbinaryandstatic.
Withthistraditionalmodel,auserisingeneraleithergrantedordeniedaccesstoallresources;oncegranted,thelevelofaccessremainsconstant.
Thenewarchitecturereplacesthiswithadynamic,multitieredtrustmodelthatexercisesmorefine-grainedcontroloveridentityandaccesscontrol,includingaccesstospecificresources.
Thismeansthatforanindividualuser,thelevelofaccessprovidedmayvarydynamicallyovertime,dependingonavarietyoffactors—suchaswhethertheuserisaccessingthenetworkfromahighlysecuremanageddeviceoranuntrustedunmanageddevice.
Thearchitecture'sflexibilityallowsustotakeadvantageoftrustthat'sbuiltintodevicesatahardwarelevel,aswellastrustinapplicationsandservices.
Increasingly,deviceswillincludehardware-enforcedsecuritydesignedtoensuretheintegrityoftheapplicationsanddataonthedevice.
ThearchitecturetakesthisintoaccountwhenChapter7ANewSecurityArchitecturetoImproveBusinessAgility92determiningwhethertoallowaccesstospecificresources—amore-trustedplatformcanbeallowedgreateraccessthanaless-trustedone.
Thearchitectureisbasedonfourcornerstones:TrustCalculation.
Thisuniqueelementofthearchitecturehandlesuseridentityandaccessmanagement,dynamicallydeterminingwhetherausershouldbegrantedaccesstospecificresourcesand,ifso,whattypeofaccessshouldbegranted.
Thecalculationisbasedonfactorssuchastheuser'sclientdeviceandlocation,thetypeofresourcesrequested,andthesecuritycontrolsthatareavailable.
SecurityZones.
Theinfrastructureisdividedintomultiplesecurityzonesthatprovidedifferentlevelsofprotection.
Theserangefromtrustednetworkzonescontainingcriticaldata,withtightlycontrolledaccess,tountrustedzonescontainingless-valuabledataandallowingbroaderaccess.
Communicationbetweenzonesiscontrolledandmonitored;thishelpsensureuserscanonlyaccesstheresourcesforwhichtheyhavebeenauthorizedandpreventscompromisesfromspreadingacrossmultiplezones.
BalancedControls.
Toincreaseflexibilityandtheabilitytorecoverfromasuccessfulattack,themodelemphasizestheneedforabalanceofdetectiveandcorrectivecontrolsinadditiontopreventativecontrolssuchasfirewalls.
Thisincludesafocusonbusinessintelligenceanalyticaltoolstodetectanomalouspatternsthatmayindicateattemptstocompromisetheenvironment.
UserandDataPerimeters.
Recognizingthatprotectingtheenterprisenetworkboundaryisnolongeradequate,weneedtotreatusersanddataasadditionalsecurityperimetersandprotectthemaccordingly.
Thismeansanincreasedfocusonuserawarenessaswellasdataprotectionbuiltintotheinformationassets.
I'lldescribeeachofthefourcornerstonesinmoredetail.
TrustCalculationThetrustcalculationplaysanessentialroleinprovidingtheflexibilityrequiredtosupportarapidlyexpandingnumberofdevicesandusagemodels.
Thecalculationenablesustodynamicallyadjustusers'levelsofaccess,dependingonfactorssuchasthedevicesandnetworkstheyarecurrentlyusing.
Itcalculatestrustintheinteractionbetweenthepersonordevicerequestingaccess(source)andtheinformationrequested(destination).
Thecalculationconsistsofasourcescoreandadestinationscore,takingintoaccountthecontrolsavailabletomitigaterisk.
AsshowninFigure7-1,theresultofthiscalculationdetermineswhethertheuserisallowedaccessandthetypeofaccessprovided.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility93Figure7-1.
Trustcalculation.
Source:IntelCorporation,2012SourceScoreTrustinthesource,orrequestor,iscalculatedbasedonthefollowingfactors:Who.
Theidentityoftheuserorservicerequestingaccessandourconfidencelevelintheauthenticationmechanismused—howconfidentarewethatusersarewhotheysaytheyareWhat.
Thedevicetype,itscontrolcapabilities,ourabilitytovalidatethosecontrols,andtheextenttowhichIntelITmanagesthedevice.
Where.
Theuser'sorservice'slocation.
Forexample,auserwhoisinsidetheIntelenterprisenetworkismoretrustedthanthesameuserconnectingthroughapublicnetwork.
Theremayalsobeotherconsiderations,suchasthegeographicalregionwheretheuserislocated.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility94DestinationScoreThisiscalculatedbasedonthesamethreefactors,buttheseareconsideredfromtheperspectiveofthedestination—theinformationthesourceistryingtoaccess:Who.
Theapplicationthatstorestherequesteddata.
Someapplicationscanenforcegreatercontrols,suchasenterpriserightsmanagement(ERM),andthereforeprovideahigherleveloftrust.
What.
Thesensitivityoftheinformationbeingrequestedandotherconsiderations,suchasourabilitytorecoveritifcompromiseoccurs.
Where.
Thesecurityzoneinwhichthedataresides.
AvailableControlsThetrustcalculationalsotakesintoaccountthesecuritycontrolsavailableforthezone.
Iftheonlycontrolsavailablearecontrolsthatsimplyblockorallowaccess,wemightdenyaccessduetolackofotheroptions.
However,ifwehaveextensivepreventativecontrolswithhighlygranularlevelsofaccess,detailedlogs,andhighlytunedsecuritymonitoring—aswellastheabilitytorecoverfromorcorrectproblems—thenwecanallowaccesswithoutcreatingadditionalrisk.
CalculatingTrustThetrustcalculationaddsthesourcescoreandthedestinationscoretoarriveataninitialtrustlevel.
Theavailablecontrolsarethenconsideredtomakeafinaldecisionaboutwhetheraccessisallowedand,ifso,how.
Thiscalculationisperformedbyalogicalentitycalledapolicydecisionpoint(PDP),whichispartoftheauthenticationinfrastructureandmakesaccesscontroldecisionsbasedonasetofpolicies.
Basedontheresultsofthiscalculation,thePDPmakesadecision,allocatingatrustlevelthatdetermineswhethertheusercanaccesstherequestedresourceandthetypeofaccessthatisallowed.
Broadly,thedecisionwillfallintooneofthefollowingcategories:AllowaccessDenyaccessAllowaccesswithlimitationsormitigationThistrustcalculationthereforeallowsustodynamicallyapplygranularcontroloveraccesstospecificresources.
Forexample,employeesusingIT-manageddeviceswithadditionalhardwarefeaturessuchasatrustedplatformmodule(TPM),globalpositioningsystem(GPS),andfulldiskencryptionwouldbeallowedaccesstomoreresourcesthanwhenusingdevicesthatlackthosefeatures.
EmployeesdirectlyconnectedtotheIntelnetworktypicallygetgreateraccessthanwhenusingapublicnetwork.
Ifweareunabletoverifythelocationofahigh-securitydevicesuchasamanagedPC,wewouldallowlessaccess.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility95Thetrustcalculationalsocanbeusedformorefine-graineddistinctionsbetweendifferentdevicemodels.
Forexample,wecouldprovidedifferentlevelsofaccessbasedonsmartphonemanageability,hardware-enabledauthenticationandencryption,andinstalledapplications.
Weanticipatesituationsinwhichthetrustlevelisnotadequatetoallowanyaccess,butthereisstillabusinessrequirementtoallowaconnectionortransactiontooccur.
Intheseconditions,theresultofthetrustcalculationcouldbeadecisiontoallowaccesswithlimitationsorwithcompensatingcontrolsthatmitigatetherisk.
Forexample,ausermightbeallowedread-onlyaccessormightbepermittedaccessonlyifadditionalmonitoringcontrolsareinplace.
We'reimplementingthistrustcalculationacrossIntel'senvironment.
Today,thetrustcalculationmakesdecisionsbasedoninformationgatheredfromcomponentsatmultiplelevelsoftheinfrastructure,suchasnetworkgateways,accesspoints,anduserdevices.
Oncethetrustcalculationmechanismisinplace,wecanextendittoincludeinformationfromabroaderrangeofsources.
Forexample,thecalculationmighttakeintoaccountthelevelofhardware-enforcedsecurityfeaturesbuiltintotheuser'sdevice.
Thiswouldallowustoprovidegreateraccesstouserswhohavemore-trusteddevices.
Thetrustcalculationcanbeusedtodetermineaccesstointernalsystemsbybusinesspartnersaswellasemployees.
Let'ssaywe'recollaboratingwithanothercompanyonthedesignofanewproduct.
Anengineeratthatcompanywantsaccesstoaspecificdocument.
Wecanaddavarietyofcriteriatothetrustcalculationfordecidingwhethertograntaccess.
Didtheengineer'srequestoriginatewithinthebusinesspartner'senterprisenetworkIsitconsistentwiththetypeofrequestthatwe'dexpectfromanengineerIfso,wehaveahigherleveloftrustintherequestor.
Ifwecannotestablishanadequateleveloftrustintheuser'sdevice,butotherfactorsprovideenoughconfidencetograntaccess,wemightprovideone-timeaccessforaspecificjob.
Wecoulddothisbyallowingadocumenttobedownloaded,butonlywithinacontainerthatensuresthedocumentiscompletelyremovedfromtheuser'sdeviceoncethejobiscompleted.
Longerterm,thetrustcalculationcouldbecomeamechanismthatisusedtodetermineaccesstobothinternalandexternalresources.
IntelIT,likemanycompanies,isusingsomeexternalcloud-basedapplications,whiledevelopinganinternalprivatecloudformostapplications.
Inthefuture,weanticipategreateruseofahybrid-cloudapproach.
Thetrustcalculationcouldbeusedtomanageidentityandaccessforboth.
SecurityZonesThearchitecturedividestheITenvironmentintomultiplesecurityzones.
Theserangefromuntrustedzonesthatprovideaccesstolessvaluabledataandlessimportantsystemstotrustedzonescontainingcriticaldataandresources.
Becausethehigher-trustzonescontainmorevaluableassets,theyareprotectedwithagreaterdepthandrangeofcontrols,andwerestrictaccesstofewertypesofdevicesandapplications,asshowninFigure7-2.
However,devicesallowedaccesstohigher-trustzonesalsohavemorepower—theymaybeabletoperformactionsthatarenotallowedwithinlower-trustzones,suchascreatingormodifyingenterprisedata.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility96Aligningtheinfrastructureinthisfashionprovidesanexcellentwaytoright-sizesecuritycontrolssothatsecurityresourcesareutilizedeffectively.
Italsohelpsimprovetheuserexperiencebyenablingemployeestochoosefromawiderrangeofdevices,suchassmartphones,forlower-riskactivities.
Accesstozonesisdeterminedbytheresultsofthetrustcalculationandiscontrolledbypolicyenforcementpoints(PEPs).
PEPsmayincludearangeofcontrols,includingfirewalls,applicationproxies,intrusiondetectionandpreventionsystems,authenticationsystems,andloggingsystems.
Communicationbetweenzonesistightlyrestricted,monitored,andcontrolled.
WeseparatezonesbylocatingthemondifferentphysicalorvirtualLANs;PEPscontrolcommunicationbetweenzones.
Thismeansthatifonezoneiscompromised,wecanpreventtheproblemfromspreadingtootherzonesorincreaseourchancesofdetectionifitdoesspread.
Inaddition,wecanusePEPcontrols,suchasapplicationproxies,toprovidedevicesandapplicationsinlower-trustzoneswithlimited,controlledaccesstospecificresourcesinhigher-trustzoneswhenrequired.
Thearchitectureincludesthreeprimarycategoriesofsecurityzone:untrusted,selective,andtrusted.
Withinthezones,therearemultiplesubzones.
UntrustedZonesThesezoneshostdataandservices(ortheinterfacestothem)thatcanbeexposedtountrustedentities.
Thisallowsustoprovidewidespreadaccesstoalimitedsetofresourcesfromnon-managedconsumerdevices,withoutincreasingtherisktohigher-valueresourceslocatedinotherzones.
Untrustedzonesmightprovideaccesstoenterpriseresources,suchascorporatee-mailandcalendars,ortheymightsimplyprovideInternetaccess.
Figure7-2.
Asthevalueofanassetincreases,thedepthandspanofcontrolsincrease,whilethenumberofalloweddevices,applications,andlocationsdecrease.
Source:IntelCorporation,2012Chapter7ANewSecurityArchitecturetoImproveBusinessAgility97Thesezonesareregardedas"sharktanks,"withahighriskofattackandcompromise.
Therefore,detectiveandcorrectivecontrolsareneededtomitigatethisrisk.
Thesecontrolsmightincludeahighlevelofmonitoringtodetectsuspectactivityandcorrectioncapabilitiessuchasdynamicremovalofuserprivilege.
Weanticipateaneedtoprovidecontrolledaccessfromthesezonestoresourcesinhigher-trustzones.
Forexample,anemployeeusinganuntrusteddevicemightbeallowedlimited,read-onlyaccesstocustomerdatalocatedinatrustedzone;ortheirdevicemightneedaccesstoadirectoryserverinatrustedzonetosende-mail.
Weexpecttoprovidethiscontrolledaccessusingapplicationproxies.
Theseproxiesactassecureintermediaries—evaluatingtherequestfromthedevice,gatheringtheinformationfromtheresourceinatrustedzone,andpassingittothedevice.
SelectiveZonesSelectivezonesprovidemoreprotectionthanuntrustedzones.
Examplesofservicesinthesezonesincludeapplicationsanddataaccessedbycontractors,businesspartners,andemployees,usingclientdevicesthataremanagedorotherwiseprovidealeveloftrust.
Selectivezonesdonotcontaincriticaldataorhigh-valueIntelintellectualproperty.
Severalselectivesubzonesprovideaccesstodifferentservicesorusers.
TrustedZonesTrustedzoneshostcriticalservices,data,andinfrastructure.
Theyarehighlysecuredandlockeddown.
Examplesofserviceswithinthesezonesareadministrativeaccesstodatacenterserversandnetworkinfrastructure,factorynetworksanddevices,enterpriseresourceplanning(ERP)applications,anddesignengineeringsystemscontainingintellectualproperty.
Accordingly,wemightonlyallowdirectaccesstotheseresourcesfromtrustedsystemslocatedwithintheenterprisenetwork,andallaccesswouldbemonitoredcloselytodetectanomalousbehavior.
AtIntel,wehaveimplementedsecurehigh-trustzonesaspartofourtransitiontoanenterpriseprivatecloud.
Implementingthesezoneswasakeystepinallowingustomoveseveralcategoriesofapplicationontovirtualizedcloudinfrastructure,includinginternalapplicationsrequiringhighsecurity,aswellasexternallyfacingapplicationsusedtocommunicatewithbusinesspartners.
Thesecurityfeaturesinthesetrustedzonesincludeapplicationhardeningandincreasedmonitoring.
Wecontinuetoaddfurthersecuritycapabilitiesovertime.
NEWSECURITYARCHITECTUREINACTION:ADAYINTHELIFEOFANEMPLOYEEThisexample(illustratedinFigure7-3)describeshowthenewsecurityarchitectureenablestheIntelsalesforcetoaccesstheinformationtheyneedinthecourseofaday.
Atthesametime,thearchitectureprotectsIntel'ssecuritybydynamicallyadjustingthelevelofaccessprovided,basedontheuser'sdeviceandlocation,andbymonitoringforanomalousbehavior.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility98Theemployeetravelstoacustomersite.
Theemployeeisusingapersonalsmartphonewithlimitedsecurityfeaturesandsoisallowedaccessonlytoservicesinuntrustedzones.
Fromhere,theemployeecanviewlimitedcustomerinformation,includingrecentorders,extractedfromanenterpriseresourceplanning(ERP)systeminatrustedzone—butonlythroughanapplicationproxyserver,whichprotectsthetrustedzonebyactingasanintermediary,evaluatinginformationrequests,accessingtheERPsystem,andrelayingtheinformationtotheuser.
Ifasmartphonerequestsanabnormallylargenumberofcustomerrecords—anindicationthatitmayhavebeenstolen—furtheraccessfromthesmartphoneisblocked.
Tohelpunderstandthereasonfortheanomalousaccess,thereisincreasedmonitoringoftheemployee'sattemptstoaccessthesystemfromanydevice.
Theemployeereachesthecustomersiteandlogsintotheenterprisenetworkfromacompany-ownedmobilebusinessPC.
Becausethisdeviceismoretrusted,theemployeenowhasaccesstoadditionalcapabilitiesavailableinselectivezones,suchastheabilitytoviewpricingandcreateordersthatarerelayedbyanapplicationproxytotheERPsysteminatrustedzone.
Figure7-3.
Thenewsecurityarchitecturedynamicallyadjuststheuser'saccesstoinformation,basedonfactorssuchastheuser'sdeviceandlocation.
Source:IntelCorporation,2012Chapter7ANewSecurityArchitecturetoImproveBusinessAgility99Theemployeereturnstothecompany'sofficeandconnectstothecorporatenetwork.
NowtheemployeeisusingatrusteddevicefromatrustedlocationandhasdirectaccesstotheERPsysteminatrustedzone.
BalancedControlsOverthepastdecade,enterprisesecurityhasfocusedheavilyonpreventativecontrolssuchasfirewallsandintrusionpreventionsystems.
Thisapproachoffersclearbenefits:itislessexpensivetopreventanattackthantocorrectproblemsafteronehasoccurred,anditiseasytoseewhenfirewallshavesuccessfullypreventedanattemptedcompromise.
However,thenewsecuritymodelrequiresthatwebalancepreventativecontrolswithdetective(monitoring)andcorrectivecontrols,forseveralreasons.
First,thefocusofthenewmodelisonenablingandcontrollingaccessfromawiderrangeofusersanddevices,ratherthanonpreventingaccess.
Second,thecontinuallychangingthreatlandscapemakesitnecessarytoassumethatcompromisewilloccur;allpreventativecontrolswilleventuallyfail.
Onceattackershavegainedaccesstotheenvironment,thepreventativecontrolstheyhavebypassedareworthless.
Byincreasingtheuseofdetectivecontrolsandimplementingmoreaggressivecorrectivecontrols,wecanmitigatetheriskofallowingbroaderaccess.
Thesecontrolsalsoincreaseourabilitytosurviveandrecoverfromasuccessfulattack.
USINGSECURITYBUSINESSINTELLIGENCETODETECTSUSPICIOUSBEHAVIORLikeanylargeorganization,Intelhasexperiencedsecurityissuesinvolvingbothexternalattackersandinsiders,includingattemptstostealintellectualproperty.
Aswe'veinvestigated,wehaveidentifiedmarkersandindicatorsthatarefrequentlyassociatedwiththeseevents.
Werealizedthatifwehadbeenabletospottheseindicatorssooner,wecouldhaverespondedandmitigatedthethreatsmorequickly.
Securitybusinessintelligenceisakeytechnologythatwecanusetodetectsuspiciousbehaviorastheenvironmentbecomesmorecomplexandattackersbecomemoreadeptatconcealingcompromises.
Analyticaltoolsautomatetheprocessofanalyzinglargevolumesofdatatodetectandmonitoranomalousactivity,allowingustodetectproblemsthatwemightotherwisemiss.
Thesecapabilitiesaresimilartothosealreadyimplementedbyfinancialinstitutionstopreventfraudulentcredit-cardtransactions,andbyonlineconsumerservicestopreventtheftofuserdata.
Banksmonitoraccessattemptsandonlinetransactionstodeterminewhethertotrusttheuser'sidentityandwhethertoallowtheuser'sactivity.
Iftheuseristryingtotransferalargesumtoanexternalaccount,thebank'ssystemsmaycomparethetransactionwiththeuser'spreviousbehaviortoseeifitappearstobeabnormal.
Tomitigaterisk,thebankmaydelaylargetransferssoitcanperformadditionalanalysisandinformtheaccountownerbye-mail.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility100Inasimilarway,wecanusesecuritybusinessintelligence—analysisandcorrelationofdatagatheredbymonitoring—toanalyzepatternsofbehavior.
Thiscandetectandthwartpossibleattacks.
Onalargescale,loggingdatageneratedbyserversandsensorsacrossthenetworkcanbecollectedintoadatabaseforanalysis.
AtIntel,weareusinganalytictoolstocorrelatethisaggregateddataandflaganomaliesforfurtherinvestigation.
Forexample,iftrafficwithinaserverclusterbecomesabnormallyhigh,itmightindicatethatabotnetisexploitingoneoftheserverstobroadcasttrafficacrosstheWeb.
Securitybusinessintelligencecanalsobeappliedatthelevelofindividualusersanddevices.
AtIntel,we'reimplementingmonitoringtechnologythattracksusers'loginsandaccessattempts,asIdescribedinChapter5.
Ourstrategyistomakelogininformationavailabletouserssothattheycanhelptospotunauthorizedaccessattempts.
Inthefuture,Ienvisagethatthesystemcouldanalyzeusers'historicalbehaviorpatternstodeterminehowtorespondwhenusersrequestaccesstoresources.
Thesystemcouldcomparetherequestwiththeuser'spreviousactions:whathaveyoudonebefore,andisthisrequestconsistentwiththosebehaviorsorisitananomalyandthereforesuspiciousIftherequestappearsconsistentwithpreviousbehavior,thesystemwouldpasstherequesttothetrustcalculation;ifitappearsanomalous,thesystemmightdenytherequestandalertthesecurityteam.
WithinIntel,wehavealsodeployedadashboardthatprovidesgranularinformationaboutinfectedclientsandservers,boostingourabilitytointervenequicklyandaccurately.
Duetooureffortstodetectandremovemalwarebeforeinfectionsoccur,weachieveda33percentreductioninmalwareimpactsin2011,despiteexperiencinga50percentincreaseinthenumberofvariants(Intel2012a).
Wealsoplantoaddapredictiveenginethatenablesproactiveprotectionandsimulationsthatcanimproveourabilitytorespondtothreats.
Thebalancebetweenpreventative,detective,andcorrectivecontrolswillvary,dependingonthesecurityzone.
Inhigh-trustzones,weimplementextensivemonitoringtodetectpossibleattemptstostealdataorcompromisecriticalsystems.
Redundancywithineachtypeofcontrolcanbeusedtoprovideadditionalprotection.
Thefollowingincludespossibleexamplesofusingdetectiveandpreventativecontrols:AnIntelemployeeattemptstosendaconfidentialdocumenttoanon-Intele-mailaddress.
Monitoringsoftwaredetectstheattempt,preventsthedocumentfrombeingsentoutsidethefirewall,andaskstheIntelemployeeifheorshereallyintendedtodothis.
Iftheemployeeconfirmsthatthiswasintended,thedocumentmaybetransmitted—orifthedocumentishighlysensitive,aredactedversionmaybesent.
Chapter7ANewSecurityArchitecturetoImproveBusinessAgility101Inappropriateuseofadocumentprotectedwithenterpriserightsmanagementtechnologyresultsinrevocationofaccesstothedocument.
Thesystemallowsaccesstospecificdocumentsbuttrackstheactivity.
Ausercandownloadafewdocumentswithoutcausingconcerns.
However,iftheuserattemptstodownloadhundredsofdocuments,thesystemslowsdownthespeedofdelivery(forinstance,onlyallowingtentobecheckedoutatatime)andalertstheuser'smanager.
Ifthemanagerapproves,theuserisgivenfasteraccess.
Thedetectionofaninfectedsystemplacesthesystemonaremediationnetwork,isolatingthesystemandrestrictingaccesstoenterpriseinformationandapplications.
Thesystemmayretainsomeabilitytoaccesscorporateassets,butallactivityiscloselyloggedtoenableincidentresponseifnecessary.
Whenasystemisfoundtobecompromised,weexamineallitsrecentactivitiesandinteractionswithothersystems.
Additionalmonitoringofthosesystemsisautomaticallyenabled.
UsersandData:TheNewPerimetersTheconceptofbalancedcontrolsalsoextendstotheprotectionofusersanddata.
Traditionalnetworksecurityboundariesaredissolvingwiththeproliferationofnewdevicesandusers'expectationsthattheyshouldbeabletoaccessinformationfromanywhereatanytime.
Usersareunderdirectassaultfromabarrageofattacksdesignedtotrickthemintotakingactionsthatcancompromisetheinformationontheirdevicesoronenterprisesystems.
Thesetrendsmeanthatweneedtothinkmorebroadlyabouthowweprotectinformation,aswellastheusersofthisinformation.
Whilewecontinuetoimplemententerprisenetworkcontrols,suchasperimeterdefensesandthedetectivecontrolsdescribedearlier,weneedtosupplementthesecontrolswithafocusontheusersandontheprimaryassetswearetryingtoprotectsuchasintellectualproperty.
Thenewarchitecturethereforeexpandsourdefensestotwoadditionalperimeters:thedataitselfandtheuserswhohaveaccesstothedata.
DataPerimeterImportantdatashouldbeprotectedatalltimes—whenitiscreated,stored,andtransmitted.
Thisbecomesincreasinglychallengingaswemovedatatomoreandmoredevicesandletmorepeopleaccessit.
Howdoweprotectinformationwhenit'slocatedoutsidethephysicalperimeteronapersonaldeviceAtIntelIT,we'reimplementingtechnologiesthatcloselyintegrateprotectionwithhigh-valuedatasothatthedataremainsprotectedasitmovestodifferentdevicesandlocations.
Technologies,suchasenterpriserightsmanagementanddataleakprevention,canbeusedtowatermarkandtaginformationsothatwecantrackandmanageitsuse.
Withenterpriserightsmanagement,thecreatorofadocumentcandefineexactlywhoChapter7ANewSecurityArchitecturetoImproveBusinessAgility102hasaccessrightsthroughoutthelifeofthedocumentandcanrevokeaccessatanypoint.
Datalosspreventionisusedtotagdocuments,tracktheirmovements,andpreventtransferoutsidetheorganizationifnecessary.
UserPerimeterAsIdescribedinChapter5,peoplearepartofthesecurityperimeter,andweneedtotreatthemassuch.
Userscanbecomesecurityrisksforavarietyofreasons.
Theyaretargetedmorefrequentlyinsocialengineeringattacks,andtheyaremorevulnerabletotheseattacksbecausetheirpersonalinformationisoftenreadilyavailableonsocialnetworkingsites.
Theymayalsoclickmaliciouslinksine-mail,downloadmalware,orstoredataonportabledevicesthatthenarelost.
AtIntel,we'vefoundthatacombinationoftraining,incentives,andotheractivitiescanhelpinstillinformationsecurityandprivacyprotectionintothecorporatecultureandsuccessfullyencouragesemployeestoownresponsibilityforprotectingenterpriseandpersonalinformation.
We'veseenoureffortspayoff,withemployeescallingthehelpdeskorsendinge-mailalertswhentheynoticesomethingthatdoesn'tseemright.
Asdiscussedinthesidebar("UsingSecurityBusinessIntelligencetoDetectSuspiciousBehavior"),ourstrategyalsoincludesmakingaccountaccesslogsavailabletouserssothattheycanhelpspotunauthorizedaccessattempts.
ConclusionThischapterdescribesanewarchitecturedesignedtosupporttheProtecttoEnablemission.
Itsgoalistoallowfasteradoptionofnewservicesandcapabilitieswhileimprovingsurvivability.
AtIntel,webelievethatthisarchitecturecanbeusedtomeetabroadrangeofevolvingrequirements,includingnewusagemodelsandthreats.
Becauseofthis,weareworkingtoingrainthismodelintoallaspectsofIntelIT,fromdevelopmenttooperations.
We'vealreadyusedaspectsofthearchitecturetoprovidesolutionstochallengingusecases,whileactuallyreducingrisk.
Forexample,we'vebeenabletomoveimportantinternalandInternet-facingapplicationstoaprivatecloudbyutilizinghigh-trustzones.
We'vesuccessfullyusedvariousapproachestoprotecttheuseranddataperimeters.
Wealsousedbalancedcontrolsandtrustzonestoenablenetworkaccessfromemployee-owneddevices.
Insomecases,projectshaveseentheirsecurityoverheaddecreasebyadoptingthismodel.
Ibelievethatthearchitecturecouldprovidesimilarvaluetootherorganizationsfacingsimilarchallenges.
Bypublishinginformationaboutthearchitecture,wehopetoencourageotherstotakeadvantageofthisarchitecturewhereveritmeetstheirneeds.
Wealsohopethatmakingthisinformationavailablewillstimulatemorediscussionandideas,andthatotherswillbuildontheseconceptstocreatefurtherinnovationsthatbenefitallofus.

轻云互联,香港云服务器折后22元/月 美国云服务器 1核 512M内存 15M带宽 折后19.36元/月

轻云互联成立于2018年的国人商家,广州轻云互联网络科技有限公司旗下品牌,主要从事VPS、虚拟主机等云计算产品业务,适合建站、新手上车的值得选择,香港三网直连(电信CN2GIA联通移动CN2直连);美国圣何塞(回程三网CN2GIA)线路,所有产品均采用KVM虚拟技术架构,高效售后保障,稳定多年,高性能可用,网络优质,为您的业务保驾护航。官方网站:点击进入广州轻云网络科技有限公司活动规则:1.用户购...

触摸云 26元/月 ,美国200G高防云服务器

触摸云触摸云(cmzi.com),国人商家,有IDC/ISP正规资质,主营香港线路VPS、物理机等产品。本次为大家带上的是美国高防2区的套餐。去程普通线路,回程cn2 gia,均衡防御速度与防御,防御值为200G,无视UDP攻击,可选择性是否开启CC防御策略,超过峰值黑洞1-2小时。最低套餐20M起,多数套餐为50M,适合有防御型建站需求使用。美国高防2区 弹性云[大宽带]· 配置:1-16核· ...

HostYun 新增可选洛杉矶/日本机房 全场9折月付19.8元起

关于HostYun主机商在之前也有几次分享,这个前身是我们可能熟悉的小众的HostShare商家,主要就是提供廉价主机,那时候官方还声称选择这个品牌的机器不要用于正式生产项目,如今这个品牌重新转变成Hostyun。目前提供的VPS主机包括KVM和XEN架构,数据中心可选日本、韩国、香港和美国的多个地区机房,电信双程CN2 GIA线路,香港和日本机房,均为国内直连线路,访问质量不错。今天和大家分享下...

partnersonline为你推荐
百度商城百度知道一般一天能挣多少钱?psbc.com怎样登录wap.psbc.com同一服务器网站一个服务器能运行多少个网站郭泊雄郭佰雄最后一次出现是什么时候?javbibibibi直播是真的吗www.idanmu.com新开奇迹SF|再创发布网|奇迹SF|奇迹mu|网通奇迹|电信奇迹|www.zhiboba.com上什么网看哪个电视台直播NBAyinrentangweichentang产品功效好不好?sodu.tw给个看免费小说的网站pp43.com登录www.bdnpxzl.com怎么进入网站后台啊
备案域名 fc2新域名 高防直连vps 免费注册网站域名 10t等于多少g 双12活动 火车票抢票攻略 mysql主机 铁通流量查询 已备案删除域名 asp免费空间申请 东莞服务器 双线机房 腾讯总部在哪 yundun 我的世界服务器ip 什么是web服务器 华为k3 阿里云邮箱个人版 umax 更多