Скачать презентацию IF-MAP Open Standards for Coordinating Security Presentation for Скачать презентацию IF-MAP Open Standards for Coordinating Security Presentation for

1ef74edb843caf2945342d83e9991dd5.ppt

  • Количество слайдов: 12

IF-MAP: Open Standards for Coordinating Security Presentation for SAAG IETF 72, July 31, 2008 IF-MAP: Open Standards for Coordinating Security Presentation for SAAG IETF 72, July 31, 2008 Steve Hanna shanna@juniper. net 1

Information Security Past - Isolation Server/Service Security Identity Management Network Intrusion Detection & Prevention Information Security Past - Isolation Server/Service Security Identity Management Network Intrusion Detection & Prevention Network Security Data Loss Prevention Host Intrusion Host Security Detection & Prevention Server Security Network Anti-Virus Vulnerability Scanners Host Firewall Web Services Security Network Firewall Virtual Private Networks Host Anti-Virus 2

Information Security Present – Partial Coordination Server/Service Security Identity Management Server Security Network Intrusion Information Security Present – Partial Coordination Server/Service Security Identity Management Server Security Network Intrusion Network Anti-Virus Detection & Prevention Network Access Control (NAC) Network Security Data Loss Prevention Host Intrusion Host Security Detection & Prevention Vulnerability Scanners Host Firewall Web Services Security Network Firewall Virtual Private Networks Host Anti-Virus 3

Information Security Future – Full Coordination Server/Service Security Identity Management Network Intrusion Detection & Information Security Future – Full Coordination Server/Service Security Identity Management Network Intrusion Detection & Prevention Network Security Data Loss Prevention Host Intrusion Host Security Detection & Prevention Server Security Network Anti-Virus NAC with IF-MAP Vulnerability Scanners Host Firewall Web Services Security Network Firewall Virtual Private Networks Host Anti-Virus 4

Basic NAC Architecture Access Requestor (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Basic NAC Architecture Access Requestor (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) VPN 5

Integrating Other Security Systems Access Policy Requestor Enforcement (AR) Point (PEP) Policy Decision Point Integrating Other Security Systems Access Policy Requestor Enforcement (AR) Point (PEP) Policy Decision Point (PDP) Metadata Sensors, Flow Access Controllers Point (MAP) VPN 6

TNC Architecture Access Requestor t Integrity Measurement Collectors (IMC) Policy Enforcement Point IF-M Policy TNC Architecture Access Requestor t Integrity Measurement Collectors (IMC) Policy Enforcement Point IF-M Policy Decision Point IF-IMV IF-TNCCS TNC Server (TNCS) Sensor IF-MAP Metadata Access IF-MAP Point Flow Controller IF-PTS IF-T Platform Trust Service (PTS) TSS TPM Network Access Requestor Policy Enforcement Point (PEP) Sensors and Flow Controllers IF-MAP Integrity Measurement Verifiers (IMV) IF-IMC TNC Client (TNCC) Metadata Access Point IF-PEP Network Access Authority IF-MAP 7

What is IF-MAP? • Standard Published by Trusted Computing Group – https: //www. trustedcomputinggroup. What is IF-MAP? • Standard Published by Trusted Computing Group – https: //www. trustedcomputinggroup. org/groups/network • Standard Requests & Responses – Publish, Search, Subscribe, Poll • Standard Identifiers – device, identity, ip-address, mac-address, access-request • Standard Metadata – device-attribute, event, role, capability, layer 2 -information • Standard Links (marked with metadata) – access-request-device, access-request-ip, access-request-mac, authenticated-as, authenticated-by, ip-mac • Protocol Binding for SOAP • Ability to define optional vendor-specific extensions 8

Example IF-MAP Graph 9 Example IF-MAP Graph 9

IF-MAP Benefits • More Informed Sensors – Sensors can tune by role and other IF-MAP Benefits • More Informed Sensors – Sensors can tune by role and other things – Should reduce false alarms • Policy and Reports in Business Terms – User identity and role vs. IP address – Simpler, easier to manage • Automated Response (if desired) – Faster response = stronger security – Less expense due to automation • Customer Choice and Flexibility – No need to buy all security products from one vendor – Can reuse and integrate existing security systems 10

Security and Privacy Considerations • MAP = Storehouse of Sensitive Data, Critical Nerve Center Security and Privacy Considerations • MAP = Storehouse of Sensitive Data, Critical Nerve Center – MUST • TLS with mutual auth for IF-MAP clients • publisher-id and timestamp to track changes – SHOULD • authorization, DOS protection, anomaly detection, physical and operational security, hardening, etc. • not keep historical data 11

Discussion 12 Discussion 12