Scribd
Upload
473 views6 pages

Layers of Security Architecture Design

The document outlines a framework for designing a hybrid information security system. It describes spheres of use and protection, with each layer of use requiring a protective layer. It also details three levels of security controls - management, operational, and technical - and emphasizes implementing defense in depth with multiple overlapping security layers. Finally, it discusses key technology components of a security perimeter like firewalls, DMZs, proxy servers, and intrusion detection systems.

Uploaded by

Anusha K
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
473 views6 pages

Layers of Security Architecture Design

The document outlines a framework for designing a hybrid information security system. It describes spheres of use and protection, with each layer of use requiring a protective layer. It also details three levels of security controls - management, operational, and technical - and emphasizes implementing defense in depth with multiple overlapping security layers. Finally, it discusses key technology components of a security perimeter like firewalls, DMZs, proxy servers, and intrusion detection systems.

Uploaded by

Anusha K
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

DESIGN OF SECURITY ARCHITECTURE

Hybrid Framework for a Blueprint of an Information Security System

 The framework of security includes philosophical components of the Human Firewall


Project, which maintain that people, not technology, are the primary defenders of
information assets in an information security program, and are uniquely responsible for
their protection.
 The spheres of security are the foundation of the security framework.
 The sphere of use, at the left in fig, explains the ways in which people access
information; for example, people read hard copies of documents and can also access
information through systems.
 The sphere of protection at the right illustrates that between each layer of the sphere of
use there must exist a layer of protection to prevent access to the inner layer from the
outer layer.
 Each shaded band is a layer of protection and control.

Sphere of Protection

 The “sphere of protection” overlays each of the levels of the “sphere of use” with a layer
of security, protecting that layer from direct or indirect use through the next layer
 The people must become a layer of security, a human firewall that protects the
information from unauthorized access and use
 Information security is therefore designed and implemented in three layers
– policies
– people (education, training, and awareness programs)
– technology

 As illustrated in the sphere of protection, a variety of controls can be used to protect the
information.
 The items of control shown in the figure are not intended to be comprehensive but rather
illustrate individual safeguards that can protect the various systems that are located closer
to the center of the sphere.
 However, because people can directly access each ring as well as the information at the
core of the model, the side of the sphere of protection that attempt to control access by
relying on people requires a different approach to security than the side that uses
technology.
Level of Control
Management Controls

- Risk Management
- Review of Security Controls
- Life Cycle Maintenance
- Authorization of Processing (Certification and Accreditation)
- System Security Plan

Operational Controls

- Personnel Security
- Physical Security
- Production, Input/Output Controls
- Contingency Planning
- Hardware and Systems Software
- Data Integrity
- Documentation
- Security Awareness, Training, and Education
- Incident Response Capability

Technical Controls

- Identification and Authentication


- Logical Access Controls
- Audit Trails

Management controls

 It address the design and implementation of the security planning process and
security program management.
 They also address risk management and security control reviews. They further
describe the necessity and scope of legal compliance and the maintenance of the
entire security life cycle.

Operational controls

 It deal with the operational functionality of security in the organization. They


include management functions and lower level planning, such as disaster recovery
and incident response planning.
 They also address personnel security, physical security, and the protection of
production inputs and outputs.
 They guide the development of education, training and awareness programs for
users, administrators, and management. Finally, they address hardware and
software systems maintenance and the integrity of data.
Technical controls

 It address the tactical and technical issues related to designing and implementing
security in the organization, as well as issues related to examining and selecting
the technologies appropriate to protecting information.
 They address the specifics of technology selection and the acquisition of certain
technical components. They also include logical access controls, such as
identification, authentication, authorization, and accountability.
 They cover cryptography to protect information in storage and transit. Finally,
they include the classification of assets and users, to facilitate the authorization
levels needed.

Using the three sets of controls, the organization should be able to specify controls to cover the
entire spectrum of safeguards, from strategic to tactical, and from managerial to technical.

Defense in Depth

 One of the basic foundations of security architectures is the implementation of security in


layers. This layered approach is called defense in depth.
 Defense in depth requires that the organization establish sufficient security controls and
safeguards, so that an intruder faces multiple layers of controls.
 These layers of control can be organized into policy, training and education and
technology as per the NSTISSC model.
 While policy itself may not prevent attacks, they coupled with other layers and deter
attacks.
 Training and Education are similar.
 Technology is also implemented in layers, with detection equipment, all operating behind
access control mechanisms.
 Implementing multiple types of technology and thereby preventing the failure of one
system from compromising the security of the information is referred to as redundancy.
 Redundancy can be implemented at a number of points throughout the security
architecture, such as firewalls, proxy servers, and access controls. The figure shows the
use of firewalls and intrusion detection systems(IDS) that use both packet-level rules
and
Security Perimeter

 A Security Perimeter is the first level of security that protects all internal systems from
outside threats.
 Unfortunately, the perimeter does not protect against internal attacks from employee
threats, or on-site physical threats.
 Security perimeters can effectively be implemented as multiple technologies that
segregate the protected information from those who would attack it.
 Within security perimeters the organization can establish security domains, or areas of
trust within which users can freely communicate.
 The presence and nature of the security perimeter is an essential element of the overall
security framework, and the details of implementing the perimeter make up a great deal
of the particulars of the completed security blueprint.
 The key components used for planning the perimeter are presented in the following
sections on firewalls, DMZs, proxy servers, and intrusion detection systems.

Key Technology Components

Other key technology components

– A firewall is a device that selectively discriminates against information flowing


into or out of the organization.
– Firewalls are usually placed on the security perimeter, just behind or as part of a
gateway router.
– Firewalls can be packet filtering, stateful packet filtering, proxy, or application
level.
– A Firewall can be a single device or a firewall subnet, which consists of multiple
firewalls creating a buffer between the outside and inside networks.
– The DMZ (demilitarized zone) is a no-man’s land, between the inside and outside
networks, where some organizations place Web servers
– These servers provide access to organizational web pages, without allowing Web
requests to enter the interior networks.
– Proxy server- An alternative approach to the strategies of using a firewall subnet
or a DMZ is to use a proxy server, or proxy firewall.
- When an outside client requests a particular Web page, the proxy server receives the
request as if it were the subject of the request, then asks for the same information from
the true Web server(acting as a proxy for the requestor), and then responds to the request
as a proxy for the true Web server.
- For more frequently accessed Web pages, proxy servers can cache or temporarily store
the page, and thus are sometimes called cache servers.

– Intrusion Detection Systems (IDSs). In an effort to detect unauthorized activity


within the inner network, or on individual machines, an organization may wish to
implement Intrusion Detection Systems or IDS.
– IDs come in two versions. Host-based & Network-based IDSs.
– Host-based IDSs are usually installed on the machines they protect to monitor the
status of various files stored on those machines.
– Network-based IDSs look at patterns of network traffic and attempt to detect
unusual activity based on previous baselines.
– This could include packets coming into the organization’s networks with addresses
from machines already within the organization (IP spoofing).
– It could also include high volumes of traffic going to outside addresses (as in cases
of data theft) or coming into the network (as in a denial of service attack).
– Both host-and network based IDSs require a database of previous activity.

You might also like