Posts Tagged storage capabilities
Technologies Used To Secure Data And Network In The Organization
In this document I have discussed various technologies which can be used for improving security in the organization.
They are
1.Window AD Authentication
2.DLP Solution
3.File/HDD Encryption
4.Antivirus
5.Token/Biometric Access System
6.VPN/IPSEC
7.NAC
8.CSA
DLP Solution-
DLP is Data Loss Prevention. The DLP comprises of identifying, monitoring and protecting the data. The data can be in use (e.g. endpoint), in motion (e.g. network) and
Can be at rest (e.g. SAN-Storage Area Network).The DLP can find out the sensitive data through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.). The DLP systems are designed to detect and prevent the unauthorized use and transmission of confidential (sensitive) information.
a.Network DLP
These are the systems usually installed near to the Internet connection of the organizations network and analyze network traffic for sensitive information transmission. That includes email, Chat, FTP,IM, HTTP, HTTPS. These can also work as a Storage DLP systems
b.Host DLP
These systems run on end user workstations and servers in the organization. They can be used to control the information flow between groups or types of users. They can also be used to control email and other forms of communication. Host systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities e.g. pendrives) and in some cases can access information before it has been encrypted.
[removed]// [removed]
[removed]
[removed]
[removed][removed]
[removed][removed]
[removed]// [removed]
Windows AD environment
All the hosts connected will have a domain environment which gives flexibility, scalability, security to the network and to the users. Windows uses robust Kerberos based authentication which is difficult to break. The network gives manageability as the rights management becomes easy. The rights can be assigned to individual users or group of users. Also severalauthentication methods like biometric or token based systems can be directly integrated with the AD system.
File/HDD encryption
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
It can be mainly of two types
a. File Encryption
b. Disk Encryption
File Encryption- It is the process used to encrypt the files. The owner will encrypt the files and keep it in an encrypted form. If the data gets stolen or in the wrong hands the stealer will not be able to find out what the real content of the file is.
Disk Encryption-It’s also called as Volume Encryption. In this type of encryption the data on the whole disk is encrypted with a specific algorithm. The encryption will be transparent to the user i.e. the user will not be able to make out whether the data is getting encrypted or not. If the disk gets stolen the thief will not be able to get the contents as the whole disk will be encrypted.
Antivirus
Antivirus can be of two types a. Signature based Antivirus, b. Behavior based Antivirus
a. Signature based Antivirus- These AV’s detect the viruses based on the signatures given to them by the database system. These databases get updated but if any signature is missing then the virus/ worm will be active up to that time.
b. Behavior based Antivirus- These AV’s detect the behavior of the application and if it finds the behavior as suspicious then it marks it as a virus and takes appropriate action. These type of AV’s can be used to prevent zero day attacks for which the solution has not been released by the AV vendor yet.
[removed]// [removed]
[removed]
[removed]
[removed]// [removed]
Token/Biometric Based Authentication
Security tokens are used to prove one’s identity electronically. The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something. It can be abiometric based token e.g. a token with fingerprints
There are four types of tokens:
1. Static Password. 2. Synchronous Dynamic Password
3. Asynchronous Password
4. Challenge Response
In these Challenge Response and Synchronous Dynamic Password are bit difficult to hack.These are also called dual factor authentications as the user will have to give what he is having (a token) and what he knows ( a password). This type of security gives an edge over the other technologies.
IPSEC VPN
IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite or OSI model Layer 3. IPsec can be used for protecting any application traffic across the Internet or any private network. Applications need not be specifically designed to use IPsec.
The IPsec suite is a framework of open standards. IPsec uses the following protocols to perform various functions:
a. A security association (SA) set up by Internet Key Exchange (IKE and IKEv2) or Kerberized Internet Negotiation of Keys (KINK) by handling negotiation of protocols and algorithms and to generate the encryption andauthentication keys to be used by IPsec.
b. Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.
c. Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.
NAC –Network Admission Control
Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to a network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. It attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or systemauthentication and network security enforcement so that the access to the network and other resources gets restricted from hackers.
Goals of NAC
Mitigation of zero-day attacks
The key value proposition of NAC solutions is the ability to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of computer worms.
Policy enforcement
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes.
Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.
CSA-Cisco Security Agent
CSA is an endpoint intrusion prevention system software which is rule-based and examines system activity and network traffic, determining which behaviors are normal and which may indicate an attack.
CSA uses a two or three-tier client-server architecture. The Management Center ‘MC’ (or Management Console) contains the program logic; an MS SQL database backend is used to store alerts and configuration information; the MC and SQL database may be co-resident on the same system. The Agent is installed on the desktops and/or servers to be protected. The Agent communicates with the Management Center, sending logged events to the Management Center and receiving updates in rules when they occur.
In this document I have discussed various technologies which can be used for improving security in the organization.
They are
1.Window AD Authentication
2.DLP Solution
3.File/HDD Encryption
4.Antivirus
5.Token/Biometric Access System
6.VPN/IPSEC
7.NAC
8.CSA
DLP Solution-
DLP is Data Loss Prevention. The DLP comprises of identifying, monitoring and protecting the data. The data can be in use (e.g. endpoint), in motion (e.g. network) and
Can be at rest (e.g. SAN-Storage Area Network).The DLP can find out the sensitive data through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination, etc.). The DLP systems are designed to detect and prevent the unauthorized use and transmission of confidential (sensitive) information.
a.Network DLP
These are the systems usually installed near to the Internet connection of the organizations network and analyze network traffic for sensitive information transmission. That includes email, Chat, FTP,IM, HTTP, HTTPS. These can also work as a Storage DLP systems
b.Host DLP
These systems run on end user workstations and servers in the organization. They can be used to control the information flow between groups or types of users. They can also be used to control email and other forms of communication. Host systems have the advantage that they can monitor and control access to physical devices (such as mobile devices with data storage capabilities e.g. pendrives) and in some cases can access information before it has been encrypted.
[removed]// [removed]
[removed]
[removed]
[removed][removed]
[removed][removed]
[removed]// [removed]
Windows AD environment
All the hosts connected will have a domain environment which gives flexibility, scalability, security to the network and to the users. Windows uses robust Kerberos based authentication which is difficult to break. The network gives manageability as the rights management becomes easy. The rights can be assigned to individual users or group of users. Also severalauthentication methods like biometric or token based systems can be directly integrated with the AD system.
File/HDD encryption
Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
It can be mainly of two types
a. File Encryption
b. Disk Encryption
File Encryption- It is the process used to encrypt the files. The owner will encrypt the files and keep it in an encrypted form. If the data gets stolen or in the wrong hands the stealer will not be able to find out what the real content of the file is.
Disk Encryption-It’s also called as Volume Encryption. In this type of encryption the data on the whole disk is encrypted with a specific algorithm. The encryption will be transparent to the user i.e. the user will not be able to make out whether the data is getting encrypted or not. If the disk gets stolen the thief will not be able to get the contents as the whole disk will be encrypted.
Antivirus
Antivirus can be of two types a. Signature based Antivirus, b. Behavior based Antivirus
a. Signature based Antivirus- These AV’s detect the viruses based on the signatures given to them by the database system. These databases get updated but if any signature is missing then the virus/ worm will be active up to that time.
b. Behavior based Antivirus- These AV’s detect the behavior of the application and if it finds the behavior as suspicious then it marks it as a virus and takes appropriate action. These type of AV’s can be used to prevent zero day attacks for which the solution has not been released by the AV vendor yet.
[removed]// [removed]
[removed]
[removed]
[removed]// [removed]
Token/Biometric Based Authentication
Security tokens are used to prove one’s identity electronically. The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something. It can be abiometric based token e.g. a token with fingerprints
There are four types of tokens:
Static Password.
Synchronous Dynamic Password
Asynchronous Password
Challenge Response
In these Challenge Response and Synchronous Dynamic Password are bit difficult to hack.These are also called dual factor authentications as the user will have to give what he is having (a token) and what he knows ( a password). This type of security gives an edge over the other technologies.
IPSEC VPN
IPsec is a dual mode, end-to-end, security scheme operating at the Internet Layer of the Internet Protocol Suite or OSI model Layer 3. IPsec can be used for protecting any application traffic across the Internet or any private network. Applications need not be specifically designed to use IPsec.
The IPsec suite is a framework of open standards. IPsec uses the following protocols to perform various functions:
a. A security association (SA) set up by Internet Key Exchange (IKE and IKEv2) or Kerberized Internet Negotiation of Keys (KINK) by handling negotiation of protocols and algorithms and to generate the encryption andauthentication keys to be used by IPsec.
b. Authentication Header (AH) to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.
c. Encapsulating Security Payload (ESP) to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.
NAC –Network Admission Control
Network Access Control (NAC) is a computer networking solution that uses a set of protocols to define and implement a policy that describes how to secure access to a network nodes by devices when they initially attempt to access the network. NAC might integrate the automatic remediation process (fixing non-compliant nodes before allowing access) into the network systems, allowing the network infrastructure such as routers, switches and firewalls to work together with back office servers and end user computing equipment to ensure the information system is operating securely before interoperability is allowed. It attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or systemauthentication and network security enforcement so that the access to the network and other resources gets restricted from hackers.
Goals of NAC
Mitigation of zero-day attacks
The key value proposition of NAC solutions is the ability to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of computer worms.
Policy enforcement
NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes.
Identity and access management
Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers.
CSA-Cisco Security Agent
CSA is an endpoint intrusion prevention system software which is rule-based and examines system activity and network traffic, determining which behaviors are normal and which may indicate an attack.
CSA uses a two or three-tier client-server architecture. The Management Center ‘MC’ (or Management Console) contains the program logic; an MS SQL database backend is used to store alerts and configuration information; the MC and SQL database may be co-resident on the same system. The Agent is installed on the desktops and/or servers to be protected. The Agent communicates with the Management Center, sending logged events to the Management Center and receiving updates in rules when they occur.