52
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice DECUS 2006 IT Security and TCO - 1D05 Holger Villringer Enterprise Technology Consultant HP NonStop Enterprise Division

DECUS 2006 1D05 IT Security and TCO

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

© 2005 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice

DECUS 2006IT Security and TCO- 1D05

Holger VillringerEnterprise Technology ConsultantHP NonStop Enterprise Division

May 15, 2006 2

Agenda

IT Security and their consequences to costs

• The Internet had changed everything

• Various views on IT Security

• Costs for IT Security

• Security architecture & concept of HP NonStop servers

• HP Atalla Security Products

• Advantages and economics for users

May 15, 2006 3

The Internet had changed everything

May 15, 2006 4

Cyber Security Bulletin 2005 Summary

2005 Year-End Index - 5198 reported vulnerabilitys

• 812 Windows

• 2328 Unix/Linux

• 2058 Multiple OS

May 15, 2006 5

Circulation of vulnerability techniques

Verbreitung von Angriffsmethoden in deutschen und schweizerischen Unternehmen.Quellen: BSI 2005/InformationWeek

May 15, 2006 6

Vulnerability search …

May 15, 2006 7

Security Concerns Today

41 %Computer viruses,Trojan horses

10 %Denial-of-Service-Attacks

23 %Security weak Points

in OS

15 %human Errors

5 %abuse user accounts

Source: BSI 2005 / InformationWeekHP Research

6 %application exhausting (i.e. Buffer-Overflow)

No system is hack-proof, especially from insiders— always follow best practices.

May 15, 2006 8

Various views on IT Security, or what is a Secure System?

May 15, 2006 9

• Securing a system − is a complex task and there just are no simple solutions.

• Think about securing your house: − no matter how many locks you buy, − how many bars you put in front of your windows, − a criminal (or some legal authority, for that matter) with enough time

and resources will always be able to bypass your security mechanisms.

• So actually there is no such thing as a secure system but rather there is a reasonably secure system…

What Is a Secure System?

May 15, 2006 10

What Is a Secure System?To make matters worse, computer security is a much more dynamic field than securing your house.

• To stick with the metaphor, − the vendors constantly invent new doors, keys, and the like and want you to buy the

newest gizmos while the attackers constantly find new ways to bypass them.

• The cartoon shows a scenario which is quite common in computer security

− “lock the front door real tight” while at the same time the side door is left open and unattended.

− burglars in the real world, attackers in the computer world will pick the weakest entry into your system.

• Security should be a prime concern for your business. − Spending resources on security may still be a lot cheaper than ending up on the front

page of the Newspaper because somebody managed to bypass your security mechanisms.

May 15, 2006 11

What Is a Secure System?• Therefore, remember:

− Computer security is a complex field− No silver bullet, no simple solutions.

• Security is Managing Risk:− Your computers never will be secure and why that is acceptable.

• Defense in Depth: − The weakest link will not always break the chain.

• Detection and Response:− Prevention alone won’t work and you need to incorporate detection

and response to better secure your systems.

• Policies and Procedures: − strong authentication, authorization, encryption, and auditing, and

the relation to each other.

May 15, 2006 12

You still belief, your IT looks like this!

May 15, 2006 13

There is no such thing as a “secure system.”

May 15, 2006 14

Costs for IT Security ?

How much do you spend for Security today?

It’s not only the tag price of your Servers or Tools!

• Security bulletins• Patching• Additional Software & Tools• Staff (sometimes up to 30 %)• still vulnerable

• Downtime• Reputation

May 15, 2006 15

Top 10 Vulnerabilities to Windows Systems

• W1 Web Servers & Services

• W2 Workstation Service

• W3 Windows Remote Access Services

• W4 Microsoft SQL Server (MSSQL)

• W5 Windows Authentication

• W6 Web Browsers

• W7 File-Sharing Applications

• W8 LSAS Exposures

• W9 Mail Client

• W10 Instant Messaging

May 15, 2006 16

Top 10 Vulnerabilities to UNIX Systems

• U1 BIND Domain Name System

• U2 Web Server

• U3 Authentication

• U4 Version Control Systems

• U5 Mail Transport Service

• U6 Simple Network Management Protocol (SNMP)

• U7 Open Secure Sockets Layer (SSL)

• U8 Misconfiguration of Enterprise Services NIS/NFS

• U9 Databases

• U10 Kernel

May 15, 2006 17

Top Vulnerability to NonStop Servers

• N1 Insecure systems attached to the same network

May 15, 2006 18

Yes, there is one…very close to be a “secure system”

… that’s the HP NonStop servers

http://search.us-cert.gov/

May 15, 2006 19

Security Advantages HP NonStop Architecture

May 15, 2006 20

Multi-tier architecture

• Multi-tier architecture can help enhance security

• At each stage, use different ports or protocols to connect the systems− The front end serves the pages− The middle tier serves the data− The NonStop server protects the data

May 15, 2006 21

Native NonStop Kernel Security

• Modular operating system

• Virtual memory architecture

• Separate code and data segments

• Process privileged system calls

• System management access restricted

May 15, 2006 22

Why the Integrity NonStop server is more secure

• Modular NonStop operating system− HP NonStop OS functionality is handled

by specialized system processes,• memory manager, • communications manager, • network manager, • and disk access manager

− communicate through inter process messages.

Security weak points in OS

Modularity isolates OSModularity isolates OS

May 15, 2006 23

Why the Integrity NonStop server is more secure

• Minimum privilege− application processes get limited

administrator or root privileges − starts application under different

user IDs, creating multiple security domains

Computer viruses, Trojan horses

Virus & Trojan has no chance to execute non certified Code.Virus & Trojan has no chance to execute non certified Code.

May 15, 2006 24

Why the Integrity NonStop server is more secureDenial of Service Attack, application exhausting

No memory misuseNo memory misuse

• Processes that run in their own virtual address space− non privileged process cannot view

memory, or negatively impact, any other process running on the system

− Processes send messages to each other; therefore, they cannot overwrite each other’s memory

May 15, 2006 25

Why the Integrity NonStop server is more secure

• System management access restricted− Authentication, Authorization,− Auditing, Availability and

manageability

• Open architecture− application program interfaces (APIs)

• Similar to IBM (RACF) Resource Access Control Facility

abuse user accounts

Strong verification of ALL system processes and applicationsStrong verification of ALL system processes and applications

May 15, 2006 26

Why the Integrity NonStop server is more secureHuman Errors

• Marginal complexity

• Simple system management− System Management− Security Management− Application Management− Database Management

Very low chance for human errorsVery low chance for human errors

May 15, 2006 27

Why the Integrity NonStop server is more secureSecurity weak points in OS

Computer viruses, Trojan horses

Denial of Service Attack, application exhausting

abuse user accounts

Human Errors

Better Security with HP NonStop Architecture

May 15, 2006 28

Partners build on Integrity NonStop server security

• Advantage of valuable off-the-shelf features such as − single sign-on; support for RSA SecureID tokens; enhanced logging

and reporting; limiting authorization to specific times, locations, and access devices; and granularity to the individual command level of system utilities.

− Frequent interaction with these partners allows HP to understand what new APIs should be made available to increase the functionality of Integrity NonStop system security.

• Additional security solutions− HP and its partners offer a wealth of middleware and communications

security products, such as Secure Sockets Layer (SSL), Secure FTP, Secure Shell (SSH), and software support for the HP Atalla hardware encryption devices.

May 15, 2006 29

Insecure systems can harm secure systems

• Availability and security of your application is only as strong as its weakest link.

• The presence of a single easily hacked system on the network can open a door to making every system easier to target. In a high-risk environment, a multitiered architecture puts multiple firewalls between the Integrity NonStop system that holds your database of record and the outside world, reducing the risk of attacks against your infrastructure (see figure).

• Should the network come under attack, the Integrity NonStop systems would still be available, yet customers might not be able to access the information on them.

May 15, 2006 30

HP Atalla™ Security Products Group

Raising the bar on security processing

May 15, 2006 31

HP Atalla Security Products Group

• Uniquely focused on cryptographic security and performance within Hewlett-Packard

• Market leader in hardware-based PIN encryption products

•Atalla Key Block (AKB)

•Atalla Network Security Processors (NSP)

•Atalla Anti Phishing Toolbar Solution

May 15, 2006 32

Market and technology leadership

• 80% of North America market

• Over 1,350 financial institution customers worldwide

• $3 to $9 trillion US secured by Atalla security engines every day

• Atalla MultiPrime− speeded up the use of the newest

RSA algorithms, patented and licensed by Atalla

• Atalla Key Block (AKB)− secure 3DES

May 15, 2006 33

Financial interchange network security is in transition

Problem:Single-length DES algorithm is “broken”- Vulnerable to brute force attack in 22 h- DES algorithm is strong, key length is too

short.

Solution::::

Implement Triple-DES algorithm instead- Results in a mixed DES/Triple-DES

environment

May 15, 2006 34

Current Triple-DES implementations are vulnerable to attack

Challenge:Maximize security of Triple-DES

− Manipulate Triple-DES key parts with single-length DES key management

− University of Cambridge attack on Triple-DES− Atalla Cryptographic Labs attacks

Response:New secure Atalla™ Key Block Technology

May 15, 2006 35

Atalla™ Key Block is the new ANSI and ISO standard for secure key management

Clear headercontrols key usage; common attributes for all keys

Encrypted key fieldprotects values; Triple-DES encrypted with specific master key

MACbinds key attributes to values; Triple-DES across the clear header and encrypted key field to prevent tampering

Header

MAC

Key 1

Key 2

Key 3

Key field

May 15, 2006 36

Hardware-based cryptographic processingSuperior physical security

• Designed to complement the AKB• State-of-the-art, 1U rack-mounted form

factor • PIN security and key management

within a secure hardware perimeter• Flexible, extensible, and

scalable NSP series

• FIPS 140-2 Level 3 certification

• Active zeroization

• Double-locking bezel with Medeco locks

• Low battery voltage protection

• Penetration protection

• Out-of-range sensors

May 15, 2006 37

Atalla™ NSP seriesSimple and secure manageability

• Atalla NSP remains secure even during management operations

• Tamper-resistant service audit log

• Secure key initialization is assisted by a portable graphical user interface (SCA)

• Easy release upgrades via CD-ROM

Supports user-defined security policies• Organization can enforce its own

security policies

• Commands may be turned “on” or “off”

• Customers select and control their security profile

May 15, 2006 38

Atalla™ NSP seriesConnectivity and performance

• High-end Atalla 10100 NSP− Auto-sensing 10/100 Base-T

Ethernet TCP/IP

• Midrange Atalla 9100 NSP− Auto-sensing 10/100 Base-T

Ethernet TCP/IP

• Entry-level Atalla 8100 NSP− Auto-sensing 10/100 Base-T

Ethernet TCP/IP− Async connection for compatibility

with A8000

Triple DES performance

60

240

540

0 200 400 600

A8100

A9100

A10100

PIN translates per second

May 15, 2006 39

The costs of identity theft

• In just 6 months over 50 serious data breaches affected more than 50 million identities− According the Privacy Rights Clearinghouse

• Over 9 million U.S. consumers lost $52.65 billion− Five billion dollars were absorbed by consumers − To fix your financial affairs takes months or years − No US law allows for recourse

• Forester study found 53% of consumers were concerned about online fraud− 13% of consumers had been victimized

May 15, 2006 40

Costs of identity theft to banks

• The other $7 billion in fraud losses − Passed on to consumers in the form of higher prices− Added costs such as re-issuing cards− Real damage is to their brands and to customer confidence.

• Re-sale of customer information by insiders is not new

• Internet supercharges the opportunity for fraudulent abuse− A hostile environment with few laws, naive consumers, and a

growing reservoir of well equipped adversaries

• New privacy legislation such as CA SB1386, BASEL II, etc. brings consumer fraud into the light of day− Forces organizations to notify consumers if there has been a possible

security breach

May 15, 2006 41

Tricks of the ID theft trade

• Low-tech methods still work− ‘Dumpster diving’− Laptop theft− Social engineering

• Users are “the weakest link” in any security system − Attacker does not have to attack system security directly

• Two of the newer techniques − Phishing uses spoofed e-mails to lead consumers to

counterfeit websites where they divulge sensitive data • Phishers hijack the brand names of trusted organizations

such as banks, e-retailers and credit card companies

− Pharming is ‘crimeware’ placed on a personal computer that misdirects users to fraudulent sites or proxy servers

May 15, 2006 42

HP Security Toolbar prevents phishing

• Toolbar sits in the browser’s toolbar, alongside other tools− User saves a reminder about his relationship with a secure site− Toolbar will display this reminder every time he visits the site− User checks that the expected reminder is displayed− If so, he is sure he is using the site he wants

• Web site cannot find the contents of the Toolbar− Displayed information is provided solely for the user− User has an independent verification of web site

May 15, 2006 43

HP Security Toolbar securely fills enters username/password with a single click

• User remembers just one master password− Not the many you need to know now

• Toolbar generates different password for each site− Keeps other accounts safe if a

password is compromised

• Toolbar securely labels websites− Keeps you from being fooled by fake sites

• Toolbar only sends password to a website when that site’s certificate is present

• Click one button and you can’t be phished or pharmed

May 15, 2006 44

Advantages and economics for users

May 15, 2006 45

Total Cost of OwnershipThe TCO of Standish Group:• Basic Cost Breakdown

− Hardware cost, − Basic System Software licences cost, − Maintenance cost, − Other like, basic Operating cost, Data Centre costs

• Application Cost Breakdown− Software infrastructure, Database,− DB & Sys Admin, − Application maintenance, − Security and Tools− Other

• Downtime-related cost

• Standardize („Standish – Transaktion“)

• Normalized System load• for comparison the Application costs are excluded

May 15, 2006 46

Different iceberg views...

Visiblecost

RISC UnixWindows/IntelLinx/Intel HP NonStop IBM Mainframe

„What the purchase department sees ...“

May 15, 2006 47

Total iceberg views..

Visible cost

Linux/Intel

Downtime:2.89 daysper year

10 % / 90 %

99.206 %

Windows/Intel

Downtime:4.65 daysper year

8 % / 92 %

98.724 %

RISC Unix

Downtime:20.15 hoursper year

17 % / 83 %

99.770 %

HP NonStop

Downtime:5 minutesper year

57 % / 43 %

99.999 %

IBM Mainframe

Downtime:4.55 hoursper year

53 % / 47 %

99.948 %

Source: Standish Group, VirtualADVISOR database, Feb. 2006

Percentage: visible cost / hidden costDowntime cost: 1 US$ per tx lost

Application availability:availability seen by end users

Linx/Intel Windows/Intel RISC Unix HP NonStop IBM Mainframe

May 15, 2006 48

Costs for NonStop IT Security ?

How much do you spend for Security today?

It’s not only the tag price of your Servers or Tools!It counts on the overall environment

• “Higher” Investment (Tag Price) but much lower TCO

• Less Stuff, only 30 % - 50% of other System

• Almost no vulnerabilities

• lowest Downtime (7 9’s)

• It’s you Reputation

May 15, 2006 49

NonStop – the best choice

• Overall low TCO for the bankATM switch TOC Comparison

based on Standish Group's VirtualADVISOR

0

5000

10000

15000

20000

25000

30000

35000

HP N

onS

top

IBM

pSer

ies

clus

ter

Sun c

lust

er

HP N

onS

top

IBM

pSer

ies

clus

ter

Sun c

lust

er

HP N

onS

top

IBM

pSer

ies

clus

ter

Sun c

lust

er

HP N

onS

top

IBM

pSer

ies

clus

ter

Sun c

lust

er

Pla

tfo

rms

Thousand US$

Basic Cost Appl. Cost w/o Basic Downtime Cost

70 TPS

140 TPS

200 TPS

500 TPS

May 15, 2006 50

May 15, 2006 51

May 15, 2006 52

Think! No limits. Integrity NonStop Server

The NonStop Advanced Architecture raising the bar in high-end secure computing