Upload
kaibathelegacy
View
214
Download
0
Embed Size (px)
Citation preview
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 1/32
1
www.mimos.my © 2010 MIMOS Berhad. All Rights Reserved.
Presentation at
Universiti Sains Islam Malaysia (USIM)
On 3 rd march 2010
Dr Jamalul-lail Ab Manan
Information Security Cluster
Information SecurityChallenges in the 21 st Century
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 2/32
3rd March 2010 ©2010 MIMOS Berhad. All Rights Reserved. 2
Discussion PointsIntroduction – The Good and The Bad
Today’s Optimized technology
Today’s Business Opportunities
Today’s Security & Privacy Issues
Tomorrow’s world will be…
What is Security?
What is Information Security?
How does Information Security Affects You?Fraud, Forgery, Secure Collaboration
Defence in Depth
Traditional Defense In Depth
Trusted Computing
Holistic ApproachTomorrow’s Defense In Depth
21 st Century Security Challenges
Building Trusted Infrastructure
Conclusion
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 3/32
3rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 3
Allah SWT - Created a Balanced EarthGod created nature with different functions, carefully
measured and meticulously balanced by God:
“Everything with Him is measured”
“ And the firmament he has raised high, and he has set-upthe balance of everything in order that you (humanity) may not transgress due balance. So maintain the balance with equity and not fall short of it”
One of the functions of the natural environment is toserve humanity:
“He it is who hath made the earth subservient unto you, sowalk in the paths thereof and eat of His providence”
O people! Worship your lord. Who has created you and those before you, so that you may ward off evil. Who hath
appointed the earth a resting place for you and the sky a canopy and causeth water to pour down from the sky, thereby producing fruits as food for you. And do not set up rivals to Allah when yeknow better.
Osman Bakar (2007) Environmental Wisdom for Planet Earth: The Islamic Heritage. Centre for Civilisational Dialogue University Malaya
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 4/32
3rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 4
Introduction – Today’s Optimized TechnologyUsage & Platform
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 5/32
3rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 5
Introduction – Today’s Business OpportunitiesMobile Commerce
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 6/32
3rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 6
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 7/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 7
Tomorrow’s World will be …..
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 8/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 8
What We Predict May be Inaccurate
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 9/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 9
What is Security?
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 10/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 10
What is Information Security?
Security From Users’ Perspective
Security From Designers’ Perspective
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 11/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 11
The Security Challenges in 21 st CenturyExample : Mobile Commerce Network
Client
Application
Server
Data
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 12/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 12
Fraud
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 13/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 13
Forgery
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 14/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 14
What it is NOT
Secure Collaboration Space
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 15/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 15
Defense in Depth
“Defense in depth” is to design solutions thatconsist of several independent security layers,that all have the purpose of protecting your assets.
In order for an attacker to gain access to theassets we are trying to protect, attacker has tocircumvent each of the defensive measures wehave implemented at each layer including thehuman layer.
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 16/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 16
Today’s Defense In Depth
,
Passwords, anti virus & user authentication
Operating System patches, configuration and policy control
Hardware (unprotected)
Client
N e t w o r k
Server
Encryption (IPSec, SSL) & AuthenticationVPN & Layered FirewallsIntrusion Detection & prevention & 24hrs monitoringMulti factor Authentication Network Access Control, NetworkSegmentation, RADIUS & access controlDomain Controllers, Configuration monitors, policy management
Multi factor user authentication
Network Segmentation, encrypted data, real time monitoring, audit & analysis
Highly regulated HW & SW configuration, controlled physical access
Patch, configuration and policy control, configuration monitors
Intrusion detection, firewalls, anti virus
Issue: Weak Client Platformscauses issues in Securityimplementations
ApplicationData
Network Client
Application
Server
Data
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 17/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 17
Traditional Defense In Depth : Multi-layer Security
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 18/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 18
Among the common Threats at each layer…
What is lacking is “Trust”…..
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 19/32
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 20/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 20
Trust Model
Holistic Approach to Information Security
Our approach to counter these threats are by managing the risks atmultiple layers of the security protection and integrity.
Architecture DesignConsideration
Desired Platform
Security Model
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 21/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 21
Tomorrow’s Defense In-depth
N e t w o r k
Client
Passwords, anti virus & TPM-based user authenticationOperating System patches, configuration and policy control
Virtualization (Management of Resource, Memory, IO, etc)Hardware Independent
Security Kernel – TPM based trusted software layer (storage, GUI, etc)
Server
Encryption (IPSec, SSL, M’sian Crypto) & TPM-based AuthenticationTPM-based VPN & Layered FirewallsIntrusion Detection & prevention & 24hrs monitoringMulti factor Authentication, TPM-based Network Access Control, NetworkSegmentation, RADIUS & access controlDomain Controllers, Configuration monitors, policy management
Multi factor, Certificates & TPM-based Server authentication
Virtualization (Management of VM Instances, Resource, Memory, IO, etc)
Security Kernel – TPM based trusted software layer (storage, GUI, etc)Network Segmentation, encrypted data, real time monitoring, audit & analysis
Highly regulated HW & SW configuration, controlled physical accessPatch, configuration and policy control, configuration monitors
Intrusion detection, firewalls, anti virus
ApplicationData
Network
Client
Application
Server
Data
Strength: Strong Client Platformshelp Defense In-depthSecurity Strategy
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 22/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 22
Building Trust in Document Security
TPM
Policy
Future Document Security
Trust Manager
Attest/request Sealing/ retrieveTPMAttest/IssueCertificate
TPM
Domain CA Archive
Trusted document
Existing Document Security
IssueCertificate
Domain CA
Security Managerretrieve
Policy
Request withCertificate
Archive
Encrypted document
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 23/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 23
Building Trust in Banking Security
Existing Banking Security
TPM
Policy
Future Banking Security
Trust Manager
Attest/request Sealing/ TransactionAttest/IssueCertificate
TPM
Domain CATPM
Banks
Trusted document
Security ManagerTransaction
Policy
Request withCertificateIssue
Certificate
Domain CA Banks
Encrypted document
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 24/32rd March3 2010 © MIMOS Berhad. All Rights Reserved.2010 24
Building Trust in Mobile Security
Mobile ManagerServices
PolicyRequest withSIM
Existing Mobile Security
MTM
Policy
Future Mobile Security
Mobile Trust Manager
Attest/request Encrypt/ Services
MTM
Mobile Service Provider
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 25/32
3rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 25
Building Trust In Cloud Computing Security
Cloud Computing
TPM
Policy
Future Cloud Computing Security
Cloud Trust Manager
Attest/request Sealing/ Services
TPM
task
Applications
TrustedCompartment
Cloud Computing
Cloud ManagerServices
Policy
Request withCertificate
Existing Cloud Computing Security
task
Applications
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 26/32
3rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 26
21 st Information Security - Introduction
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 27/32
3rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 27
21 st Information Security - Challenges
SecurityGoals:
Threats:
TrustModels:
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 28/32
3rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 28
21 st Information Security - Enforcement
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 29/32
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 30/32
3rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 30
THANK YOU
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 31/32
8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010
http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 32/32
How do you Manage Security?An ISMS Model