Guided by :-

Dr. Sandeep K. Joshi Rishi K. Pathak Satyaswarup Yerramilli

Principle Technical Officer Senior Technical Officer Seniour Technical Officer

NPSF Group NPSF Group NPSF Group

C-DAC C-DAC C-DAC

Pune Pune Pune

12/4/2012 1

Prepared by :-

Bhadreshsinh Gohil

ME in Computer Engineering

3rd Sem.

Enroll no. :- 111060751030.

Gujarat Technological University,

Ahmedabad.

GTU

Introduction and Motivation

The Identified Problem

The Proposed Solution

Illustrative Case Studies

References

12/4/2012 2GTU

Internet is now ubiquitous Many Internet-based applications are in use

today Web services is an important paradigm for

designing Internet-based applications This all web services are hosted not only in DMZ

in datacenter but also with Public IPs using withvarious Network Technology like NAT.

For this we need implementation of SecurityDevices and controls like firewalls.

12/4/2012 3GTU

12/4/2012GTU 4

The web hosting setup and associatednetwork security and networking setupbeing vast and there being multiplestakeholders in the decision makingprocess, releasing new websites/ webportals to the public internet becomesvery intricate, cumbersome and errorprone often leading to delays,unsatisfied expectations and ownershipof responsibilities issues.

12/4/2012 5GTU

To resolve these issues it is proposed to build a framework which will streamline the process and also delegate most of the activities to several of designated stakeholders from each group.

The framework will enable the users/groups to do most of the work related to public release of the websites/webportals and other network based services on their own with the intervention from the systems administrators or network security experts coming in only towards the final steps, if at all required. The framework will also support different roles.

12/4/2012 6GTU

The proposed framework will be web enabled.

It will be built using standard web development technologies like PHP, Java, Javascripts and use databases like mysql/postgresql in the backend.

Apart from these the core networking technologies like firewall, router, bandwidth management and security/vulnerability assessment of web applications will be exploited to their maximum capabilities.

The framework will require extensive scripting in either bash or python on linux platform to handle several of the backend tasks like implementing policy changes on the security device, enabling virtual hosting on apache server etc.

The framework will use OpenAM based Single Sign-On or LDAP for user authentication and authorization purpose.

12/4/2012 7GTU

Intranet Security Framework Based on Shortlived Certificate

Symantec Security Framework

Cyberroam Security Framework

IBM unified Threat Management

12/4/2012 8GTU

Definition & Understanding

Computers

Mobile Devices

Information

Applications

Networks / Infrastructure

Assets At Risk!

Attack!

Atta

ck!

Atta

ck!

Attack!

Threat DirectionInternal to InternalExternal to Internal

Threat TargetInternal Data AssetInternal Disruption

Threat HighwayInternal Connection RequiredDirect/Wireless/Remote/VPN

Threat DetectionNetwork Based

Connection Oriented

12/4/2012 9GTU

Key Elements of Delivering Security

Communication Security• Protection of data and voice

communications between designated endpoints.

Authorisation & Access Control• Support of multi-level security

measures by implementing identity or role based access control on applications, application server, 802.1x etc

Reliability & Resilience• Tolerance to hardware and software

failures, asymmetric and unidirectional links, or limited range of wireless communication

Easy• Deploying technology should not

impact usability in a way that is intolerable

Network Infrastructure Protection• Protection of routing and network

management infrastructure against both passive and active attacks, such as rogue devices, insertion, deletion, modification or replay of control messages,

Efficiency• Electrical, computing power, RF

resource and network bandwidth

Transmission Security• The services include

countermeasures against radio signal detection, jamming, control/user data acquisition, and eavesdropping

12/4/2012 10GTU

12/4/2012 11GTU

12/4/2012 12GTU

12/4/2012 13GTU

12/4/2012 14GTU

12/4/2012 15GTU

1. Information Gathering and Discovery Example of tools: NMAP

2. Enumeration Example of tools: NMAP

3. Detection Example of tools: Retina,NESSUS.

12/4/2012 16GTU

1. Information Gathering and Discovery◦ Network Scanning

◦ Ports Scanning

◦ Directory Service

◦ DNS Zones and Registers

12/4/2012 17GTU

2. Enumeration◦ Hosts and OSs

◦ Ports (including the well-known: 0-1023)

◦ Services and their versions info

◦ SNMP Communities

12/4/2012 18GTU

3. Detection◦ Weakness

◦ Vulnerabilities

◦ Reports are generated

◦ Remediation Tools

12/4/2012 19GTU

12/4/2012 20GTU

12/4/2012 21GTU

Provide Access to the portal 24/7

Security Intelligence Awareness And Alerting

User Configuration & Policy Detail

Security Incident & Service Ticket Information

A Template Driven Reporting Dashboard

Authorization to download log data.

Mr. Rishi K. Pathak (Seniour Technical Officer,NPSFGroup,C-DAC) for valuable comments and suggestions

Satyaswarup Yerramilli(Seniour Technical Officer,NPSFGroup, C-DAC) for his review of the thesis

Mr. Rishi K. Pathak , Seniour Technical Officer, NPSF Groupfor continuous guidance and support

Dr. Sandeep K. Joshi, Research Guide for his motivationthroughout

All my colleagues and staff members of my department fortechnical interactions

The NPSF Group of C-DAC Pune for their administrativesupport

12/4/2012 22GTU

Zachman, J. A. (1987). A framework for information systems architecture. IBM Systems Journal, 26(3), 276-292. Retrieved 18:15, January 21, 2009, from http://www.research.ibm.com/journal/sj/263/ibmsj2603E.pdf

Zachman framework. (2009, January 19). In Wikipedia, The Free Encyclopedia. Retrieved 21:40, January 20, 2009, from http://en.wikipedia.org/w/index.php?title=Zachman_framework&oldid=267343979

CCITT, “The Directory—Authentication Framework,” Recommen-dation X.509, 1989.

935.ibm.com/services/au/gts/juniper/pdf/ibm_managed_security_services_for_unified_threat_management.pdf

http://www-935.ibm.com/services/us/en/it-services/unified-threat-management-utm-service.html

12/4/2012 23GTU

12/4/2012 24GTU

12/4/2012 25GTU

12/4/2012 26GTU