Information Security

UNIT-IV
Design of Security Architecture

Presented By
Tmt.P.Tharani
AP/CSE
GCE,Salem

1
 Design of Security Architecture
 Security architecture and design describes how information
security controls and safeguards are implemented in IT
systems in order to protect the confidentiality, integrity, and
availability of the data that are used, processed, and stored in
those systems.
 Spheres of Security
 The foundation of the security framework.
 Illustrates how information is under attack from a variety of
sources.
 The Sphere of Use illustrates the ways in which people access
information.
 Information as the most important asset,is at the center of the
sphere.

2
• Sphere of security

3
 The sphere of protection, on the right-hand side illustrates that
between each layer of the sphere of use there must exist a layer
of protection, represented in the figure by the shaded bands.
 Controls are also implemented between systems and the
information, between networks and the computer systems, and
between the Internet and internal networks. This reinforces the
concept of defense in depth.
 Information security is designed and implemented in three
layers: policies, people (education, training, and awareness
programs), and technology, commonly referred to as PPT.
 Each of the layers contains controls and safeguards that protect
the information and information system assets that the
organization values.

4
 Levels of Controls Information security safeguards provide
three levels of control: managerial,operational, and technical.
 Managerial controls are security processes that are designed
by strategic planners and implemented by the security
administration of the organization.
 Management controls set the direction and scope of the
security process and provide detailed instructions for its
conduct, as well as addressing the design and implementation
of the security planning process and security program
management.
 They also address risk management and security control
reviews

5
 Operational controls are management and lower-level
planning functions that deal with the operational functionality
of security in the organization, such as disaster recovery and
incident response planning.
 Operational controls address personnel security, physical
security, and the protection of production inputs and outputs.
In addition, operational controls guide the development of
education, training, and awareness programs for users,
administrators, and management.
 Finally, they address hardware and software systems
maintenance and the integrity of data.

6
 Technical controls are the tactical and technical
implementations of security in the organization.
 While operational controls address specific operational issues,
such as developing and integrating controls into the business
functions, technical controls are the components put in place to
protect an organization’s information assets.
 They include logical access controls, such as identification,
authentication, authorization, accountability (including audit
trails), cryptography, and the classification of assets and users.

7
• Defense in Depth
 One of the basic tenets of security architectures is the layered
implementation of security. This layered approach is called
defense in depth.
 To achieve defense in depth, an organization must establish
multiple layers of security controls and safeguards, which can
be organized into policy, training and education, and
technology, as per the CNSS model.
 Implementing multiple types of technology and thereby
precluding that the failure of one system will compromise the
security of information is referred to as redundancy.
 Redundancy can be implemented at a number of points
throughout the security architecture, such as in firewalls, proxy
servers, and access controls.

8
• Defense in Depth

9
 Security Perimeter
 A perimeter is boundary of an area. A security perimeter
defines the boundary between the outer limit of an
organization’s security and the beginning of the outside world.
 A security perimeter is the level of security that protects all
internal systems from outside threats. Security perimeters can
effectively be implemented as multiple technologies that
segregate the protected information from potential attackers.
 Within security perimeters the organization can establish
security domains, or areas of trust within which users can
freely communicate.
 The security perimeter is an essential element of the overall
security framework, and its implementation details are the core
of the completed security blueprint

10
• Security Perimeter

11
 The key components of the security perimeter—firewalls,
DMZs, proxy servers, and IDPSs.
• Firewalls A firewall is a device that selectively discriminates
against information flowing into or out of the organization.
 Firewalls are usually placed on the security perimeter, just
behind or as part of a gateway router.
 There are a number of types of firewalls—packet filtering,
stateful packet filtering, proxy, and application level—and they
are usually classified by the level of information they can
filter.
• DMZs A buffer against outside attacks is frequently referred to
as a demilitarized zone (DMZ).
 The DMZ is a no-man’s-land between the inside and outside
networks; it is also where some organizations place Web
servers.
12
• Firewalls, Proxy Servers, and DMZs

13
• Proxy Servers An alternative to firewall subnets or DMZs is a
proxy server, or proxy firewall.
 A proxy server performs actions on behalf of another system.
When deployed, a proxy server is configured to look like a
Web server and is assigned the domain name that users would
be expecting to find for the system and its services.
 When an outside client requests a particular Web page, the
proxy server receives the request as if it were the subject of the
request, then asks for the same information from the true Web
server (acting as a proxy for the requestor), and then responds
to the request.

14
• Intrusion Detection and Prevention Systems (IDPSs) To
detect unauthorized activity within the inner network or on
individual machines, organizations can implement intrusion
detection and prevention systems (IDPSs).
 Host-based IDPSs are usually installed on the machines they
protect to monitor the status of various files stored on those
machines.
 Network-based IDPSs look at patterns of network traffic and
attempt to detect unusual activity based on previous baselines

15
Thank You

16