200 likes | 495 Vues
持续防护和不断创新 Continuous Protection and Innovation. Roger Huang 黄承红 Starwood China 喜达屋中 国. What Is IATF ? 什么是 IATF?.
E N D
持续防护和不断创新Continuous Protection and Innovation Roger Huang 黄承红 Starwood China 喜达屋中国
What Is IATF?什么是IATF? • IATF is the abbreviation of “Information Assurance Technical Framework”which is established by NSA. IATF aims for providing technique guidance to protect the information and information facilities of US government and industrial circles.信息保障技术框架IATF是美国国家安全局NSA制定的,为保护美国政府和工业界的信息与信息技术设施提供技术指南。 • The representative theory of IATFis “ Defense-in-Depth ”. IATF的代表理论为“深度防御”。 • When it comes to the procedures and methods of information insurance implementation, IATF covers System Engineering, System procurement, Risk management, Certification, Identification and Life Cycle, etc. IATF shows a clear model to build Information Assurance System.在关于实现信息保障目标的过程和方法上,IATF论述了系统工程、系统采购、风险管理、认证和鉴定以及生命周期支持等过程,指出了一条较为清晰的建设信息保障体系的模型。
What is“Defense in Depth”?何谓“深度防御”? • IATF regards People, Technique, Operation these 3 items as core elements. This could protect information systems from different perspectives. IATF强调人、技术、操作这三个核心要素,从多种不同的角度对信息系统进行防护。 • IATF focuses on 4 information security assuranceareas: IATF关注四个信息安全保障领域 • Local Computer Processing Environment 本地计算环境 • Boundaries 区域边界 • Network and Infrastructure网络和基础设施 • Supportive Infrastructure 支撑性基础设施 These could provide multi-layers protection to information systems and carry out tasks/operations of organization. This kind of protection is named as“Defense-in-Depth Strategy”。在此基础上,对信息信息系统就可以做到多层防护,实现组织的任务/业务运作。这样的防护被称为 “深度防护战略”。
Good Organization Function Information Security Assurance(IA) Defense in Depth Strategy People UseTechnique PerformOperation People Operation Technique Supportive Infrastructure Network Infrastructure Computer Processing Environment Boundaries Key Management Detect Response IATFFramework
成功的组织功能 信息安全保障(IA) 深度防御战略 人 人 通过 技术 进行 操作 操作 技术 支撑性基础设施 计算环境 区域边界 网络 基础设施 密钥管理 检测响应 IATF框架
IATF3 ELEMENTS三要素 • People (人) : • The core of Information Security Assurance system; The first priority element; But also the most fragile.信息保障体系的核心,是第一位的要素,同时也是最脆弱的。 • Security management is more and more important in security assurance system based on above concept. This includes:基于这样的认识,安全管理在安全保障体系中愈显重要,包括: • Awareness Training, Organization Management, Technology Management, Operation Management.意识培训、组织管理、技术管理、操作管理 • …… • Technology (技术) : • Technology is important to carry out information assurance.技术是实现信息保障的重要手段。 • Dynamic Technology System:动态的技术体系: • Protection, Detection, Reponses, Recovery防护、检测、响应、恢复 • Operation (操作/运行) : • Operations make up the initiative defense system to achieve security assurance.也叫运行,构成安全保障的主动防御体系。 • Operations is a initiative procedure to integrate techniques from all areas which includes:是将各方面技术紧密结合在一起的主动的过程,包括 • Risk Assessment, Security Monitoring, Security Audit风险评估、安全监控、安全审计 • Tracking and Alert, IDS, Response and Recovery跟踪告警、入侵检测、响应恢复 • ……
IATFSECURITY REQUIREMENTS安全需求划分 • IATFDefines 4 Key Technology Areas:IATF定义了四个主要的技术焦点领域: • Local Computer Processing Environment本地计算环境 • Boundaries区域边界 • Network and Infrastructure网络和基础设施 • Supportive Infrastructure支撑性基础设施 • These 4 areas constitute a integrated Information Assurance system这四个领域构成了完整的信息保障体系所涉及的范围。 • In each area, IATFdescribes specific security requirements and corresponding available technology.在每个领域范围内,IATF都描述了其特有的安全需求和相应的可供选择的技术措施。
Local Computer Processing Environment Boundaries Network And Infrastructure Supportive Infrastructure
本地 计算环境 边界区域 网络和 基础设施 支撑性基础设施
COMPUTER PROCESSING ENVIRONMENT PROTECTION保护计算环境 • Objectives目标: • Use information assurance technology to ensure Confidentiality, Integrity and Availability when Data in, out or stay in work stations and servers.使用信息保障技术确保数据在进人、离开或驻留客户机和服务器时具有保密性、完整性和可用性。 • Methods方法: • Use Secure Operating System使用安全的操作系统 • Use Secure Application使用安全的应用程序 • Secured Information Message, Secured Exploring, File protection安全消息传递、安全浏览、文件保护等 • Host Intrusion Detection主机入侵检测 • Anti-Virus System防病毒系统 • Host Vulnerabilities Scan主机脆弱性扫描 • File Integration Protection文件完整性保护
BOUNDARIES PROTECTION保护区域边界 • What is Boundary什么是边界? • “Domain” means the environment which is controlled by specific or physical security management through single authorization. This include physical environment and logic environment. “域”指由单一授权通过专用或物理安全措施所控制的环境,包括物理环境和逻辑环境。 • The connection points between network devices in one area and other network devices are named as “Boundary”区域的网络设备与其它网络设备的接入点被称为“区域边界”。 • Objectives目标: • Effective control and monitoring on In&Out Data(physical area and logic area)对进出某区域(物理区域或逻辑区域)的数据流进行有效的控制与监视。 • Methods方法: • Virus, Malicious code Defense病毒、恶意代码防御 • Firewall防火墙 • IDS入侵检测 • Boundaries Guard边界护卫 • Remote Access远程访问 • Multi-Level Security多级别安全
NETWORK AND INFRASTRUCTURE PROTECTION保护网络和基础设施 • Objectives目标: • Network and the infrastructure should网络和支持它的基础设施必须 • Prevent Illegal Data Leak防止数据非法泄露 • Prevent DDoS防止受到拒绝服务的攻击 • Prevent delay, miss or not send of protected information transfer防止受到保护的信息在发送过程中的时延、误传或未发送 • Methods方法: • Availability of BackboneNetwork骨干网可用性 • Security Framework of Wireless Network无线网络安全框架 • Full integrated and VPN系统高度互联和虚拟专用网
SUPPORTIVE INFRASTRUCTURE PROTECTION保护支撑性基础设施 • Objectives目标: • Provide a connective activities and infrastructure system to security assurance service, includes为安全保障服务提供一套相互关联的活动与基础设施,包括: • Key Management Function密钥管理功能 • Detect and Response Function检测和响应功能 • Methods方法: • Key Management密钥管理 • Priority Management优先权管理 • Certificate Management证书管理 • Intrusion Detection入侵检测 • Audit and Configuration审计、配置 • Information Investigation Collection 信息调查、收集
Local Computer Processing Environment Network Infrastructure Network Boundaries with encryption level Encrypt Network Telecom Operator Remote User Remote User Remote User Remote User Remote User Private Network Specific Network Boundaries Internet Telecom Operator Other Boundaries Public Network Boundaries Internet Service Provider Public Telephone Network PBX Boundaries Supportive Infrastructure (PKIinfrastructure、Detect and Response) Boundaries protection(Firewall) Remote Access Control(VPN,Encryption) IATFFRAMEWORK
本地计算环境 网络基础设施 带密级网络的边界 密级网络 电信 运营商 远程用户 远程用户 远程用户 远程用户 远程用户 专网 专用网络的边界 公网 (Internet) 电信 运营商 连 接 至 其 他 边 界 公共网络的边界 Internet 服务供应商 公共电话网 公共移动网 PBX 边界 支撑性基础设施 (PKI公钥基础设施、检测和响应基础设施) 边界保护(隔离器、防火墙等) 远程访问保护(VPN,加密等) IATF框架