Security Monitoring Systems and Threat Models

Abstract

InfoBase (2005) explained that the main function of the security monitoring system is to act as a central point for the network hosts, and traffics where activities are monitored to assess policy compliance, identify non-compliance activities, identify and initiate the effective intrusion responses. Periodic testing is performed to monitor the network conditions, and it relates to the point in time of the test. The degree of monitoring is driven by the amount of risk, where risk is increased by the sensitivity of data and processes and also the system accessibility. Lower-risk systems are related to the systems, and the web sites that represent information system with no transaction capabilities.

Activity monitoring required data gathering and recoding such data in logs where it includes system events and security seriousness. Also, activity monitoring provides host performance where it identifies abnormal behaviours that might indicate an intrusion. Effective monitoring systems should include any change in the network systems such as increase of access to the system, and also adding new systems (InfoBase, 2005).

Viemer (1998) explained that security policy model defined the access of information within the system through different security domains that allow such access based on different rules built to ensure security within the system. Security policy can be implemented within any system to the object level within such system, and can be implemented in on of the following ways:

  • Security model can be explicitly attached to the object.
  • Authorize the object to inherit its security policy from another object located in the preceding container in the system’s objects hierarchy.

Threat model represents the description of the security characteristics, where the possible attacks are identified, and the assessment of the potential harms and priorities are defined. Creating the threat model is an important step to identify the security initiatives to respond to the threats that can harm any organizations assets, and values that worth the protection (Gragido, 2010).   

The threat models not only play an important role in the process of building a secure system (the DQ1’s Comment), but also utilize the security expertise, and the history of the security attacks that can be used as references to build a robust systems.

Security Policy Models

Weise (2001) explained that the security policy models defines the security goals for any organization that requires to establish the right protocol in accessing information, and sharing data among users and other business partners. With such models, the security principles have to be identified where it can promote integrity, confidentiality, and availability for such systems. Also Security policy should be comprehensive and effective enough to cover the security architecture that was built based on the threat model. The security policy represents the translation of specific rules that can cover the security expectations where it can maintain the required security within the computer systems. The security policy must establish the access rules for system users to access data and resources that can respond to the technical, business, and regulatory environment where any organization would like to operate, and the principles of such policy should be implemented toward the following goals:

  • The policy must ensure the availability of the system data and resources.
  • The policy must ensure the integrity and the confidentiality of such system.
  •  Inform users of the protection, and the security mechanism required for system data and resources.
  • Provide the auditing system (security baseline) that validates the compliance of the system with the established security rules within the system.

Weise (2001) also explained that security policy should have the required characteristics where it can be understandable, realistic, consistent, procedurally tolerable, and economically feasible. Within any organization such security policy should define the overall risk control objectives, and the security goals required by any organization, and aligned with the threat model implemented for organization’s systems. A good security policy should promote the following characteristics:

  • The security policy should be implemented by the system administrators, and security experts within any organization.
  • The security policy should be enforceable via security tools where prevention of the security threat is not feasible.
  • The security policy should define the area of responsibilities among users, managers, and system administrators.
  • The security policy should have the ability to be distributed, documented, and communicated within any organization.
  • The security policy must be flexible to survive a long term of implementation, and should be independent from any software and hardware. Also, the policy should have the mechanism to be updatable for any future changes within any organization.

Lang (2010) explained that to implement an automated security policy within any organization, the human factor involvement in building such policy will be taken out of the loop. To implement automation in the security policy requirements, such requirements are translated into technical implementation (e.g. authentication, monitoring, and access control) where such policy will be enforced automatically across applications and systems. With the automated security policy, the collection of incidents, analyzing such incidents, and implementing the right solution for such incidents through the implementations of the security policy will be done without the human interaction. With such implementations within the automated security policy, the policy will be proactive and preventive to any similar future incidents where bad things can be prevented before it even happens.

With the automated security policy, the policy driven can be implemented where the security product understands and captures what should be allowed, and what shouldn’t before the activities happens across the systems and applications. With such systems, the policy management challenges can be addressed, and the enforcement of the new implementation can be in place automatically where such policies can be entered within a form that populates the new security rules across the systems and applications (Lang, 2010).

Threat Models

Gragido (2010) explained that the threat model should be built based on the amount of threats, and the value of the assets that will be exposed to such threats within the systems or applications that are used by any organization. Also, such model should provide the solution for the systems and applications vulnerability that is exploited via internal and external threats. Also, the threat model should be based on certain approaches where the goal is to direct the attention to a certain direction where the threat is coming from; and these approaches can be based on the following:

  • Threat model that is based on the attackers and their goals and how they’re going to achieve their attacks should be evaluated. The starting point of such approach usually comes from the attackers’ entry point or the assets (Systems or applications) that need to be protected.
  • Threat model that is based on the software where the starting point will be the design of the system, and looking at the types of attacks the can be launched against such system.
  • Threat models that is based on the asset, where the sensitive information can represent ahigh pointof attacks.

Gragido (2010) explained that the question that can be raised before building the threat model is where the threat modeling should begin? And such question will raise other questions before the actual engagement in the activity of building the threat model begins. Raising such questions will increase the chances in delivering a success process in building such threat model, and some of these questions are:

  • What are the assets that should be implemented in the threat model that need to be protected?
  • Where such assets are located within the systems or applications?
  • Who are the users of such assets?
  • What are the strengths and the weakness of threat?
  • What should be done to minimize the attack, and mitigate the risk factor of such attack?

Threat model should be considered to be part of the design phase within the software development lifecycle to mitigate any security vulnerabilities.  Such involvement will require for developers and software vendors to conduct code review, leverage tools that can act as source code scanners, and establish a secure coding baselines to reduce software and systems vulnerabilities.  Security can’t be used as a bolt-on feature of any software, with such approach a lot of system vulnerabilities can be overlooked, and as such; there is a need for security mechanism to be in place for developers to follow, and to be considered. Threat modeling helps any organization to transform indistinct of potential threat into tangible security requirements (Bharti, 2006).

Unfortunately with identifying the security requirements based on the threat model that can improve process and systems, there is a cost associated with each implementation of such requirements. Without the commitment from the top executive of any organization toward the security mandates, the security strategy will lack clear directions and scope. There’s always cost to mitigate risk, and as such; identifying the cost of implementing code reviews, and threat modeling is very essential to achieve the security goals within any organization (Bharti, 2006).

Conclusion

Security monitoring systems is an important part of the system security within any systems that is used to identify activities and traffics within any network. The unusual conditions and abnormal behaviours that can represent threats to the network systems should be logged with the related point in time for future reviews. Security monitoring systems provide information about the conditions and the activities within the network. Activity monitoring, is used to assess the policy compliance, and identify any non-compliance conditions within the network. With the condition monitoring, period testing is performed to indicate any issues with the network performance, and the overall estimate of the intrusions resistance.

Creating the threat model for any system is used to address security threats, and it’s used to assess the amount of work required to implement security responses within any system based on the potential attacks assessed within the threat model (Gragido, 2010).    

Security policy model should act as a bridge between the establish security requirements within a system, and the users of such systems, and their expectation. The security policy model should be built based on security risks evaluated through the establishment of the threat model (Weise, 2001).  

Finally, the threat model provides the data, and the analysis required to declare vulnerability of the assets and the potential of exploiting such vulnerability against such assets (Gragido, 2010). Threat models are used to create the required security policy and the security monitoring required for any system where the access control and system protections are required to protect the system from any unauthorized access and system intrusions problems that the system might face. It’s imperative that the threat model to be built to assess the required security monitoring system, and also to implement the right security policy that guarantee the system safety, and the business continuity within any organization.

References

Bharti, N. (2006) Threat Modeling Key to Pro-active Security [Online]. Available from: http://searchsoftwarequality.techtarget.com/news/1169779/Threat-modeling-key-to-pro-active-security (Accessed: 28 November 2010).

Gragido, W. (2010) Determinism vs. Randomness: The New Effect Upon Security [Online]. Available from: http://cassandrasecurity.com/?cat=166 (Accessed: 28 November 2010).

InfoBase (2005) Security Monitoring [Online]. Available from: http://www.ffiec.gov/ffiecinfobase/booklets/information_security/05_sec_monitoring.htm (Accessed: 28 November 2010).

Lang, U. (2010) Security Policy Automation Using Model Drive Security [Online]. Available from: http://objectsecurity-mds.blogspot.com/ (Accessed: 28 November 2010).

Viemer, D. (1998) Domain Security Policy Model for International Interoperability [Online]. Available from: http://www.netpr.com/tools_resources/policy/nissc98.pdf (Accessed: 28 November 2010).

Weise, J. (2001) Developing a Security Policy [Online]. Available from: http://www.sun.com/blueprints/1201/secpolicy.pdf (Accessed: 28 November 2010).

 

 

 

 

 

 

 

 

Advertisements

1 Comment »

  1. It’s an amazing paragraph designed for all the web viewers; they will take advantage from it I am sure.


RSS Feed for this entry

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: