<strong>in</strong>creas<strong>in</strong>gly important, as electronic transaction systemshave become widespread <strong>in</strong> use.All services may be needed at every stage, given therequirements of various services and applications,rang<strong>in</strong>g from e-commerce applications that use protocolsat high layers to connection privacy and l<strong>in</strong>k availabilityat low layer protocols.DEFENCE-IN-DEPTH STRATEGYLast concepts of security approaches <strong>in</strong> securitydoma<strong>in</strong> are based on so called defence-<strong>in</strong>-depth strategywhich states that all <strong>in</strong><strong>format</strong>ion technology assets with<strong>in</strong>a protected network need to have the necessary amountof security protection to guard aga<strong>in</strong>st direct attacks atwhatever level the asset resides with<strong>in</strong> the network(Security Certified Program 2006).The ma<strong>in</strong> idea is to protect <strong>in</strong><strong>format</strong>ion at all stages itis be<strong>in</strong>g used and retransmitted <strong>in</strong> terms of provision ofone or more of the security services.Defence-<strong>in</strong>-depth strategy centres on ma<strong>in</strong>ta<strong>in</strong><strong>in</strong>gappropriate security measures and procedures (provid<strong>in</strong>gdescribed security services) at five different levels with<strong>in</strong>environment (Ashley 2006):• Perimeter (entry po<strong>in</strong>ts to the network);• Network (enterprise data transmission network);• Host (workstation or server);• Application (any application runn<strong>in</strong>g on host);• Data (data storage protection).This strategy allows address<strong>in</strong>g the majority of threatsto security due to solutions used at essential <strong>in</strong><strong>format</strong>ionprocess<strong>in</strong>g stages.From the other side, defence-<strong>in</strong>-depth strategy andsecure network architecture oriented approaches are likepatches – they try to protect network (resources and<strong>in</strong><strong>format</strong>ion stored) from some def<strong>in</strong>ed threats (mostlypredef<strong>in</strong>ed) us<strong>in</strong>g specific products or techniques. Themajority of networks historically have heterogeneousenvironments, thus <strong>in</strong>troduc<strong>in</strong>g great problem to solutionmanagement and consolidation. Separated, often isolatedproducts address<strong>in</strong>g only specific threats cannot provide<strong>in</strong>tegrated security, allow<strong>in</strong>g unaddressed threats orthreats to newly discovered (and thus unaddressed)vulnerabilities still are possible.Evaluation of effectiveness of security measures be<strong>in</strong>gused <strong>in</strong> most cases is hard to accomplish. This is becausethere are no mechanisms to control <strong>in</strong>teraction andeffectiveness of security techniques used and nomechanism is used to address new threats andvulnerabilities except published software patches andfixes.In most cases even these manufacturer providedcritical updates could not be easily applied <strong>in</strong> productionenvironment because the effect of apply<strong>in</strong>g such updates<strong>in</strong> most cases is not predictable.As environment changes, some new threats appearand some old disappear. Risk analysis should beperiodically performed and security systems should bechanged reflect<strong>in</strong>g environment changes for securitysystems to be able to provide the same level of protectionand be able to correctly act <strong>in</strong> new conditions (for<strong>in</strong>stance, changes <strong>in</strong> security procedure or firewallconfiguration reflect<strong>in</strong>g new IT technology <strong>in</strong>troduced <strong>in</strong>organization).Therefore, by the nature, defence-<strong>in</strong>-depth strategybased on secure network architecture fails to guarantee<strong>in</strong>tegrated security, because, first, for problem solv<strong>in</strong>g ituses different solutions often with poor consolidation.Second, system that realizes protection from specificthreats is as secure, as complete threat <strong>in</strong>ventory wasperformed dur<strong>in</strong>g design phase (which almost always issubjective). In any case, there still is possibility that allpossible threats and potential vulnerabilities will never bediscovered.Thus, approach to network security based on “securearchitecture” with defence-<strong>in</strong>-depth strategy could notprovide necessary level of protection. Such approachtypes does not exam<strong>in</strong>e correct solution <strong>in</strong>teraction on allOSI layers and periodic vulnerabilities <strong>in</strong> protocols andprimitives used.NEED FOR STANDARDIEZED SECURITYMODELTechnologies such as firewalls, <strong>in</strong>trusion detectionsystems, and antivirus software have become extremelypopular <strong>in</strong> the security doma<strong>in</strong>. They however only solvevery specific problems and <strong>in</strong> no means provide securityassurance. Instead, their importance has beenoveremphasised, or rather: other aspects of systemsecurity have been neglected or have received<strong>in</strong>sufficient attention. Security features are oftenimplemented because of a direct threat. <strong>Systems</strong> aredesigned with functionality and efficiency <strong>in</strong> m<strong>in</strong>d butoften fail to make a thorough <strong>in</strong>vestigation of the securityrequirements of the application as well as the underly<strong>in</strong>gsystem. This <strong>in</strong>evitably leads to patches or securitysoftware or hardware be<strong>in</strong>g used at later stages of thedevelopment cycle, often after vulnerability has beenexploited.This lack of coord<strong>in</strong>ation between securityrequirements and security measures might lie with thefact that there are currently no clearly def<strong>in</strong>ed guidel<strong>in</strong>esas to the requirements of the <strong>in</strong>dividual parts of a system.Many organisations such as f<strong>in</strong>ancial <strong>in</strong>stitutions haveclearly def<strong>in</strong>ed bus<strong>in</strong>ess requirements. However, thesebus<strong>in</strong>ess requirements have little relation to thespecification and the implementation of the system. Thisclearly <strong>in</strong>dicates that some process is required toformalise the implementation of a secure system andachieve a state of security assurance.Annual <strong>Proceed<strong>in</strong>gs</strong> of Vidzeme University College “ICTE <strong>in</strong> Regional Development”, 2006128
Up to now, there has only been limited research on amodel for system-wide security. Most technologies,protocols, and models concentrate on a very specific areaand solve specific and often isolated problems. The OSImodel, although it is not a security model, has beendesigned and utilised with great success with<strong>in</strong> thenetwork<strong>in</strong>g doma<strong>in</strong>. It enables the abstraction of the<strong>in</strong>dividual core functions of network communicationsresult<strong>in</strong>g <strong>in</strong> a more modular communications approach.Accord<strong>in</strong>g to the OSI model, network protocols areorganized <strong>in</strong> seven layers, denoted to where each layer ischaracterized by specific functionality. The OSI modelhas provided several advantages <strong>in</strong> network design:modularity (protocols of different layers can be easilycomb<strong>in</strong>ed to create stacks), flexibility (it is easy to createnew protocols at all layers, and to replace protocols withalternatives of the same layer, creat<strong>in</strong>g new stacks), easeofuse, and standardisation of protocols; despitestandardisation, which focuses on syntax andmechanisms (flow control, error control, etc.), theimplementation of protocols is not standardised, allow<strong>in</strong>gmultiple vendors to develop protocol implementations,lead<strong>in</strong>g to efficient systems at low cost.In contrast to network design, design and managementof secure networks is not a well-understood process.There is no methodology to manage the complexity ofsecurity requirements, the large number of possibleconfigurations, term<strong>in</strong>ology, etc. In each situationparticipants should decide themselves which level ofsecurity is needed and is allowable both by functionaland f<strong>in</strong>ancial aspects. The lack of such methodologyorig<strong>in</strong>ates from a “communication gap” betweendevelopers of security technology and networkdevelopers. Several symptoms have resulted from thisgap:• It is typically difficult to identify the “correct” layerof the OSI model where a client’s (application’s)security requirements need to be addressed;• It is common to make wrong assumptions for theunderly<strong>in</strong>g network as, for example, <strong>in</strong> the casewhere security protocols for wired networks are usedfor wireless networks;• Often, products and technologies give topractitioners wrong impressions regard<strong>in</strong>g the levelof offered security;• It is common to use correct protocols andappropriate algorithms <strong>in</strong> the wrong way.Historically, security problems orig<strong>in</strong>ate fromsuccessful attacks: a secure system is considered secureaga<strong>in</strong>st possible, well-def<strong>in</strong>ed attacks. Consider<strong>in</strong>g thecorrespondence of the security protocols to networklayers, it should be clear that adoption of security at acerta<strong>in</strong> layer of the protocol stack <strong>in</strong>dicates that thenetwork targets to be safe aga<strong>in</strong>st attacks of third partiesat layers equal or below the adopted layer; e.g., IPSecstrives to provide security aga<strong>in</strong>st attacks at layers L 3 (thelayer of IPSec), L 2 and L 1 . It is <strong>in</strong>feasible to protectaga<strong>in</strong>st higher layer protocol attacks, s<strong>in</strong>ce any adversarywho has access to packets of higher layer protocols hasfull <strong>in</strong><strong>format</strong>ion (the packets are unprotected) and thuscan proceed to a wide range of attacks without anydefence.Now it is evident that unified network security modelis needed. Us<strong>in</strong>g OSI reference model it is easy todescribe network<strong>in</strong>g operations and protocol cooperationlayer by layer. Similarly, <strong>in</strong><strong>format</strong>ion society needssecurity reference model, which could specify securitysystem collaboration and cooperation layer by layer andcould be easily <strong>in</strong>tegrated with exist<strong>in</strong>g OSI referencemodel. Development of secure networks us<strong>in</strong>g areference model analogous to the OSI protocol referencemodel is quite beneficial. It promotes modularity,flexibility and ease-of-use, <strong>in</strong> addition to standardization.CONCLUSIONSIn this paper, we have highlighted the problem ofnetwork security design<strong>in</strong>g standardization and fortifiedthe need for layered secure network reference modelsimilar to OSI network reference model. Exist<strong>in</strong>gapproaches to network security are mostly based onspecific network architecture techniques and realizedefence-<strong>in</strong>-depth strategy, which by its nature cannotprovide <strong>in</strong>tegrated up-to-date network securitymechanisms. Variety of products from differentmanufacturers used <strong>in</strong> production environment has leadto poor collaboration and comprehension between theseproducts and security management systems. Assumedlevel of network security commonly is based onprotection aga<strong>in</strong>st some threat <strong>in</strong>ventory, which usuallyis <strong>in</strong>complete, subjective and variable.REFERENCESWhite Paper. 2006. Layered defence approach tonetwork security..Cisco. 2005. SAFE BluePr<strong>in</strong>t,.Ashley, M. 2006. Layered network security 2006: Abest practises approach, .Security Certified Program. 2006. “SCNP: Networkdefence and countermeasures” study guide.BIOGRAPHYDmitry Kryukov is PhD student at the Riga TechnicalUniversity. He is member of the board of Latvian Unionof Young Scientists. His research <strong>in</strong>terests <strong>in</strong>cludeenterprise-wide network security, <strong>in</strong>trusion, andprotection techniques.Annual <strong>Proceed<strong>in</strong>gs</strong> of Vidzeme University College “ICTE <strong>in</strong> Regional Development”, 2006129
- Page 1 and 2:
ISBN 9984-633-03-9Annual Proceeding
- Page 3 and 4:
“Development of Creative Human -
- Page 5 and 6:
TABLE OF CONTENTSINTELLIGENT SYSTEM
- Page 7 and 8:
INTELLIGENT SYSTEM FOR LEARNERS’
- Page 9 and 10:
LEARNER 1GROUP OF HUMAN AGENTSLEARN
- Page 11 and 12:
QuantityQuantityFigure 6. Distribut
- Page 13 and 14:
LEARNERStructure of theconcept mapL
- Page 15 and 16:
WEB-BASED INTELLIGENT TUTORING SYST
- Page 17 and 18:
materials to be presented and which
- Page 19 and 20:
INFORMATION TECHNOLOGIES AND E-LEAR
- Page 21 and 22:
correspondence with the course aim
- Page 23 and 24:
projects and through IT. Hence, it
- Page 25 and 26:
APPLICATION OF MODELING METHODS IN
- Page 27 and 28:
can support configuration managemen
- Page 29 and 30:
The EKD is one of the Enterprise mo
- Page 31 and 32:
CHANGES TO TRAINING AND PERSPECTIVE
- Page 33 and 34:
or an end, yet none of these attitu
- Page 35 and 36:
make decisions. It cannot be volunt
- Page 37 and 38:
logs), data and video conferencing
- Page 39 and 40:
Ability to follow user’s multi-ta
- Page 41 and 42:
CONCLUSIONSEDUSA method gives us a
- Page 43 and 44:
in successful SD. Given this situat
- Page 45 and 46:
SPATIAL INFORMATIONFor the visualis
- Page 47 and 48:
MOBILE TECHNOLOGIES USE IN SERVICES
- Page 49 and 50:
learning environment (Learning Mana
- Page 51 and 52:
ago only some curricula on Logistic
- Page 53 and 54:
The Web-based version can be access
- Page 55 and 56:
Web-portal, which incorporates diff
- Page 57 and 58:
DO INTELLIGENT OBJECTS AUTOMATICALL
- Page 59 and 60:
Table 1. Examples for introducing R
- Page 61 and 62:
workable influencing of the process
- Page 63 and 64:
are handed over to the objects and
- Page 65 and 66:
• Basic processes, such as wareho
- Page 67 and 68:
THE ECR E-COACH: A VIRTUAL COACHING
- Page 69 and 70:
participating in the workshops and
- Page 71 and 72:
• Assessment modules enable indiv
- Page 73 and 74:
with pictures and illustrated graph
- Page 75 and 76:
ECR Question Banknumber category su
- Page 77 and 78:
educational programme that follows
- Page 79 and 80:
DEVELOPMENT OF WEB BASED GRAVITY MO
- Page 81 and 82:
These results of a model require a
- Page 83 and 84: CONCLUSIONSThe main goal of work ha
- Page 85 and 86: dimension and included within any o
- Page 87 and 88: • Resources sharing by providing
- Page 89 and 90: Pursuant to the guidelines of elect
- Page 91 and 92: tariffs of regulated services have
- Page 93 and 94: INFORMATION TECHNOLOGY FOR MOTIVATI
- Page 95 and 96: difficult to predict when and for w
- Page 97 and 98: Listeners' workon the WebListenersS
- Page 99 and 100: PERSPECTIVES OF WEB PAGE AND E-MAIL
- Page 101 and 102: INCREASE IN THE NUMBER OF INTERNETU
- Page 103 and 104: tourism accommodations (home pages
- Page 105 and 106: interactive relationships with clie
- Page 107 and 108: • The data obtained by the resear
- Page 109 and 110: Central Statistical Bureau of Latvi
- Page 111 and 112: departures for 1995 are taken from
- Page 113 and 114: 120100maximumworldminimum806040200-
- Page 115 and 116: 140120maximumworldminimum1008060402
- Page 117 and 118: would be a promising extension. Cur
- Page 119 and 120: AN OVERVIEW OF THE AGENT − BASED
- Page 121 and 122: Suitability for social system simul
- Page 123 and 124: 6. MASONDescription:MASON is a fast
- Page 125 and 126: Suitability for social system simul
- Page 127 and 128: could be bad particularly when over
- Page 129 and 130: (for 10 repeat &| CCar[]->runfor);P
- Page 131 and 132: • Streaming audio• Collaboratio
- Page 133: NECESSITY OF NEW LAYERED APPROACH T
- Page 137 and 138: aaaaa6= −aa2,1 = − a0,3226= −
- Page 139 and 140: ∂ u∂x∂ u∂y2 2+ b = 02 2wher
- Page 141 and 142: a6,3= −2030a4,5−130a4,3- - - -
- Page 143 and 144: 0,10,20,30,4( )Mag x y y Ge wx2, =
- Page 145 and 146: Example 1. To understand better the
- Page 147 and 148: Therefore, further the following co
- Page 149 and 150: SOLUTION OF THE THREE-DIMENSIONALEQ
- Page 151 and 152: Mag1, m , m , m1 2 3= mm1 m2m32 2 2
- Page 153 and 154: MagMag0, m , m , m1 2 31, m , m , m
- Page 155: CONCLUSIONSThe basic content of thi