Proceedings in pdf format. - Sociotechnical Systems Engineering ...

More documents

Recommendations

Info

increasingly important, as electronic transaction systemshave become widespread in use.All services may be needed at every stage, given therequirements of various services and applications,ranging from e-commerce applications that use protocolsat high layers to connection privacy and link availabilityat low layer protocols.DEFENCE-IN-DEPTH STRATEGYLast concepts of security approaches in securitydomain are based on so called defence-in-depth strategywhich states that all information technology assets withina protected network need to have the necessary amountof security protection to guard against direct attacks atwhatever level the asset resides within the network(Security Certified Program 2006).The main idea is to protect information at all stages itis being used and retransmitted in terms of provision ofone or more of the security services.Defence-in-depth strategy centres on maintainingappropriate security measures and procedures (providingdescribed security services) at five different levels withinenvironment (Ashley 2006):• Perimeter (entry points to the network);• Network (enterprise data transmission network);• Host (workstation or server);• Application (any application running on host);• Data (data storage protection).This strategy allows addressing the majority of threatsto security due to solutions used at essential informationprocessing stages.From the other side, defence-in-depth strategy andsecure network architecture oriented approaches are likepatches – they try to protect network (resources andinformation stored) from some defined threats (mostlypredefined) using specific products or techniques. Themajority of networks historically have heterogeneousenvironments, thus introducing great problem to solutionmanagement and consolidation. Separated, often isolatedproducts addressing only specific threats cannot provideintegrated security, allowing unaddressed threats orthreats to newly discovered (and thus unaddressed)vulnerabilities still are possible.Evaluation of effectiveness of security measures beingused in most cases is hard to accomplish. This is becausethere are no mechanisms to control interaction andeffectiveness of security techniques used and nomechanism is used to address new threats andvulnerabilities except published software patches andfixes.In most cases even these manufacturer providedcritical updates could not be easily applied in productionenvironment because the effect of applying such updatesin most cases is not predictable.As environment changes, some new threats appearand some old disappear. Risk analysis should beperiodically performed and security systems should bechanged reflecting environment changes for securitysystems to be able to provide the same level of protectionand be able to correctly act in new conditions (forinstance, changes in security procedure or firewallconfiguration reflecting new IT technology introduced inorganization).Therefore, by the nature, defence-in-depth strategybased on secure network architecture fails to guaranteeintegrated security, because, first, for problem solving ituses different solutions often with poor consolidation.Second, system that realizes protection from specificthreats is as secure, as complete threat inventory wasperformed during design phase (which almost always issubjective). In any case, there still is possibility that allpossible threats and potential vulnerabilities will never bediscovered.Thus, approach to network security based on “securearchitecture” with defence-in-depth strategy could notprovide necessary level of protection. Such approachtypes does not examine correct solution interaction on allOSI layers and periodic vulnerabilities in protocols andprimitives used.NEED FOR STANDARDIEZED SECURITYMODELTechnologies such as firewalls, intrusion detectionsystems, and antivirus software have become extremelypopular in the security domain. They however only solvevery specific problems and in no means provide securityassurance. Instead, their importance has beenoveremphasised, or rather: other aspects of systemsecurity have been neglected or have receivedinsufficient attention. Security features are oftenimplemented because of a direct threat. Systems aredesigned with functionality and efficiency in mind butoften fail to make a thorough investigation of the securityrequirements of the application as well as the underlyingsystem. This inevitably leads to patches or securitysoftware or hardware being used at later stages of thedevelopment cycle, often after vulnerability has beenexploited.This lack of coordination between securityrequirements and security measures might lie with thefact that there are currently no clearly defined guidelinesas to the requirements of the individual parts of a system.Many organisations such as financial institutions haveclearly defined business requirements. However, thesebusiness requirements have little relation to thespecification and the implementation of the system. Thisclearly indicates that some process is required toformalise the implementation of a secure system andachieve a state of security assurance.Annual Proceedings of Vidzeme University College “ICTE in Regional Development”, 2006128
Up to now, there has only been limited research on amodel for system-wide security. Most technologies,protocols, and models concentrate on a very specific areaand solve specific and often isolated problems. The OSImodel, although it is not a security model, has beendesigned and utilised with great success within thenetworking domain. It enables the abstraction of theindividual core functions of network communicationsresulting in a more modular communications approach.According to the OSI model, network protocols areorganized in seven layers, denoted to where each layer ischaracterized by specific functionality. The OSI modelhas provided several advantages in network design:modularity (protocols of different layers can be easilycombined to create stacks), flexibility (it is easy to createnew protocols at all layers, and to replace protocols withalternatives of the same layer, creating new stacks), easeofuse, and standardisation of protocols; despitestandardisation, which focuses on syntax andmechanisms (flow control, error control, etc.), theimplementation of protocols is not standardised, allowingmultiple vendors to develop protocol implementations,leading to efficient systems at low cost.In contrast to network design, design and managementof secure networks is not a well-understood process.There is no methodology to manage the complexity ofsecurity requirements, the large number of possibleconfigurations, terminology, etc. In each situationparticipants should decide themselves which level ofsecurity is needed and is allowable both by functionaland financial aspects. The lack of such methodologyoriginates from a “communication gap” betweendevelopers of security technology and networkdevelopers. Several symptoms have resulted from thisgap:• It is typically difficult to identify the “correct” layerof the OSI model where a client’s (application’s)security requirements need to be addressed;• It is common to make wrong assumptions for theunderlying network as, for example, in the casewhere security protocols for wired networks are usedfor wireless networks;• Often, products and technologies give topractitioners wrong impressions regarding the levelof offered security;• It is common to use correct protocols andappropriate algorithms in the wrong way.Historically, security problems originate fromsuccessful attacks: a secure system is considered secureagainst possible, well-defined attacks. Considering thecorrespondence of the security protocols to networklayers, it should be clear that adoption of security at acertain layer of the protocol stack indicates that thenetwork targets to be safe against attacks of third partiesat layers equal or below the adopted layer; e.g., IPSecstrives to provide security against attacks at layers L 3 (thelayer of IPSec), L 2 and L 1 . It is infeasible to protectagainst higher layer protocol attacks, since any adversarywho has access to packets of higher layer protocols hasfull information (the packets are unprotected) and thuscan proceed to a wide range of attacks without anydefence.Now it is evident that unified network security modelis needed. Using OSI reference model it is easy todescribe networking operations and protocol cooperationlayer by layer. Similarly, information society needssecurity reference model, which could specify securitysystem collaboration and cooperation layer by layer andcould be easily integrated with existing OSI referencemodel. Development of secure networks using areference model analogous to the OSI protocol referencemodel is quite beneficial. It promotes modularity,flexibility and ease-of-use, in addition to standardization.CONCLUSIONSIn this paper, we have highlighted the problem ofnetwork security designing standardization and fortifiedthe need for layered secure network reference modelsimilar to OSI network reference model. Existingapproaches to network security are mostly based onspecific network architecture techniques and realizedefence-in-depth strategy, which by its nature cannotprovide integrated up-to-date network securitymechanisms. Variety of products from differentmanufacturers used in production environment has leadto poor collaboration and comprehension between theseproducts and security management systems. Assumedlevel of network security commonly is based onprotection against some threat inventory, which usuallyis incomplete, subjective and variable.REFERENCESWhite Paper. 2006. Layered defence approach tonetwork security..Cisco. 2005. SAFE BluePrint,.Ashley, M. 2006. Layered network security 2006: Abest practises approach, .Security Certified Program. 2006. “SCNP: Networkdefence and countermeasures” study guide.BIOGRAPHYDmitry Kryukov is PhD student at the Riga TechnicalUniversity. He is member of the board of Latvian Unionof Young Scientists. His research interests includeenterprise-wide network security, intrusion, andprotection techniques.Annual Proceedings of Vidzeme University College “ICTE in Regional Development”, 2006129
Page 1 and 2:
ISBN 9984-633-03-9Annual Proceeding
Page 3 and 4:
“Development of Creative Human -
Page 5 and 6:
TABLE OF CONTENTSINTELLIGENT SYSTEM
Page 7 and 8:
INTELLIGENT SYSTEM FOR LEARNERS’
Page 9 and 10:
LEARNER 1GROUP OF HUMAN AGENTSLEARN
Page 11 and 12:
QuantityQuantityFigure 6. Distribut
Page 13 and 14:
LEARNERStructure of theconcept mapL
Page 15 and 16:
WEB-BASED INTELLIGENT TUTORING SYST
Page 17 and 18:
materials to be presented and which
Page 19 and 20:
INFORMATION TECHNOLOGIES AND E-LEAR
Page 21 and 22:
correspondence with the course aim
Page 23 and 24:
projects and through IT. Hence, it
Page 25 and 26:
APPLICATION OF MODELING METHODS IN
Page 27 and 28:
can support configuration managemen
Page 29 and 30:
The EKD is one of the Enterprise mo
Page 31 and 32:
CHANGES TO TRAINING AND PERSPECTIVE
Page 33 and 34:
or an end, yet none of these attitu
Page 35 and 36:
make decisions. It cannot be volunt
Page 37 and 38:
logs), data and video conferencing
Page 39 and 40:
Ability to follow user’s multi-ta
Page 41 and 42:
CONCLUSIONSEDUSA method gives us a
Page 43 and 44:
in successful SD. Given this situat
Page 45 and 46:
SPATIAL INFORMATIONFor the visualis
Page 47 and 48:
MOBILE TECHNOLOGIES USE IN SERVICES
Page 49 and 50:
learning environment (Learning Mana
Page 51 and 52:
ago only some curricula on Logistic
Page 53 and 54:
The Web-based version can be access
Page 55 and 56:
Web-portal, which incorporates diff
Page 57 and 58:
DO INTELLIGENT OBJECTS AUTOMATICALL
Page 59 and 60:
Table 1. Examples for introducing R
Page 61 and 62:
workable influencing of the process
Page 63 and 64:
are handed over to the objects and
Page 65 and 66:
• Basic processes, such as wareho
Page 67 and 68:
THE ECR E-COACH: A VIRTUAL COACHING
Page 69 and 70:
participating in the workshops and
Page 71 and 72:
• Assessment modules enable indiv
Page 73 and 74:
with pictures and illustrated graph
Page 75 and 76:
ECR Question Banknumber category su
Page 77 and 78:
educational programme that follows
Page 79 and 80:
DEVELOPMENT OF WEB BASED GRAVITY MO
Page 81 and 82:
These results of a model require a
Page 83 and 84: CONCLUSIONSThe main goal of work ha
Page 85 and 86: dimension and included within any o
Page 87 and 88: • Resources sharing by providing
Page 89 and 90: Pursuant to the guidelines of elect
Page 91 and 92: tariffs of regulated services have
Page 93 and 94: INFORMATION TECHNOLOGY FOR MOTIVATI
Page 95 and 96: difficult to predict when and for w
Page 97 and 98: Listeners' workon the WebListenersS
Page 99 and 100: PERSPECTIVES OF WEB PAGE AND E-MAIL
Page 101 and 102: INCREASE IN THE NUMBER OF INTERNETU
Page 103 and 104: tourism accommodations (home pages
Page 105 and 106: interactive relationships with clie
Page 107 and 108: • The data obtained by the resear
Page 109 and 110: Central Statistical Bureau of Latvi
Page 111 and 112: departures for 1995 are taken from
Page 113 and 114: 120100maximumworldminimum806040200-
Page 115 and 116: 140120maximumworldminimum1008060402
Page 117 and 118: would be a promising extension. Cur
Page 119 and 120: AN OVERVIEW OF THE AGENT − BASED
Page 121 and 122: Suitability for social system simul
Page 123 and 124: 6. MASONDescription:MASON is a fast
Page 125 and 126: Suitability for social system simul
Page 127 and 128: could be bad particularly when over
Page 129 and 130: (for 10 repeat &| CCar[]->runfor);P
Page 131 and 132: • Streaming audio• Collaboratio
Page 133: NECESSITY OF NEW LAYERED APPROACH T
Page 137 and 138: aaaaa6= −aa2,1 = − a0,3226= −
Page 139 and 140: ∂ u∂x∂ u∂y2 2+ b = 02 2wher
Page 141 and 142: a6,3= −2030a4,5−130a4,3- - - -
Page 143 and 144: 0,10,20,30,4( )Mag x y y Ge wx2, =
Page 145 and 146: Example 1. To understand better the
Page 147 and 148: Therefore, further the following co
Page 149 and 150: SOLUTION OF THE THREE-DIMENSIONALEQ
Page 151 and 152: Mag1, m , m , m1 2 3= mm1 m2m32 2 2
Page 153 and 154: MagMag0, m , m , m1 2 31, m , m , m
Page 155: CONCLUSIONSThe basic content of thi
show all

Proceedings in pdf format. - Sociotechnical Systems Engineering ...

Create successful ePaper yourself

Delete template?

Save as template?