Development of security policies for private networks - Semantic Scholar

INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT Int. J. Network Mgmt 2003; 13: 203–210 (DOI: 10.1002/nem.472)

Development of security policies for private networks By Saad Haj Bakry*† With the current worldwide emphasis on e-business, the development of sound network security policies for private networks connected to the Internet is becoming of increasing importance. This paper identifies a general network security profile upon which current and planned network security states can be mapped. The paper also provides a process for the development of current security states into target states, using the network security profile. Copyright © 2003 John Wiley & Sons, Ltd.

Introduction

W

ith the increasing dependence of private organizations on information networks, the security of such networks is becoming essential, especially with the emergence of e-business over Intranets, Extranets, and the Internet.1 Security challenges to these networks have various undesirable business impacts on organizations, such as: business embarrassment, financial loss, degradation of competitiveness, and legal problems.2,3 Therefore security policies need to be emphasized, so that such challenges, together with their undesired consequ ences, can be avoided. This paper aims at supporting such policies, by presenting a general network security profile and a development process that can be used for their development, implementation, and management. In order to provide a background for describing the target profile and its associated development process, this introductory section explains what is meant by network security, considering concepts and terms developed by the International Standards Organization

(ISO). This introductory section also emphasizes the importance of the work presented in the paper.

—Security in ISO Vocabulary— In its information processing vocabulary, ISO defines the term computer system security as the technological and administrative safeguards established and applied to data processing to protect hardware, software, and data from accidental or malicious modifications, destruction or disclosures.4 This definition illustrates that IT security has four main dimensions. • The first is concerned with the object that needs to be protected; that is, hardware, software and data. • The second is associated with the undesired effect of security challenges on the object, that is, destruction and disclosure. Destruction applies to hardware, software and data, while disclosure applies to data and software. Of course, software can be viewed as data when it is not in action.

Professor Saad Haj Bakry Teaches at King Saud University, Riyadh, Saudi Arabia. * Correspondence to: Professor Saad Haj Bakry, King Saud University, Riyadh, Saudi Arabia. † E-mail: [email protected]

Copyright © 2003 John Wiley & Sons, Ltd.

204

S. H. BAKRY

• The third is also related to security challenges, but emphasizing their nature or their intention, that is, whether these challenges are accidental or deliberate. • The fourth dimension is concerned with security measures that should be taken into account in facing the challenges. The definition specifies that these measures may be technological, administrative or both.

—Security in ISO-OSI SIG-SEC— In addition to the above, the ISO Open System Interconnection, Special Interest Group on Network Security (ISO-OSI SIG-SEC) has identified two main network security goals:5 • The first is concerned with the protection of data against: undetected loss and repetition, unauthorized modifications, and unauthorized disclosure, that is, ensuring that data is correctly sequenced, sealed, and made private. • The second is associated with assuring correct identity of both the sender and the receiver, that is, ensuring that the data concerned is both signed by the sender and stamped by the receiver.

—Other Security Issues— Together, the above ISO definitions identify network security according to a broad scope of integrated issues. However, additional security challenges need to be incorporated within the identified scope. These additional challenges are associated with the flow of data through the network, and are concerned with the following: • Undesired external data streams flowing from the Internet to an Extranet, or from the Internet and Extranets to an Intranet, represent security challenges to the policies of the Extranets or the Intranets concerned. The same also applies to private internal data streams that should not flow beyond the limits of their Extranets or Intranets.6 • Large volumes of data flow through the network may cause performance problems, or even denial of service. Such volumes also


challenge network security. In addition, unsecured channels where desired data streams may flow represent another security challenge.3,7 In addition to the above challenges, accidental and malicious disasters such as fire, earthquakes, floods, and other similar events represent important security challenges that need to be taken into account. These challenges have been addressed by publications concerned with contingency or disaster recovery planning.3,7,8 By presenting the ISO definitions, and the additional network security challenges, this section has provided a general view of the concept and dimensions of network security. The question now is concerned with the need for the development of security policies for private networks, and how this development can be achieved.

—This Paper— By their nature network security policies include restrictive rules that reduce the freedom of network utilization, on the one hand, and increase network cost, on the other. This results in both less efficiency and less cost-effectiveness. However, without security protection, security challenges may result not only in part or full loss of network benefits, but they may also lead to disastrous consequences. Therefore, the development and implementation of a network security policy require a critical balance between dangerous freedom and costly protection.2,6 Achieving a fine balance would need a policy with a clear comprehensive view of both: the network considered and its organization, on the one hand; and the network security challenges and protection measures, on the other.

T

he development and implementation of a network security policy require a critical balance between dangerous freedom and costly protection.

The work presented in this paper helps the achievement of the required balance. It presents a network security profile upon which current,

Int. J. Network Mgmt 2003; 13: 203–210

SECURITY POLICIES FOR PRIVATE NETWORKS

intermediate and the planned network security states can be mapped. The paper also provides a process for the development of network security. The process uses the profile as a guide to the stepby-step development of the network security state.

205

Technology T

Sources of Challenges Target of

and Protection Measures Protection Information

Information Environment

A Network Security Profile

o

P

Organization

The aim of the network security profile presented here is to establish a base upon which the security states of private networks can be mapped. This helps the development of security policies by allowing security planners to identify both their current states and their future states, in addition to the intermediate states, as work progresses. In addition, the profile base can be updated and upgraded as newer security challenges and protection methods and tools emerge. The profile is described in the following by its horizontal scope, vertical levels, security challenges and protection methods, including both technical and administrative methods, in addition to the consideration of cost-effectiveness.

—The Scope of the Profile— The profile aims at providing a comprehensive view of network security. For this purpose, the profile is associated with the following main issues, as illustrated in Figure 1: • The organization concerned including its objectives, structure, function, and transactions; in addition to other related organizations operating as partners, suppliers and customers. • The people concerned, including the staff of the organization, the relevant staff of the related organizations, and other individuals associated with the organization. • The private information network of the organization concerned including its architecture and services in addition to its external connectivity. • The natural and management environments under which the organization concerned and its network operate, including: weather conditions and man-made environmental aspects, on the one hand, and professional


Problems Accidental Challenges Malicious

People

Administrative Protection

Solutions: Risk / Cost

Technical

Figure 1. The scope of the network security profile.

and cultural behavior, management rules and legal aspects, on the other. • The accidental and deliberate, technical and administrative security challenges that may result from the above organization, people, network technology, and the environment, together with the estimated loss that may result from these security challenges. These challenges are described below. • The technical and administrative security protection methods that can be taken into account to face the above security challenges, together with their estimated cost and effectiveness. These protection methods are described below. • The security evaluation measures that determine the level of protection from challenges, including: accessibility, availability, integrity, reliability, confidentiality, trust, and costeffectiveness. These measures are identified in Table 1.

—The Levels of the Profile— Private networks or Intranets are connected to other private networks and individuals to form Extranets, and are also connected to the Internet for worldwide business presence. Therefore, the scope of the profile described above is associated


206

S. H. BAKRY

Measure Accessibility Availability Integrity Reliability Confidentiality Trust Cost-effectiveness

General definition Permission of system or service access / access control. System or service readiness / no denial of service. Alteration or loss of information. Authentication of identity, non-repudiation, filtering non-permitted information, and controlling flow volumes. Non-disclosure of private information. Capabilities to provide disaster recovery. Risk of loss versus cost of protection. Table 1. Basic security measures

with the following three main levels as shown in Figure 2. • The Intranet level is the level of the organization concerned. It is associated with the security of the network at the internal organization level. • The Extranet level is the level of the organization connectivity and operation with its associates, that is, its partners, suppliers and customers, including both individuals and other organizations. It is concerned with the security of the network at the organization current external business level. • The Internet level is the level concerned with the organization global level, that is, its connectivity and operation with its potential associates including potential partners, suppliers and customers. It is concerned with the security of the network at the worldwide level. Each of the above main security levels may be associated with some sublevels. These would include the following: • A specific system sublevel, and this is concerned with the security of using a specific system in the private Intranet, the associated Extranets or the Internet. • The service sublevel, and this is associated with the security of a certain service within a specific system, such as online trading in a banking system. • The application sublevel, and this is related to the security of the transactions using the service, such buying or selling.


The Internet Level: Potential World Wide Business Activities

The Extranet Level: Partners / Suppliers / Customers Business Activities

The Intranet Level: Intra-Organization Activities

Security

Figure 2. The multi-level construction of the proposed profile

S

ecurity challenges are associated with all levels: the Intranet, the Extranet, and the Internet.

—Security Challenges— Security challenges are associated with all levels: the Intranet, the Extranet, and the Internet. They are concerned with the issues of technology,



organization, people and the environment as explained in the following:2–10 • Challenges caused by the technology of the network and its services may be related to the vulnerability of the technology design, implementation and management. • The challenges of organizations and individuals may be accidental and result from mismanagement and misuse, or they may be deliberate and come from individual hackers and hostile organizations. Such challenges usually include theft, illegal access, viruses, repudiation, cryptanalysis and destruction. • The environment generates security challenges in two main domains. The first domain is associated with the natural environment, while the second is related to the management environment. Both environments usually cause accidental challenges, and they may also be used to initiate deliberate challenges. Noise, power failures and disastrous events, such as fire, flood and earthquakes may come from the natural environment. Illadvised human and administrative behaviors associated with the management environment problems, such as the use of pirated software, may also lead to undesired security challenges. In addition, hackers and hostile organizations may use the environment for their attack.

—Technical Protection— As mentioned in the ISO definitions above, security protection methods include both technical and administrative methods. Their role is to provide counter-measures to the various security challenges discussed above. The technical methods are concerned with providing the following protection measures, which can be used against the challenges at the various Intranet, Extranet, and the Internet levels and sublevels:2–10 • Enhancing system availability by choosing quality technology components with least vulnerability. This choice is related to various issues including previous experience, technology standards in addition to testing and verifications.


207

• Providing access control, where only authorized users can access the network services. This involves the assignment of valid identities in the form of user numbers and passwords to the authorized users. Such identities may be of different levels providing access to different users for different services. Passwords can also be used with special access control procedures such as dial-back techniques for dial-up users, and one-shot techniques, which involves encryption principles. • Protecting data integrity by avoiding data loss or alteration that may take place accidentally or by deliberate action. Error detection and correction techniques can be used for this purpose. Such techniques are associated with different codes: Hamming codes, array codes, Reed–Solomon codes, and Bose Chaudhuri Hocquenghem (BCH) codes. In addition, the integrity techniques are extended to the traffic flow through secured links. Traffic routing techniques are used to route traffic, with special security requirements, through special secure links. • Ensuring confidentiality by using encryption techniques, so that data is not disclosed to unauthorized users. Various encryption techniques, symmetric and asymmetric, can be used individually and collectively for this purpose. Such techniques include Rivest Shamir Adleman (RSA), ElGamal technique; and Diffie Hellman techniques. • Providing reliability by using various available services based on encryption techniques to authenticate the identities of the parties involved. Authenticating the source identity using digital signature services validate initiated transactions for the destination. Repudiation can be avoided using the time-stamping services. In addition, regulations and techniques for digital documents services are becoming of increasing importance, and are based on what is known as Public Key Infrastructure (PKI). • Enhancing reliability by monitoring and filtering traffic flow at Intranet and Extranets gateways. This helps ensure that no undesired external traffic streams are leaked in, and no desired private internal traffic streams are leaked out. The technology components used for this purpose are firewalls. In addi-


208

S. H. BAKRY

tion, the reliability problem is also extended to network traffic flow volumes. The traffic padding technique is one of the main techniques used to deal with this problem. • Protecting various network security measures including system availability, data integrity, operational reliability and network trust from destructions caused by viruses, by using suitable anti-virus systems, at the different levels discussed above. • Supporting network security trust against disasters by providing the necessary standby systems that help recovery.

High Risk / Low Cost

High Cost / Low Risk

Balance

Figure 3. Cost of protection versus risk of loss

—Administrative Protection— The administrative network security protection methods are associated with the following main issues: • Awareness issues concerned with understanding the importance of network security among the people associated with networks including decision makers, IT staff, and the users. • Job practices and management issues which deal with the rules put by organizations on the behavior of people, considering their relationship with using the network, and their recognition of the need for security. • Legal issues associated with the national and international laws that deal with regulating IT security challenges in general, and network security violations in particular. Such laws are known as cyber-crime laws; they include punishments against the various potential challenges. The above issues need to be considered at the various Intranet, Extranet and Internet levels. This is the role of the organization concerned and the different players involved. These players include international organizations and government departments concerned with international and national laws; organizations concerned with network standards and management regulations; professional organizations concerned with ethical practices; organizations working together at the Extranet level; and other related players.


—Cost-effectiveness— Cost-effectiveness, that is, benefits versus cost, needs to be evaluated. Various factors should be considered in this evaluation including: the risk of loss that may result from the different challenges; the cost of the protection measures; and its effect on the operation of the organization. In addition, organization objectives, including its commitment to certain security requirements, and its assignment of protection priorities should also be taken into account. Figure 3 illustrates the relation between the risk of no security protection, and the cost of security protection. It shows three regions: one with low cost and high risk, the other with balance: medium cost and medium risk, and the third with high cost and low risk.

Development Process The profile described above represents a guide for network security development, as it gives a base for the network security state, which is the main object that needs to be considered by security development policies. In the following a stepby-step security development process, guided by the network security profile, is described. For this purpose, the basic issues that need to be taken into account by the process are first presented. This is followed by a description of each step in the process. Figure 4 provides a layout of the basic issues and Figure 5 gives an illustration of the process.



209

Target State: * Security Profile: * Development

Case Organization Requirement

Current State: *

Security Tools Background

Organization Structure / Function

Security Profile Architecture: *

Network / Services Architecture

Figure 4. The basic issues of the security development process

the necessary background for the development of network security. • The security requirements of the organization, the current state of network security, which is based on the network security profile, and the available security tools, are then considered. These issues complete the specification of the security case being taken into account. • With the specification of the case under consideration, the development of the target state would then come under attention. For this purpose, various evaluation issues would need to be taken into account, as described below. The above issues are associated with the basic steps of the security development process described in the following:

Information Organization Using Computer Tools Evaluation Methods: Risk / Cost / Priorities / Choice

Prepare “Background”

R

—Step 1: The Background—

Establish “Case”

The first step is concerned with investigation of the background issues described above. This investigation involves two main tasks:

Investigate “Development” Identify “Target State”

Implementation

Cooperative Development

Testing

Re-Evaluate

Figure 5. The proposed security development process

• The first task is an information collection task concerned with the organization structure and function, network architecture and services, and the network security profile. • The second task is an information management task that requires the use of computer tools. Database tools with a friendly interactive interface may be used for this purpose. This would be useful in establishing the development base that can incorporate the coming steps.

—Basic Issues—

—Step 2: Case Specifications—

The basic issues that need to be considered by the process are time dependent, that is, dependent on the step of the process under consideration, as illustrated in Figures 4 and 5.

The second step is concerned with investigation of the specification of the case under consideration, that is, the security requirements of the organization, the current state of network security, and the available security protection tools. Like the first step, this step includes two main tasks: information collection and management. The use of the computer tools of the first step can be extended to incorporate the second step.

• Initially the organization structure and function, the network architecture and services, and the security profile architecture need to be taken into account. These issues provide



210

S. H. BAKRY

—Step 3: Development Toward the Target State— The third step is an evaluation step that aims at finding the best target network security state that can achieve the security requirements. This state, of course, is based on the network security profile. The computer tools of the above can be extended for this step. The required evaluation would include the following: • Setting priorities for the required security protection measures. Such priorities would be associated with the organization concerned, its function and requirements for the future. • Choosing suitable security protection tools from the available tools. This would be based on certain choice criteria that need to be developed for each type of protection. • Evaluating cost-effectiveness and finding a suitable point between security risk and security protection cost. The above priorities and choice problems would be related to this evaluation.

—Subsequent Steps— After finding the target security state according to the above, the next steps would be to implement the target state, and test it in practical operation. Continuous security development will then follow a continuous circle of the above steps, especially with the changing requirements, the possible emergence of new challenges and the development of newer security protection’ methods.

Conclusions This paper addressed the security of private networks, and introduced a network security profile that can be used, as a guide for the development of network security for private organizations. The proposed, profile emphasizes security challenges and protection methods against security measures and cost-effectiveness. The profile is of a comprehensive horizontal scope that includes: technology, organization, people and the environment. The profile is also of multilevel vertical construction that considers not only the Intranet of the organization, but its associated Extranets, and the


Internet. The paper also introduced a security development process that uses the profile as a guide to effectively transform the current security state into the future target state. The outcomes of the paper would be useful in two main ways. Network security researchers and consultants can work on the proposed profile, and its associated development process by refining and developing their various related issues, on the one hand, and by designing and developing computer tools for their future use, on the other. In addition network security professionals can use the profile, and the process, together with their potential refinements and improvements, to develop, implement, and manage security policies for their networks.

References 1. Bakry SH, Bakry FH. A strategic view for the development of e-business. International Journal of Network Management 2001; 11: 103–112. 2. Howard MD. Network security (and the Internet). International Journal of Network Management 1995; 9(6): 296–304. 3. NCC. Telecommunications Management: Network Security; The National Computing Center Limited, UK, 1992. 4. ISO / IEC TR 12382: Information Processing Vocabulary; International Standards Organization, Geneva, Switzerland. 5. Bakry SH. Security issues in computer networks, Middle East Communications December 1990; 5(12): 13–16. 6. Bernstein T, Bhimani A, Schultz E, Siegel C. Internet Security for Business; Wiley: Computer Publishing, 1996. 7. Minoli D. Telecommunications Technology Handbook; Artech House, 1991. 8. Worbel LA. Disaster Recovery Planning for Telecommunications; Artech House, 1990. 9. Elbert BR. Networking Strategies for Information Technology; Artech House, 1992. 10. Deitel HM, Deitel PJ, Steinbuhler K. e-Business and e-Commerce for Managers; Prentice Hall: New Jersey, 2000.

If you wish to order reprints for this or any other articles in the International Journal of Network Management, please see the Special Reprint instructions inside the front cover.
