The successful use of modern information technologies requires reliable and efficient management not only of the networks themselves, but also of network security. And if in the past the task was to manage individual servers, networks and routers, now it is required to ensure the information security of corporate business processes. Currently, the task of creating an integrated management system that covers the entire infrastructure of the company and, regardless of the complexity and scale of the information system, comes to the forefront:
centrally and efficiently provide management impact on the entire information infrastructure;
conduct regular audits and comprehensive monitoring that provide objective information about the state of information security for making operational decisions;
accumulate statistics on the operation of the information infrastructure to predict its development.
Tasks for managing an information security system
The most important component of the corporate network management system is the enterprise information security system. The information security management system in a distributed enterprise-wide network should solve the following problems: Architecture job description
management of security policies within the enterprise network, the formation of local security policies (LPS) of individual devices and bringing LPL to all information protection devices;
configuration management of objects and access subjects; includes management of the composition, versions, components of devices and security software;
provision of protection services to distributed application systems, registration of protected applications and their resources. Applications of this group should provide, first of all, an interface for managing protection services from application systems;
management of cryptographic tools, in particular, key management (key infrastructure);
audit of information system security; provides obtaining and evaluating objective data on the current state of security of the information system;
system security monitoring; provides real-time information on the status, activity of devices and events with a security context occurring in devices, for example, potential attacks;
ensuring the operation of special secure applications, for example, but tariff supervision of operations, as well as supporting routine activities (changing keys, passwords, security devices, issuing smart cards, etc.);
ensuring the work of the design and inventory group of applications; this group of applications should implement:
determination of points of installation of protective equipment in the enterprise network;
accounting of applied protective equipment;
control of the modular composition of protective equipment;
monitoring the status of protective equipment, etc.
There is a problem of combining and organizing the interaction of traditional network management systems and control systems for information protection tools in the network. The solution to this problem is to integrate network or system management tools with security management mechanisms.
Network Security Management Architecture
To ensure the security of enterprise information resources, information protection tools are usually located directly on the corporate network. Firewalls control access to corporate resources, reflecting attacks from outsiders, and virtual private network gateways provide confidential information transfer through open global networks, in particular. The Internet. To create reliable layered protection, such new security tools as intrusion detection systems, access control means for information content, anti-virus systems, etc. are also currently used.
Unfortunately, it is practically impossible to find a manufacturing company that could provide the consumer at an affordable price with a complete set of tools (from hardware to software) for building a modern corporate information system. Therefore, most CIS companies are usually built on the basis of software and hardware supplied by various manufacturers. Each of these tools requires careful and specific configuration, reflecting the relationship between users and the resources available to them.
In order to guarantee reliable information protection in the corporate information system, a rationally organized CIS security management system is needed that would ensure the security and proper configuration of each CIS component, constantly monitor changes that take place, and monitor users' work. Obviously, the more heterogeneous the information system, the more difficult it is to manage its security.
There are different approaches to building the information security management architecture of a large network. The experience of leading manufacturers of network security tools shows that a company will be able to successfully implement its security policy in a distributed corporate information system if security management is centralized and independent of the operating system and application systems used. In addition, the system for recording events occurring in CIS (NSD events, changing user privileges, etc.) should be unified and allow the administrator to compile a complete picture of the changes taking place in CIS.
On the one hand, the management of all security devices of a large network from a single center seems unrealistic for the following reasons:
there are too many primary devices, which can lead to an overload of a single control center for secondary data and tasks;
the detailed information necessary for optimal management is not always available to a single center;
local control is necessary in some cases for technological reasons (for example, when control is interfaced with physical maintenance or physical reconfiguration of the device).
On the other hand, decentralized management can lead to a loss of its effectiveness and a sharp decrease in the security of network resources as a whole.
The organization of centralized security management of CIS is based on the following principles:
corporate network security management should be carried out at the level of global security policy (GBS) .;
GPB should be consistent with the company's business processes. For this, the property safety properties and the required security services should be described taking into account their business roles in the company structure;
For individual remedies, local security policies (LSPs) are formed. LBP broadcasting should be carried out automatically based on an analysis of GPB rules and the topology of the protected network.
Global security policy A corporate network is a finite set of security rules that describe the parameters of interaction between corporate network objects in the context of information security:
Security service required for the connection: processing rules, protection and traffic filtering;
direction of providing security service;
authentication rules for objects;
key exchange rules;
rules for recording the results of security events in the system log;
alarm signaling rules, etc.
centrally and efficiently provide management impact on the entire information infrastructure;
conduct regular audits and comprehensive monitoring that provide objective information about the state of information security for making operational decisions;
accumulate statistics on the operation of the information infrastructure to predict its development.
Tasks for managing an information security system
The most important component of the corporate network management system is the enterprise information security system. The information security management system in a distributed enterprise-wide network should solve the following problems: Architecture job description
management of security policies within the enterprise network, the formation of local security policies (LPS) of individual devices and bringing LPL to all information protection devices;
configuration management of objects and access subjects; includes management of the composition, versions, components of devices and security software;
provision of protection services to distributed application systems, registration of protected applications and their resources. Applications of this group should provide, first of all, an interface for managing protection services from application systems;
management of cryptographic tools, in particular, key management (key infrastructure);
audit of information system security; provides obtaining and evaluating objective data on the current state of security of the information system;
system security monitoring; provides real-time information on the status, activity of devices and events with a security context occurring in devices, for example, potential attacks;
ensuring the operation of special secure applications, for example, but tariff supervision of operations, as well as supporting routine activities (changing keys, passwords, security devices, issuing smart cards, etc.);
ensuring the work of the design and inventory group of applications; this group of applications should implement:
determination of points of installation of protective equipment in the enterprise network;
accounting of applied protective equipment;
control of the modular composition of protective equipment;
monitoring the status of protective equipment, etc.
There is a problem of combining and organizing the interaction of traditional network management systems and control systems for information protection tools in the network. The solution to this problem is to integrate network or system management tools with security management mechanisms.
Network Security Management Architecture
To ensure the security of enterprise information resources, information protection tools are usually located directly on the corporate network. Firewalls control access to corporate resources, reflecting attacks from outsiders, and virtual private network gateways provide confidential information transfer through open global networks, in particular. The Internet. To create reliable layered protection, such new security tools as intrusion detection systems, access control means for information content, anti-virus systems, etc. are also currently used.
Unfortunately, it is practically impossible to find a manufacturing company that could provide the consumer at an affordable price with a complete set of tools (from hardware to software) for building a modern corporate information system. Therefore, most CIS companies are usually built on the basis of software and hardware supplied by various manufacturers. Each of these tools requires careful and specific configuration, reflecting the relationship between users and the resources available to them.
In order to guarantee reliable information protection in the corporate information system, a rationally organized CIS security management system is needed that would ensure the security and proper configuration of each CIS component, constantly monitor changes that take place, and monitor users' work. Obviously, the more heterogeneous the information system, the more difficult it is to manage its security.
There are different approaches to building the information security management architecture of a large network. The experience of leading manufacturers of network security tools shows that a company will be able to successfully implement its security policy in a distributed corporate information system if security management is centralized and independent of the operating system and application systems used. In addition, the system for recording events occurring in CIS (NSD events, changing user privileges, etc.) should be unified and allow the administrator to compile a complete picture of the changes taking place in CIS.
On the one hand, the management of all security devices of a large network from a single center seems unrealistic for the following reasons:
there are too many primary devices, which can lead to an overload of a single control center for secondary data and tasks;
the detailed information necessary for optimal management is not always available to a single center;
local control is necessary in some cases for technological reasons (for example, when control is interfaced with physical maintenance or physical reconfiguration of the device).
On the other hand, decentralized management can lead to a loss of its effectiveness and a sharp decrease in the security of network resources as a whole.
The organization of centralized security management of CIS is based on the following principles:
corporate network security management should be carried out at the level of global security policy (GBS) .;
GPB should be consistent with the company's business processes. For this, the property safety properties and the required security services should be described taking into account their business roles in the company structure;
For individual remedies, local security policies (LSPs) are formed. LBP broadcasting should be carried out automatically based on an analysis of GPB rules and the topology of the protected network.
Global security policy A corporate network is a finite set of security rules that describe the parameters of interaction between corporate network objects in the context of information security:
Security service required for the connection: processing rules, protection and traffic filtering;
direction of providing security service;
authentication rules for objects;
key exchange rules;
rules for recording the results of security events in the system log;
alarm signaling rules, etc.
No comments:
Post a Comment