1.

1 Security Architecture
Information Security is a process whose objective is to ensure the confidentiality, integrity
and availability of an organization’s information. An information security program, to be
comprehensive, should be founded on a sound information security policy, supported by
appropriate technology (like anti-virus, access control mechanisms, firewalls, and Intrusion
Detection System), resiliency mechanisms and regularly monitoring of the implemented
controls.

Industry best practices suggest defense in depth concept for implementing information
security. Defense in depth is a practice that combines several different security components,
such as firewalls, IDS/IPS, antivirus software, operating systems security and application
security, to create a comprehensive and secure architecture. A multi-layer security system,
supported by a comprehensive information security policy, can significantly reduce the risk of
attack.

We need to follow the defense in depth strategy to implement security as required. The
overall Security Model that can be depicted as follows:

Security Policy

Security Management Framework

Controls

Technologies

Figure 3-1: Security Model Diagram

At the highest level is the Security Policy. This Security Policy could be realized by
implementing a Security Management Framework designed to manage the overall security
of the entire system, in accordance with the ISO 27001 standard.

At the broad level the Security Model should be designed to ensure the security of all assets
and ensure that no interference is possible with the delivery services. The system should be
set up in such a way that it should not be possible to alter any data, bypass any processing
stages or change the priority of any work item without authorization. Each action should be
carried out in such a manner that clear accountability can be fixed for the authorization and
performance of that action.
 Adopt a defense-in-depth strategy in order to protect the confidentiality, integrity and
availability of the information as well as the Assets. This strategy covers security at all
possible layers like Physical, Perimeter, Network, Operating System, and Application.
Accordingly, Develop all the required policies and procedures that are required for the
implementation and management of the solution based on international security standard
ISO27001. ISO 27001 encompasses various Administrative, Operational, and Technological
and Physical Security measures covering the following 11 domains:
 Information security policy
 Organization of information security
 Asset management
 Human resource security
 Physical and environmental security
 Communications and operations management
 Access control
 Information systems acquisition, development & maintenance
 Information security incident management
 Business continuity management
 Compliance
Every component of the solution has been designed keeping security as one of the critical
design factors. The system should governed by a well-defined Information System Security
policy and this should adhered to at all times during the currency of contract in order to
ensure Confidentiality, Integrity and Availability of the system.

The overall security architecture proposed for the solution is organized into the following
categories:

1. Network Security
a. Firewalls
b. Intrusion Protection System
c. Antivirus System
d. Log management and correlation
e. E-mail security
f. Patch Management
g. Domain Controllers

2. Application & Database Security

a. User & Role Management
b. Authentication & Authorization
c. Cryptographic Services for Digital Signature and Encryption
d. Audit Logs

3. Security Management
a. Information Security Policies and Procedures
 b. Business Continuity / Disaster Recovery plan
c. Security Audits and Penetration tests

1.1.1 Network Security

Various zones in the Data Centre for connecting homogenous sets of servers running one
application or integration among applications or servers accessed by one category of users.
This will facilitate controlled access to the network and application resources only to the
intended users.

Following zones should be implemented in the Data Centre. Functions of each zone and IT
equipment are explained in the subsequent sections:

 External server segment

 Local server segment
 IFMIS server segment
 Admin segment
 Internal Network

1.1.1.1 A Proposed Solution

When it comes to information security these days, it’s a mixed up muddled up world out
there. The terms being used to describe network defense capabilities are just as blurry and
hard to pin down as the latest flavor of blended threat. Not surprisingly, the result is a
growing state of misunderstanding and confusion, culminating in the inability to readily
separate fact from fiction. Indeed, amidst the haze of imprecision there is even a proposition
that achieving comprehensive network-based protection requires little more than intrusion
prevention and, of course, firewall capabilities.

A comprehensive solution that will not only protect the entire network resources from threats
on all levels, but will also provide interoperability and seamless implementation, and
centralized management should be implemented. A network-based security approach
should be implemented which has the advantage of at least intending to stop threats before
they are allowed to spread throughout an organization’s entire computing environment. To
achieve this, firewalls with integrated SSL gateway and Intrusion Prevention capabilities
should be put in place:

The appliance based firewalls combines feature rich security operating system with
dedicated processors to provide a high performance array of security and network functions
including:
 firewall, VPN, and traffic shaping

 Intrusion Prevention system (IPS)

 antivirus/ antispyware / antimalware

 web filtering

 Anti -spam
  multiple redundant WAN interface options

These dedicated appliances provide comprehensive protection against network, content,

and application-level threats, including complex attacks favored by cyber criminals, without
degrading network availability and uptime. The proposed platform includes sophisticated
networking features, such as high availability (active/active, active/passive) for maximum
network uptime, and virtual domain capabilities to separate various networks requiring
different security policies.

The firewall policies will control all traffic attempting to pass through the appliance unit,
between interfaces, zones, and VLAN sub interfaces. When the firewall receives a
connection packet, it analyzes the packet’s source address, destination address, and service
(by port number), and attempts to locate a firewall policy matching the packet. The appliance
will provide a secure connection between the remote clients and the unit through the SSL
VPN. After the connection has been established, the unit provides access to selected
services and network resources through a web portal. The appliance delivers antivirus
protection to HTTP, FTP, IMAP, POP3, SMTP, IM, and NNTP sessions. Antivirus scanning
function includes various modules and engines that perform separate tasks. The unit
performs antivirus processing in the following order:

 File size

 File pattern

 File type

 Virus scan

 Grayware

 Heuristics

The three main sections of the web filtering function, the Web Filter Content Block, the URL
Filter, and the Web filter, interact with each other in such a way as to provide maximum
control and protection for the Internet users. The appliance is proposed to be configured to
manage unsolicited commercial email by detecting and identifying spam messages from
known or suspected spam servers. The antispam service will use both a sender IP
reputation database and a spam signature database, along with sophisticated spam filtering
tools, to detect and block a wide range of spam messages.

The Intrusion Protection system combines signature and anomaly detection and prevention
with low latency and excellent reliability. The unit will log suspicious traffic, send alert email
messages to system administrators, and log, pass, or block suspicious packets or sessions.
Intrusion Protection system matches network traffic against patterns contained in attack
signatures. Attack signatures reliably protect network from known attacks and ensures the
rapid identification of new threats and the development of new attack signatures. With
intrusion Protection, multiple IPS sensors should created, each containing a complete
configuration based on signatures. DoS sensors are also proposed to examine traffic for
anomaly-based attacks.
A (5) E-mail Security

The Email statistics are based on email protocols. POP3 and IMAP traffic is registered as
incoming email, and SMTP is outgoing email. Gateway level E-mail security should provided
by the firewall with integrated SSL VPN. The appliance supports Antivirus protection to
IMAP, POP3, SMTP, IM, sessions. proposes to configure spam filtering for IMAP, POP3,
and SMTP emails.

1.1.2 Servers Security

A comprehensive solution that will not only protect the entire network resources from threats
on all levels, but will also provide interoperability and seamless implementation, and
centralized management has to be implemented. To achieve this, the use a group of
products providing the following capabilities:
1. Antivirus / Anti-spam

2. Patch Management

3. HIDS/HIPS

4. Domain controllers

1.1.2.1 A Proposed Solution

For providing security at the Operating system layer the following key points have to be
considered:
 Dedicated servers for applications and databases should used. Sharing the servers
with other applications introduces more complexity and risks.
  Maintain a current, well-patched operating system on all the systems (servers,
desktops). This eliminates well-known bugs that have already been addressed by the
vendor.
 Restrict access to the servers only to authorized users.
 Hardening of servers and desktops using industry best practices, security
benchmarks.
 Host Intrusion Detection System (HIDS) to protect the servers from attacks and
unauthorized use.
 Antivirus solution to protect the servers from viruses/worms
 Backup and restoration mechanisms for important/critical data and systems files
 Properly configuring the required policies (like auditing, password, user rights etc.) on
the servers based on the Industry best practices and security benchmarks.

A (1) Anti-virus / Anti-Spam

All the Application servers, database servers and the Web-servers should have the latest
anti-virus kits to detect new viruses. These anti-virus kits should updated with the latest
versions frequently. Additional security features like disabling of drives and control on
internet site usage and download for further data security, have to be implemented. One
can consider Symantec Protection Suite for Antivirus and Anti-spam or any other suitable
product.

A (2) Patch Management

One can consider CA IT Client Manager Solution for patch management

A (3) HIDS/HIPS
Symantec Critical System Protection

A (4) Domain controllers

For Domain controller one can consider Microsoft Windows solution.

A (5) E-mail Security

Symantec Protection Suite Enterprise Edition addresses this need by including the following,
industry-leading mail security solutions to protect its infrastructure from email-borne threats.

1. Symantec Brightmail Gateway

2. Web Gateway URL filtering

1.1.3 Application & Database Security

Through infrastructure security is a critical element of the overall security paradigm;
application security is also an equally critical area where security is often slack, thereby
providing a back door for attackers to compromise computer systems. Application security is
also significant in the sense that Application-level attacks often cannot be blocked or
detected by infrastructure security components.
 recognizes the importance of Application Security in operating a truly secure IT
infrastructure. Application security has two primary objectives:
 Ensure that the data an application creates, updates, stores, and/or transmits are
protected from unauthorized disclosure, tampering, corruption, and destruction, by the
application’s users, by processes external to the application, and by the application itself
and
 Provide another security layer within the overall system
The application and database security requirements can be broken down into the following:

1. Secure Application Development Methodology

2. Security requirements of the application
3. Database security requirements

1.1.3.1 Secure Application Development Methodology

The following diagram describes the methodology has adopted to provide its services for
assessing and managing security in applications. The methodology and the activities
mentioned below are followed during the development of the solution to ensure compliance
to standards and guidelines such as ISO27001.

Figure 3-2: Enterprise View of SW Solution

A (1) Security design review

The review of the application architecture design based on the software requirement
specification (SRS) for security will point out the possibility of the security loop-holes in the
application-design; which may result in disclosure of information, memory exhaustion, denial
of service and buffer overflow etc.

As a part of the design review process one should use the Threat Modelling technique using
proprietary Threat and Analysis tool to record and manage the risks to the applications being
developed. The following diagram provides a brief description of the process should be
followed.

A (2) Security code review

The code review of the application is to ensure compliance to security standard of the
coding. The code review ensures robust validation mechanisms in code, robust
authentication and access control mechanisms in code and increase overall robustness of
the code.

Various areas such as Un-validated parameters, Broken access control, Buffer overflows,
Command injection flaws, Error handling problems, Insecure use of cryptography, Remote
administration flaws, Communication between client-server, Connection time-out etc are
covered in the code review.
A (3) Security testing

The security testing of the application is targeted to simulate the attacks to the application
like a hacker, and try to penetrate into the application to find the weaknesses in different
area:

 Authentication mechanism

 Access Control

 Data validation

 Buffer overflow

 Denial of Service (DoS)

 Information disclosure

 Error handling

 Insecure configuration

A (4) Conclusion

To summarize and recap, we utilize an end-to-end security approach for all phases of
application development and incorporate Application security assessment services using
various tools like Security Code Review, automated Application Security scanners etc. The
following diagram depicts the entire process in a more simplistic manner.