Title e.g., Architecture Subtitle e.g., Agent Server
Download
Report
Transcript Title e.g., Architecture Subtitle e.g., Agent Server
New generation network
protection solutions
L. Aslanyan, S. Petrossyan, K. Margaryan and H. Sahakyan
Information Society Technologies Center
Institute for Informatics and Automation Problems, NAS RA&YSU
July 15, 2015
New generation network protection
solutions
1
Security problems are related to:
•
•
•
•
•
•
Software bugs (browsers…)
Malicious code (trojans, worms …)
Network sniffing, stealing…
Inadequate access control
Misuse
Etc.
What is the related action ?
The use of PKI, firewalls, secure protocols, etc. and the
development of adequate new generation theories and
solutions for protecting the mixed computer human
societies.
July 15, 2015
New generation network protection
solutions
2
SECURITY POLICY
Security policy is the key element of security provision.
That consists of:
• Detailed description of any information, which might be monitored
operationally and which might be of some interest for data security
reasons.
• Archiving of existing knowledge – systems, structures, technologies,
viruses, hacking.
• The data analysis algorithms - to be designed and realized, by the
above data descriptions according to the basic tasks and requirements.
Security policy is the set of laws, rules, and practice that regulate
how an organization implements, manages, protects, and distributes
its information and computing resources to achieve security
objectives.
July 15, 2015
New generation network protection
solutions
3
CONVERGENCE OF TECHNOLOGIES
- the way to provide the solution
• Cryptography, PKI, Certificates and Signatures
• Software Agent Systems – mobile, intelligent
• Artificial Intelligence – data warehouses, data
mining
Distributed Systems Integration and Administration
– is a new layer and generation of security and
monitoring systems
July 15, 2015
New generation network protection
solutions
4
SARM
USE
CASE
sarm.am
Archive
MS SQL server
(bibliographic
descriptions databases,
Certification databases)
WWW
interface
SARM
of Normative
documents
(PDF, DOC, PS)
Ftp, e-mail,
Telnet
MS Proxy 2
SARM Users
SARM Connection interfaces
SARM archives, databases,
and other documents
Relation between data
WTO, ISO ISO
TCs
Press
Infocenter
Metrology
Yerevan Test
SARM TC
SARM Board
Other outside
organisations
Data flow one-way, 2-way
Data flow between interfaces
and archives, databases
July 15, 2015
Public and
governmental bodies
New generation network protection
solutions
SARM remote
branches
(Kapan, Gyumri,...)
Archive of
Certification
protocols
5
Internet
FS
UNIX 4.0
NET
FS
Windows NT
HUB
FS
NetWare
DANUBE
DTU 2603
Mainstreet
3600
Yerevan ITS
Ethernet
CISCO 2511
Azatutyan 24
Mainstreet
3600
Yerevan, 5th
Station
16 Modem
High frequency channels
to the districts
Mainstreet
3600
Hrazdan
DTU 2602
DTU 2601
* * *
DANUBE
PC/LAN
CISCO 2509
HUB
7 Modem
CISCO 2511
16 Modem
Client links and
connections
PC/LAN
DANUBE
DTU 2602
FS
UNIX 4.0
Ethernet
Aaronyan 2
FS
Windows NT
* * *
54 ATC
Ethernet
Tigran Mets 4
PC / LAN
SARM, Komitas 49/2
July 15, 2015
New generation network protection
solutions
6
CONNECTION
July 15, 2015
New generation network protection
solutions
7
GENERAL
ARCHITECTURE
July 15, 2015
New generation network protection
solutions
8
Main Components
– Agents (A)
– Agent Servers (AS)
– Home Servers (HS)
– Secure Infrastructure with Secure Information
Space (SIS)
– Data Analyzer Module (DAM)
– Security Policy Editor (SPE)
– User Front End (FE)
July 15, 2015
New generation network protection
solutions
9
Architecture
Agents
• Autonomous programs jumping between
Computers.
• Data source will have to provide data through a
mobile agent platform.
• Advantage for intrusion detection and monitoring:
Only the monitoring sites must use agents.
July 15, 2015
New generation network protection
solutions
10
Agent Servers
Agent servers are generic servers providing
one or more customized services to visiting
mobile agents.
July 15, 2015
New generation network protection
solutions
11
Home Servers
• Home Server is special Agent server. It
provides support for detached computing,
since returning mobile agents can wait on
them until the user connects to the network.
July 15, 2015
New generation network protection
solutions
12
Security of Agents
• Using cryptographic tools (public and private
keys)
• Communication with the CA
• The additional security protects hosts against
rogue agents. The agents are indirectly secured
through the trusted hosts.
July 15, 2015
New generation network protection
solutions
13
CONCLUSIONS (1)
The use of Agents technologies is bringing security system in
an automated level:
• A central monitoring station launches agents into a
network, where the agents are searching irregularities.
• If irregularities are found the agent can:
– Trigger an alarm, notify the infected/misdoing entity.
– Exclude the infected/misdoing entity from the system (revoke a
certificate).
– Fix the problem.
July 15, 2015
New generation network protection
solutions
14
SYSTEMS
INTELLIGENCE
July 15, 2015
New generation network protection
solutions
15
Data Analyzer Module (DAM)
• Realization of DAM depends on use cases:
– central (for surveillance)
– mobile (for intrusion detection)
• Main duties
– data description, archiving, filtering and selection
– statistical analysis, distributed events recognition,
data mining
– result interpreting and decision support
July 15, 2015
New generation network protection
solutions
16
Data Analysis Module
Architecture
DAM A d m i n i s t r a t i o n
DAM Strategies Development
(operational regime)
Input Data
Composition
for
Analysis
July 15, 2015
Task Translation
into the
Algorithms
Language
Hierarchical Search
Rules Analyzer
Frequent Patterns
New generation network protection
solutions
Decision and Estimation
Tasks (static regime)
Algorithm
Metric Analysis and
Statistics
Rules for Repository
Alerts
New Tasks
17
DAM
UML Class Diagram
DAMInput
Tasks
(static regime)
Rules
Input Data
Composition
Algorithms
Alert
New Tasks
Decision &
Estimation
DAM
DAM
Administration
Task
Translation
Metric Analysis
and Statistics
July 15, 2015
Hierarchical
Search
Rules Analyzer
Frequent
Patterns
New generation network protection
solutions
Strategies
Development
18
CONCLUSIONS (2)
• Mobile agent based systems are the way of automation of
security policy provision in distributed environments.
• Intelligent agent based systems are the way of recovering
the nonstandard systems behavior, which, in particular,
might be an intrusion, misuse, or other danger.
July 15, 2015
New generation network protection
solutions
19