information security challenges in the 21st century-l3 mar 2010

8/14/2019 Information Security Challenges in the 21st Century-l3 Mar 2010

http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 1/32

1

www.mimos.my © 2010 MIMOS Berhad. All Rights Reserved.

Presentation at

Universiti Sains Islam Malaysia (USIM)

On 3 rd march 2010

Dr Jamalul-lail Ab Manan

Information Security Cluster

Information SecurityChallenges in the 21 st Century



3rd March 2010 ©2010 MIMOS Berhad. All Rights Reserved. 2

Discussion PointsIntroduction – The Good and The Bad

Today’s Optimized technology

Today’s Business Opportunities

Today’s Security & Privacy Issues

Tomorrow’s world will be…

What is Security?

What is Information Security?

How does Information Security Affects You?Fraud, Forgery, Secure Collaboration

Defence in Depth

Traditional Defense In Depth

Trusted Computing

Holistic ApproachTomorrow’s Defense In Depth

21 st Century Security Challenges

Building Trusted Infrastructure

Conclusion



3rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 3

Allah SWT - Created a Balanced EarthGod created nature with different functions, carefully

measured and meticulously balanced by God:

“Everything with Him is measured”

“ And the firmament he has raised high, and he has set-upthe balance of everything in order that you (humanity) may not transgress due balance. So maintain the balance with equity and not fall short of it”

One of the functions of the natural environment is toserve humanity:

“He it is who hath made the earth subservient unto you, sowalk in the paths thereof and eat of His providence”

O people! Worship your lord. Who has created you and those before you, so that you may ward off evil. Who hath

appointed the earth a resting place for you and the sky a canopy and causeth water to pour down from the sky, thereby producing fruits as food for you. And do not set up rivals to Allah when yeknow better.

Osman Bakar (2007) Environmental Wisdom for Planet Earth: The Islamic Heritage. Centre for Civilisational Dialogue University Malaya




Introduction – Today’s Optimized TechnologyUsage & Platform




Introduction – Today’s Business OpportunitiesMobile Commerce


http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 7/323rd March 2010 © 2010 MIMOS Berhad. All Rights Reserved. 7

Tomorrow’s World will be …..



What We Predict May be Inaccurate



What is Security?



What is Information Security?

Security From Users’ Perspective

Security From Designers’ Perspective



The Security Challenges in 21 st CenturyExample : Mobile Commerce Network

Client

Application

Server

Data



Fraud



Forgery



What it is NOT

Secure Collaboration Space



Defense in Depth

“Defense in depth” is to design solutions thatconsist of several independent security layers,that all have the purpose of protecting your assets.

In order for an attacker to gain access to theassets we are trying to protect, attacker has tocircumvent each of the defensive measures wehave implemented at each layer including thehuman layer.



Today’s Defense In Depth

,

Passwords, anti virus & user authentication

Operating System patches, configuration and policy control

Hardware (unprotected)

Client

N e t w o r k

Server

Encryption (IPSec, SSL) & AuthenticationVPN & Layered FirewallsIntrusion Detection & prevention & 24hrs monitoringMulti factor Authentication Network Access Control, NetworkSegmentation, RADIUS & access controlDomain Controllers, Configuration monitors, policy management

Multi factor user authentication

Network Segmentation, encrypted data, real time monitoring, audit & analysis

Highly regulated HW & SW configuration, controlled physical access

Patch, configuration and policy control, configuration monitors

Intrusion detection, firewalls, anti virus

Issue: Weak Client Platformscauses issues in Securityimplementations

ApplicationData

Network Client

Application

Server

Data



Traditional Defense In Depth : Multi-layer Security



Among the common Threats at each layer…

What is lacking is “Trust”…..



Trust Model

Holistic Approach to Information Security

Our approach to counter these threats are by managing the risks atmultiple layers of the security protection and integrity.

Architecture DesignConsideration

Desired Platform

Security Model



Tomorrow’s Defense In-depth

N e t w o r k

Client

Passwords, anti virus & TPM-based user authenticationOperating System patches, configuration and policy control

Virtualization (Management of Resource, Memory, IO, etc)Hardware Independent

Security Kernel – TPM based trusted software layer (storage, GUI, etc)

Server

Encryption (IPSec, SSL, M’sian Crypto) & TPM-based AuthenticationTPM-based VPN & Layered FirewallsIntrusion Detection & prevention & 24hrs monitoringMulti factor Authentication, TPM-based Network Access Control, NetworkSegmentation, RADIUS & access controlDomain Controllers, Configuration monitors, policy management

Multi factor, Certificates & TPM-based Server authentication

Virtualization (Management of VM Instances, Resource, Memory, IO, etc)

Security Kernel – TPM based trusted software layer (storage, GUI, etc)Network Segmentation, encrypted data, real time monitoring, audit & analysis

Highly regulated HW & SW configuration, controlled physical accessPatch, configuration and policy control, configuration monitors

Intrusion detection, firewalls, anti virus

ApplicationData

Network

Client

Application

Server

Data

Strength: Strong Client Platformshelp Defense In-depthSecurity Strategy



Building Trust in Document Security

TPM

Policy

Future Document Security

Trust Manager

Attest/request Sealing/ retrieveTPMAttest/IssueCertificate

TPM

Domain CA Archive

Trusted document

Existing Document Security

IssueCertificate

Domain CA

Security Managerretrieve

Policy

Request withCertificate

Archive

Encrypted document



Building Trust in Banking Security

Existing Banking Security

TPM

Policy

Future Banking Security

Trust Manager

Attest/request Sealing/ TransactionAttest/IssueCertificate

TPM

Domain CATPM

Banks

Trusted document

Security ManagerTransaction

Policy

Request withCertificateIssue

Certificate

Domain CA Banks

Encrypted document


http://slidepdf.com/reader/full/information-security-challenges-in-the-21st-century-l3-mar-2010 24/32rd March3 2010 © MIMOS Berhad. All Rights Reserved.2010 24

Building Trust in Mobile Security

Mobile ManagerServices

PolicyRequest withSIM

Existing Mobile Security

MTM

Policy

Future Mobile Security

Mobile Trust Manager

Attest/request Encrypt/ Services

MTM

Mobile Service Provider




Building Trust In Cloud Computing Security

Cloud Computing

TPM

Policy

Future Cloud Computing Security

Cloud Trust Manager

Attest/request Sealing/ Services

TPM

task

Applications

TrustedCompartment

Cloud Computing

Cloud ManagerServices

Policy

Request withCertificate

Existing Cloud Computing Security

task

Applications




21 st Information Security - Introduction




21 st Information Security - Challenges

SecurityGoals:

Threats:

TrustModels:




21 st Information Security - Enforcement




THANK YOU



How do you Manage Security?An ISMS Model

information security challenges in the 21st century-l3 mar 2010

Documents