Research Paper: Information Security Technologies

1 Research paper : Information SecurityTechnologiesbyBenjamin TomhaveNovember 10, 2004 Prepared for:Professor Dave CarothersEMSE 218 The George Washington UniversityThis paper or presentation is my own work. Any assistance I received in its preparation isacknowledged within the paper or presentation, in accordance with academic practice. If Iused data, ideas, words, diagrams, pictures, or other Information from any source, I havecited the sources fully and completely in footnotes and bibliography entries. This includessources which I have quoted or paraphrased.

2 Furthermore, I certify that this paper orpresentation was prepared by me specifically for this class and has not been submitted, inwhole or in part, to any other class in this University or elsewhere, or used for anypurpose other than satisfying the requirements of this class, except that I am allowed tosubmit the paper or presentation to a professional publication, peer reviewed journal, orprofessional conference. In adding my name following the word 'Signature', I intend thatthis certification will have the same authority and authenticity as a document executedwith my hand-written signature.

3 Signature _____Benjamin L. Tomhave_____Benjamin L. Tomhave12/7/2004 1 Research paper : Information SecurityTechnologiesbyBenjamin L. TomhaveAbstractThe following Research paper provides analysis of thirteen (13) Information securitytechnology topics, arranged in ten (10) groups, that are either commonly found oremerging within the Information Security industry. These topics include: Access ControlManagement, Antivirus, Audit Data Reduction, Firewalls, Intrusion Detection Systems(IDS), Intrusion Prevention Systems (IPS), Anomaly Detection Systems (ADS), EventCorrelation Systems (ECS), Network Mapping, Password Cracking, Public KeyInfrastructure, Virtual Private Network, and Vulnerability Scanning Systems.

4 IDS, IPS,ADS and ECS are grouped together under one common heading (Intrusion Detection andAnalysis Systems) due to their commonality and interdependence. This paper providesbasic overview Information about each technology, but primarily focuses on analyzingeach technology within the modern Information Security and business context, looking athow it meets business needs while addressing Confidentiality, Integrity and Availabilityas a Countermeasure that Detects, Corrects and/or L. Tomhave12/7/2004 2 Table of AND OVERVIEW OF CONTROL DATA.

5 DETECTION AND ANALYSIS Detection Systems (IDS) .. Prevention Systems (IPS).. Correlation Systems (ECS).. Detection Systems (ADS) .. KEY PRIVATE SCANNING L. Tomhave12/7/2004 3 Research paper : Information SecurityTechnologiesbyBenjamin L. AND OVERVIEW OF APPROACHThis Research paper introduces and analyzes ten (10) Information Security of the following sections focuses on a specific technology and adheres to thefollowing general format:oTechnology Overview: A high-level introduction to the Analysis: An evaluation of the usefulness, cost, complexity, and utilityof the technology in the modern business Analysis.

6 The Security technology is weighed against the tenets ofConfidentiality, Integrity and Availability as well as evaluating its role as acountermeasure (detect, correct, protect).The ten Security Technologies addressed in this paper Control Data Detection and Analysis MappingBenjamin L. Tomhave12/7/2004 Key Private Scanning CONTROL MANAGEMENTA ccess control management (ACM) systems pull together identity, authentication andauthorization to restrict what resources a user may access and in what manner that accessmay occur (read, write, execute, modify, etc.)

7 ACM solutions may be based on a numberof Security models, including Discretionary Access Control (DAC), Mandatory AccessControl (MAC), and Role-Based Access Control (RBAC). A standard ACM provides aninterface through which a user will self-identify, followed by a mechanism forchallenging and confirming that identity, and then a method for granting rights, or accessto Information , based on the non-repudiated authentication of the user. Access control isat the heart of Information Security and is the fundamental premise upon which theindustry is based1.

8 Without access control management, there would no method throughwhich to provide Security for systems and AnalysisAccess control management systems provide the foundation for Information securitywithin the business environment. Its usefulness is extensive, with the primary functions1 Ben Rotchke, Access Control Systems & Methodology (New York: , 2004, accessed 06 November 2004); available from ; L. Tomhave12/7/2004 5being to classify data systems according to value and allocate protection mechanisms inaccordance with the value of the resource.

9 According to Tipton and Krause, "[the]essence of access control is that permissions are assigned to individuals or system objects,which are authorized to access specific resources."2 The implementation of ACM systems can range in cost from minor to extreme,depending on the value of the resource being protected. The underlying Security modelapplied also impacts how expensive and complex the solution may be. ACM solutionsare perhaps the most important Security technology that can be deployed, ahead of allother countermeasures, because of its inherent purpose to control access to data andsystems.

10 The utility of the ACM systems, however, is limitless under the assumptionthat a business has resources of value that require Access Control systems are very common and are generally cost-effectivefor most environments. Most operating systems today - ranging from Windows to UNIXto Linux and beyond - make use of a DAC model of access control. Mandatory AccessControl systems tend to be more complex and costly in performance and systems require a much stronger systematic adherence to the precepts of accesscontrol and can thus challenge administrative resources and confound access to data asrequired by the business.