Nikolai V. Medvedev*
Information Security Department,
N. E. Bauman Moscow State Technical University
One of the most difficult problems encountered when connecting corporate or local networks and individual users to the Internet is that of ensuring the security of information resources. To resolve this problem, a number of technologies are used, each of them intended to counter particular classes of security threats. These include intrusion detection systems (IDS), public key infrastructure (PKI), virtual private networks (VPN), antivirus software, cryptographic systems, identification and authentication systems, security scanners, and so forth. Firewalls represent another significant type of such technologies, and their skillful application can substantially reduce the risks associated with unauthorized access to data. However, comprehensive efforts to prevent the realization of threats of unauthorized access will be successful only through the development of an optimal information security policy involving the integration of the theoretical foundations of information protection with the best possible selection of protection mechanisms to be put in place.
Only a major leading university with the appropriate methodological base is in a position to provide training for highly qualified specialists in this field. The main areas of training for specialists of this sort at N. E. Bauman Moscow State Technical University are as follows:
theoretical foundations of engineering and technology for information protection
methods and practices of engineering and technology for information protection
Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 196
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings APPENDIX C Comprehensive Training of Specialists to Counter Information Security Threats Nikolai V. Medvedev* Information Security Department, N. E. Bauman Moscow State Technical University One of the most difficult problems encountered when connecting corporate or local networks and individual users to the Internet is that of ensuring the security of information resources. To resolve this problem, a number of technologies are used, each of them intended to counter particular classes of security threats. These include intrusion detection systems (IDS), public key infrastructure (PKI), virtual private networks (VPN), antivirus software, cryptographic systems, identification and authentication systems, security scanners, and so forth. Firewalls represent another significant type of such technologies, and their skillful application can substantially reduce the risks associated with unauthorized access to data. However, comprehensive efforts to prevent the realization of threats of unauthorized access will be successful only through the development of an optimal information security policy involving the integration of the theoretical foundations of information protection with the best possible selection of protection mechanisms to be put in place. Only a major leading university with the appropriate methodological base is in a position to provide training for highly qualified specialists in this field. The main areas of training for specialists of this sort at N. E. Bauman Moscow State Technical University are as follows: theoretical foundations of engineering and technology for information protection methods and practices of engineering and technology for information protection * Translated from the Russian by Kelly Robbins.
OCR for page 196
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings devices and operating principles involved in automated systems methodology for the design, construction, and operation of secure automated systems criteria and methods for assessing the security of automated systems means and methods of unauthorized access to information in automated systems architecture of secure computer networks software, devices, and hardware for creating secure networks principles of building and managing secure networks rule for the organizational, technical, and legal protection of information the use of software and device technologies for protecting information building and operating secure databases systems approach to the problem of protecting information in database management systems mechanisms for protecting information in databases and database management systems and opportunities for circumventing them concepts of engineering- and technology-related means of information protection organizational foundations for the use of engineering- and technology-related means of information protection After receiving training in this discipline, specialists must have an understanding of the following: promising areas for the development of computer security theory methods for information security threat analysis architecture of secure automated systems principles for the construction of secure systems typical attacks on secure systems promising areas for the development of network security technologies current problems of information security science and the role and place of network information security in overall efforts to ensure comprehensive information security Specialists must know the following: methodological and technological foundations for comprehensive automated systems security threats and methods of violating systems security formal models providing a foundation for security systems standards for assessing systems security and their theoretical foundations methods and means of building secure systems methods and means of verifying and analyzing the reliability of secure systems
OCR for page 196
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings methodological and technological foundations of ensuring the information security of networked automated systems threats and methods of violating the information security of networked automated systems physical processes related to technical means and systems facilitating the leakage of secure information typical models of attacks aimed at overcoming the security of networked automated systems, conditions under which such attacks could occur, potential consequences, and means of preventing them the role of the human factor in ensuring network security opportunities, means, and rules for applying basic software- and device-based means of protecting information in networks principles of the operation of basic secure network protocols fundamentals of using firewalls for network security rules for setting network security policy standards for evaluating secure network systems and their theoretical foundations methods and means of designing, building, and evaluating secure network systems concepts of engineering- and technology-related means of information security fundamental principles and methods of information security fundamental regulatory and reference documents regarding engineering-and technology-related means of information security procedures for the organization of engineering- and technology-related means of information security They must be able to analyze automated systems from the standpoint of ensuring computer security develop security models and policies using known approaches, methods, means, and the corresponding theoretical foundations apply standards to evaluate the security of automated systems while analyzing and designing information security systems for them put in place information security systems in accordance with security assessment standards analyze networked automated systems from the standpoint of ensuring information security develop network security models and policies using known approaches, methods, means, and theoretical foundations
OCR for page 196
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings apply standards to evaluate secure networked systems while analyzing and designing information security systems for automated systems put in place secure protocols and firewalls necessary for constructing information security systems in networks implement measures to counter detected threats to network security using various software- and device-based means of ensuring security in accordance with the rules for their use put in place information security systems in automated systems in accordance with standards for the evaluation of secure systems security detect threats and technical channels for data leakage describe (model) security targets and information security threats apply the most effective engineering- and technology-related methods and means of information security monitor the effectiveness of security measures They must have skills in the following areas: working with automated systems for distributed computation and data processing working with automated systems documentation using criteria for the evaluation of automated systems security constructing formal models of information security systems for automated systems constructing and operating computer networks designing secure networks providing comprehensive analyses and evaluations of network security working with means for interface support with various categories of users of database management systems working with database management systems in various platforms working with means of ensuring the integrity of database management systems working with means of ensuring database confidentiality serving as a database security administrator conducting device-based evaluation of the energy parameters of side radiation emitted by hardware and systems conducting an engineering assessment of the parameters of the security zone The special disciplines involved in helping students meet these training objectives are listed in Sections 1 through 7. Theoretical aspects of computer security are included in Sections 1 and 2.
OCR for page 196
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings SECTION 1: STRUCTURE OF COMPUTER SECURITY THEORY 1.1 Analysis of information security threats. Threats to confidentiality, integrity, and accessibility of information; discovery of information system parameters 1.2 Structure of computer security theory. Basic levels of information security, protection of machine data carriers, means of interaction with such carriers, and data representation and content 1.3 Basic types of attacks on automated systems. Classification of basic attacks on automated systems as well as malicious software programs 1.4 Network architecture. Distributed data processing, classification of networks by data distribution methods, comparative characteristics of various types of networks 1.5 Network organization and operation. Network standards and protocols; network operating systems; means of coordinating processing in networks; client-server systems; local, corporate, and global networks; unique computer networks; fundamentals for classifying network threats and attacks; examples of types of attacks and recommendations for building security systems; impact of the human factor on network security SECTION 2: METHODOLOGY FOR CONSTRUCTING SECURE AUTOMATED SYSTEMS 2.1 Security models. Description of security systems using access matrixes, Harrison-Ruzzo-Ullman model, solvability of security problems, Take-Grant model for access rights distribution, expanded Take-Grant model, analysis of information channels, description of the Bell-LaPadula model, foundations for the security theorem of the Bell-LaPadula model, equivalent approaches to defining the Bell-LaPadula security model 2.2 Building systems to protect against threats of data confidentiality violations. Organizational security regimes, protection against unauthorized access, construction of password systems, cryptographic protection methods, protection against threats of confidentiality violations at the information content level 2.3 Protection of network topology. Routers, firewalls, basic outlines for using firewalls, subscription coding, virtual private networks 2.4 Means of improving the reliability of network operations. Protecting against power outages, device-based and software-based means, monitoring and distributing network loads 2.5 Basic criteria for evaluating automated systems security. Criteria and classes of protection of computer hardware and automated systems, standards for evaluating automated systems security, the Trusted Computer Systems Evaluation Criteria (TCSEC or “Orange Book”) standard for evaluating comput-
OCR for page 196
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings er systems security, fundamental requirements for systems security under TCSEC, TCSEC security classifications 2.6 Concept for protecting automated systems and computer hardware according to reference documents from the State Technology Commission of the Russian Federation. Classification of computer hardware and automated systems according to documents from the State Technology Commission, requirements for security classifications 2.7 The Common Criteria for information technology security. Fundamental provisions of the Common Criteria, security requirements, protection profiles 2.8 Regulatory documents in the area of computer network security. Security standards for networks and their components, legal bases for network data security Aspects of ensuring network security are covered in Sections 3 and 4. SECTION 3: CONSTRUCTING SECURE NETWORKS ON THE BASIS OF NETWORK OPERATING SYSTEMS 3.1 NetWare, Windows, and UNIX network operating systems. Basic protocols; services; operations; security features; management and control features; application generation and development; compilation of application-related manuals and reference materials 3.2 Security policy. Concept of security policy, typical elements of security policy, recommendations on creating security policy, basic steps to implement security policy, maintaining and modifying security policy 3.3 Criteria for evaluating the security of network operating systems. Fundamental criteria for analyzing network security, general analytical procedures, methods for preparing expert recommendations SECTION 4: COMPUTER NETWORK SECURITY 4.1 Internet standards and protocols. Internet standardization process, basic transmission control protocol/Internet protocol (TCP/IP), network management protocols, applied protocols and services, electronic document exchange 4.2 Operation, development, and creation of reference documents for Internet applications. Special features of creating and linking applications in various platforms, programming for the World Wide Web (WWW), Internet access to databases 4.3 Development trends. Limitations on the current architecture of the Internet, new standards and protocols, language-related tools for presenting information on the Internet, intranet networks, basic principles for ensuring security and managing distributed resources, ensuring the reliability of the Internet infrastructure
OCR for page 196
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings 4.4 Protecting Internet communications channels. Types of communications channels used over the Internet, special characteristics involved in their protection, use of firewalls, virtual private networks 4.5 Vulnerabilities and protection of basic protocols and services. Routing protocols, TCP/IP family, search services, WWW and e-mail security, Java security 4.6 Protection of electronic document exchange. Standards and protocols for secure electronic document exchange 4.7 Protection of the Internet user’s workstation. Protecting workstation software, protecting personal data, preventing viruses 4.8 Comprehensive security for Internet connections. Security of various types of Internet connections, integrating local networks into regional and global networks, controlling and analyzing the security of Internet connections Aspects involved in ensuring the security of databases and database management systems are listed in Sections 5 and 6. SECTION 5: CONCEPT OF DATABASE SECURITY 5.1 Understanding database security. General and specific threats to database security, requirements for database security, protecting against unauthorized access, protecting against deletions, database integrity, auditing, responsibilities and methods of database security administrators 5.2 Multilevel security. Types of security control—flow control, deletion control, access control SECTION 6: THEORETICAL FOUNDATIONS OF SECURITY IN DATABASE MANAGEMENT SYSTEMS 6.1 Criteria for database protection. Criteria for evaluating the reliability of computer systems, the concept of security policy, joint application of various security policies as part of a single model, interpretation of TCSEC for reliable database management systems (TDI), the concept of the State Technology Commission 6.2 Security models for database management systems. Classification of models, aspects of studying security models, special points involved in applying security models to database management systems, discretionary (selective) and mandatory (authorization) security models, databases with multilevel secrecy (MLS), polyinstantiation in databases 6.3 Threats to the integrity of database management systems. Basic types of and reasons for threats to integrity, means of countering them 6.4 Metadata and data dictionaries. Creating a data dictionary, access to the data dictionary, contents and presentation of the dictionary
OCR for page 196
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings 6.5 The transaction concept. Defining a transaction, forward and back functions, control point, rejection, the transaction as a means of isolating users 6.6 Blocking. Blocking regimes, rules for the coordination of blocking, two-phase protocol for synchronization of blocking, recognizing and eliminating dead-end situations 6.7 Reference integrity. Declarative and procedural reference integrity, external keys, means of supporting reference integrity 6.8 Rules (triggers). Goals of using rules, means of issuing commands, implementation points 6.9 Events. Defining a mechanism for events, event signals, types of event notifications, components of event mechanisms 6.10 Classification of threats to the confidentiality of database management systems. Causes, types, and basic methods of confidentiality violation, types of leaks of confidential information from database management systems, partial revelation of information, relation between data security and data access, use of logical conclusions to obtain unauthorized access to confidential information, methods of prevention, special aspects involved in using cryptographic methods 6.11 Means of identification and authentication. General information, organization of linkages between database management systems and base operating systems 6.12 Means of access management. Fundamental concepts: subjects and objects, user groups, privileges, roles, and representations; language-based means of limiting access; types of privileges: security and access privileges; conception and implementation of role mechanisms; relation between access rights under operating systems and those under database management systems; security targets; use of representations to ensure the confidentiality of information in database management systems 6.13 Auditing and subordination. Subordination of user actions, auditing of event security, journaling, registration of user actions, management of events registered, analysis of registration information 6.14 Means for maintaining heightened readiness. Device- and software-based support, cluster-based organization of database servers, parameters for building database management systems, means of creating backup copies and restoring databases 6.15 Operations administration. Administrative tasks, means, and regimes; monitoring of database management system servers 6.16 Functional saturation of database management systems. Forms of redundancy, device redundancy, data redundancy, construction of software mirrors, data printing 6.17 High-readiness systems. Description, purpose, examples 6.18 Distributed computing environments. Distributed information processing in a client-server environment, the concept of the distributed computing
OCR for page 196
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings environment (DCE), distributed databases in computer networks, technology for remote access to database systems 6.19 Threats to the security of distributed database management systems. Threats to the accessibility, integrity, and confidentiality of data; prevention mechanisms; security for the Informix-DCE/Net system 6.20 Distributed data processing. The concept of the distributed transaction, model for transaction processing, transaction processing monitors, corporate transaction processing environment 6.21 Fixation protocols. Fixation protocols, protected fixation protocols such as Advanced Secure Early Prepare (ASEP) and others, processing of distributed transactions in databases with multilevel secrecy 6.22 Data printing. Review of data printing methods, effecting printing algorithms, comparison of approaches to database printing (Sybase and Informix) 6.23 Integrating databases and the Internet. Current trends, review of existing technologies (WebDBC and others), security issues: threats and prevention methods, development prospects Aspects related to the physical foundations of information security are covered in Section 7. SECTION 7: PHYSICAL FOUNDATIONS OF INFORMATION SECURITY 7.1 Physical foundations of electromagnetic emissions and stray current. Acoustoelectric transformations, focusing and distribution of source of side emissions, the nature of electromagnetic radiation in near and far zones, parasitic generation in radioelectronic equipment, types of parasitic linkages and stray current, Picard’s chain, physical phenomena causing data leakages on electric current chains, grounding and power-supply devices in buildings 7.2 Signal distribution in technical channels of information leakage. Distribution of acoustic signals in the atmosphere, water, and solid environments; special characteristics of the distribution of acoustic signals in buildings; distribution of optical signals in the atmosphere and in optical fibers; distribution of radio signals in various frequencies in space and over communications lines; fundamental indicators of the signal distribution environment that affect the distance of technical channels of leakage and the quality of information received in this manner 7.3 Physical processes for suppressing harmful interference. Suppression of harmful interference from acoustoelectrical transformers; screening of electrical, magnetic, and electromagnetic fields; requirements of firewalls; field compensation; suppression of harmful interference in power supply and grounding lines; use of barriers to suppress harmful interference 7.4 Engineering-based means of security and technical protection. Fundamental engineering devices used to prevent access to information sources by
OCR for page 196
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings unauthorized outsiders; means of managing access; classification and characterization of intrusion, fire/intrusion, and fire alarm systems; video-monitoring and video-alarm systems; means of threat neutralization; means of notification management and transmission; automated integrated security systems 7.5 Means of preventing data leakage through technical channels. Means of masking and disinformation in the optical and radio frequency ranges; means of sound isolation and absorption; means of detecting, localizing, and suppressing signals of auxiliary devices; means of suppressing signals from acoustoelectrical transformers and power supply and grounding lines; linear and spatial noise generators The special disciplines presented above include lectures, practical training and laboratory-based exercises, and internships working with real information security equipment and software. In receiving this training, the specialist acquires practical skills in countering cyberterrorism and is capable of independently developing an enterprise-wide information security policy involving the application of a range of integrated features.