Download - DECUS 2006 1D05 IT Security and TCO
© 2005 Hewlett-Packard Development Company, L.P.The information contained herein is subject to change without notice
DECUS 2006IT Security and TCO- 1D05
Holger VillringerEnterprise Technology ConsultantHP NonStop Enterprise Division
May 15, 2006 2
Agenda
IT Security and their consequences to costs
• The Internet had changed everything
• Various views on IT Security
• Costs for IT Security
• Security architecture & concept of HP NonStop servers
• HP Atalla Security Products
• Advantages and economics for users
May 15, 2006 4
Cyber Security Bulletin 2005 Summary
2005 Year-End Index - 5198 reported vulnerabilitys
• 812 Windows
• 2328 Unix/Linux
• 2058 Multiple OS
May 15, 2006 5
Circulation of vulnerability techniques
Verbreitung von Angriffsmethoden in deutschen und schweizerischen Unternehmen.Quellen: BSI 2005/InformationWeek
May 15, 2006 7
Security Concerns Today
41 %Computer viruses,Trojan horses
10 %Denial-of-Service-Attacks
23 %Security weak Points
in OS
15 %human Errors
5 %abuse user accounts
Source: BSI 2005 / InformationWeekHP Research
6 %application exhausting (i.e. Buffer-Overflow)
No system is hack-proof, especially from insiders— always follow best practices.
May 15, 2006 9
• Securing a system − is a complex task and there just are no simple solutions.
• Think about securing your house: − no matter how many locks you buy, − how many bars you put in front of your windows, − a criminal (or some legal authority, for that matter) with enough time
and resources will always be able to bypass your security mechanisms.
• So actually there is no such thing as a secure system but rather there is a reasonably secure system…
What Is a Secure System?
May 15, 2006 10
What Is a Secure System?To make matters worse, computer security is a much more dynamic field than securing your house.
• To stick with the metaphor, − the vendors constantly invent new doors, keys, and the like and want you to buy the
newest gizmos while the attackers constantly find new ways to bypass them.
• The cartoon shows a scenario which is quite common in computer security
− “lock the front door real tight” while at the same time the side door is left open and unattended.
− burglars in the real world, attackers in the computer world will pick the weakest entry into your system.
• Security should be a prime concern for your business. − Spending resources on security may still be a lot cheaper than ending up on the front
page of the Newspaper because somebody managed to bypass your security mechanisms.
May 15, 2006 11
What Is a Secure System?• Therefore, remember:
− Computer security is a complex field− No silver bullet, no simple solutions.
• Security is Managing Risk:− Your computers never will be secure and why that is acceptable.
• Defense in Depth: − The weakest link will not always break the chain.
• Detection and Response:− Prevention alone won’t work and you need to incorporate detection
and response to better secure your systems.
• Policies and Procedures: − strong authentication, authorization, encryption, and auditing, and
the relation to each other.
May 15, 2006 14
Costs for IT Security ?
How much do you spend for Security today?
It’s not only the tag price of your Servers or Tools!
• Security bulletins• Patching• Additional Software & Tools• Staff (sometimes up to 30 %)• still vulnerable
• Downtime• Reputation
May 15, 2006 15
Top 10 Vulnerabilities to Windows Systems
• W1 Web Servers & Services
• W2 Workstation Service
• W3 Windows Remote Access Services
• W4 Microsoft SQL Server (MSSQL)
• W5 Windows Authentication
• W6 Web Browsers
• W7 File-Sharing Applications
• W8 LSAS Exposures
• W9 Mail Client
• W10 Instant Messaging
May 15, 2006 16
Top 10 Vulnerabilities to UNIX Systems
• U1 BIND Domain Name System
• U2 Web Server
• U3 Authentication
• U4 Version Control Systems
• U5 Mail Transport Service
• U6 Simple Network Management Protocol (SNMP)
• U7 Open Secure Sockets Layer (SSL)
• U8 Misconfiguration of Enterprise Services NIS/NFS
• U9 Databases
• U10 Kernel
May 15, 2006 17
Top Vulnerability to NonStop Servers
• N1 Insecure systems attached to the same network
May 15, 2006 18
Yes, there is one…very close to be a “secure system”
… that’s the HP NonStop servers
http://search.us-cert.gov/
May 15, 2006 20
Multi-tier architecture
• Multi-tier architecture can help enhance security
• At each stage, use different ports or protocols to connect the systems− The front end serves the pages− The middle tier serves the data− The NonStop server protects the data
May 15, 2006 21
Native NonStop Kernel Security
• Modular operating system
• Virtual memory architecture
• Separate code and data segments
• Process privileged system calls
• System management access restricted
May 15, 2006 22
Why the Integrity NonStop server is more secure
• Modular NonStop operating system− HP NonStop OS functionality is handled
by specialized system processes,• memory manager, • communications manager, • network manager, • and disk access manager
− communicate through inter process messages.
Security weak points in OS
Modularity isolates OSModularity isolates OS
May 15, 2006 23
Why the Integrity NonStop server is more secure
• Minimum privilege− application processes get limited
administrator or root privileges − starts application under different
user IDs, creating multiple security domains
Computer viruses, Trojan horses
Virus & Trojan has no chance to execute non certified Code.Virus & Trojan has no chance to execute non certified Code.
May 15, 2006 24
Why the Integrity NonStop server is more secureDenial of Service Attack, application exhausting
No memory misuseNo memory misuse
• Processes that run in their own virtual address space− non privileged process cannot view
memory, or negatively impact, any other process running on the system
− Processes send messages to each other; therefore, they cannot overwrite each other’s memory
May 15, 2006 25
Why the Integrity NonStop server is more secure
• System management access restricted− Authentication, Authorization,− Auditing, Availability and
manageability
• Open architecture− application program interfaces (APIs)
• Similar to IBM (RACF) Resource Access Control Facility
abuse user accounts
Strong verification of ALL system processes and applicationsStrong verification of ALL system processes and applications
May 15, 2006 26
Why the Integrity NonStop server is more secureHuman Errors
• Marginal complexity
• Simple system management− System Management− Security Management− Application Management− Database Management
Very low chance for human errorsVery low chance for human errors
May 15, 2006 27
Why the Integrity NonStop server is more secureSecurity weak points in OS
Computer viruses, Trojan horses
Denial of Service Attack, application exhausting
abuse user accounts
Human Errors
Better Security with HP NonStop Architecture
May 15, 2006 28
Partners build on Integrity NonStop server security
• Advantage of valuable off-the-shelf features such as − single sign-on; support for RSA SecureID tokens; enhanced logging
and reporting; limiting authorization to specific times, locations, and access devices; and granularity to the individual command level of system utilities.
− Frequent interaction with these partners allows HP to understand what new APIs should be made available to increase the functionality of Integrity NonStop system security.
• Additional security solutions− HP and its partners offer a wealth of middleware and communications
security products, such as Secure Sockets Layer (SSL), Secure FTP, Secure Shell (SSH), and software support for the HP Atalla hardware encryption devices.
May 15, 2006 29
Insecure systems can harm secure systems
• Availability and security of your application is only as strong as its weakest link.
• The presence of a single easily hacked system on the network can open a door to making every system easier to target. In a high-risk environment, a multitiered architecture puts multiple firewalls between the Integrity NonStop system that holds your database of record and the outside world, reducing the risk of attacks against your infrastructure (see figure).
• Should the network come under attack, the Integrity NonStop systems would still be available, yet customers might not be able to access the information on them.
May 15, 2006 31
HP Atalla Security Products Group
• Uniquely focused on cryptographic security and performance within Hewlett-Packard
• Market leader in hardware-based PIN encryption products
•Atalla Key Block (AKB)
•Atalla Network Security Processors (NSP)
•Atalla Anti Phishing Toolbar Solution
May 15, 2006 32
Market and technology leadership
• 80% of North America market
• Over 1,350 financial institution customers worldwide
• $3 to $9 trillion US secured by Atalla security engines every day
• Atalla MultiPrime− speeded up the use of the newest
RSA algorithms, patented and licensed by Atalla
• Atalla Key Block (AKB)− secure 3DES
May 15, 2006 33
Financial interchange network security is in transition
Problem:Single-length DES algorithm is “broken”- Vulnerable to brute force attack in 22 h- DES algorithm is strong, key length is too
short.
Solution::::
Implement Triple-DES algorithm instead- Results in a mixed DES/Triple-DES
environment
May 15, 2006 34
Current Triple-DES implementations are vulnerable to attack
Challenge:Maximize security of Triple-DES
− Manipulate Triple-DES key parts with single-length DES key management
− University of Cambridge attack on Triple-DES− Atalla Cryptographic Labs attacks
Response:New secure Atalla™ Key Block Technology
May 15, 2006 35
Atalla™ Key Block is the new ANSI and ISO standard for secure key management
Clear headercontrols key usage; common attributes for all keys
Encrypted key fieldprotects values; Triple-DES encrypted with specific master key
MACbinds key attributes to values; Triple-DES across the clear header and encrypted key field to prevent tampering
Header
MAC
Key 1
Key 2
Key 3
Key field
May 15, 2006 36
Hardware-based cryptographic processingSuperior physical security
• Designed to complement the AKB• State-of-the-art, 1U rack-mounted form
factor • PIN security and key management
within a secure hardware perimeter• Flexible, extensible, and
scalable NSP series
• FIPS 140-2 Level 3 certification
• Active zeroization
• Double-locking bezel with Medeco locks
• Low battery voltage protection
• Penetration protection
• Out-of-range sensors
May 15, 2006 37
Atalla™ NSP seriesSimple and secure manageability
• Atalla NSP remains secure even during management operations
• Tamper-resistant service audit log
• Secure key initialization is assisted by a portable graphical user interface (SCA)
• Easy release upgrades via CD-ROM
Supports user-defined security policies• Organization can enforce its own
security policies
• Commands may be turned “on” or “off”
• Customers select and control their security profile
May 15, 2006 38
Atalla™ NSP seriesConnectivity and performance
• High-end Atalla 10100 NSP− Auto-sensing 10/100 Base-T
Ethernet TCP/IP
• Midrange Atalla 9100 NSP− Auto-sensing 10/100 Base-T
Ethernet TCP/IP
• Entry-level Atalla 8100 NSP− Auto-sensing 10/100 Base-T
Ethernet TCP/IP− Async connection for compatibility
with A8000
Triple DES performance
60
240
540
0 200 400 600
A8100
A9100
A10100
PIN translates per second
May 15, 2006 39
The costs of identity theft
• In just 6 months over 50 serious data breaches affected more than 50 million identities− According the Privacy Rights Clearinghouse
• Over 9 million U.S. consumers lost $52.65 billion− Five billion dollars were absorbed by consumers − To fix your financial affairs takes months or years − No US law allows for recourse
• Forester study found 53% of consumers were concerned about online fraud− 13% of consumers had been victimized
May 15, 2006 40
Costs of identity theft to banks
• The other $7 billion in fraud losses − Passed on to consumers in the form of higher prices− Added costs such as re-issuing cards− Real damage is to their brands and to customer confidence.
• Re-sale of customer information by insiders is not new
• Internet supercharges the opportunity for fraudulent abuse− A hostile environment with few laws, naive consumers, and a
growing reservoir of well equipped adversaries
• New privacy legislation such as CA SB1386, BASEL II, etc. brings consumer fraud into the light of day− Forces organizations to notify consumers if there has been a possible
security breach
May 15, 2006 41
Tricks of the ID theft trade
• Low-tech methods still work− ‘Dumpster diving’− Laptop theft− Social engineering
• Users are “the weakest link” in any security system − Attacker does not have to attack system security directly
• Two of the newer techniques − Phishing uses spoofed e-mails to lead consumers to
counterfeit websites where they divulge sensitive data • Phishers hijack the brand names of trusted organizations
such as banks, e-retailers and credit card companies
− Pharming is ‘crimeware’ placed on a personal computer that misdirects users to fraudulent sites or proxy servers
May 15, 2006 42
HP Security Toolbar prevents phishing
• Toolbar sits in the browser’s toolbar, alongside other tools− User saves a reminder about his relationship with a secure site− Toolbar will display this reminder every time he visits the site− User checks that the expected reminder is displayed− If so, he is sure he is using the site he wants
• Web site cannot find the contents of the Toolbar− Displayed information is provided solely for the user− User has an independent verification of web site
May 15, 2006 43
HP Security Toolbar securely fills enters username/password with a single click
• User remembers just one master password− Not the many you need to know now
• Toolbar generates different password for each site− Keeps other accounts safe if a
password is compromised
• Toolbar securely labels websites− Keeps you from being fooled by fake sites
• Toolbar only sends password to a website when that site’s certificate is present
• Click one button and you can’t be phished or pharmed
May 15, 2006 45
Total Cost of OwnershipThe TCO of Standish Group:• Basic Cost Breakdown
− Hardware cost, − Basic System Software licences cost, − Maintenance cost, − Other like, basic Operating cost, Data Centre costs
• Application Cost Breakdown− Software infrastructure, Database,− DB & Sys Admin, − Application maintenance, − Security and Tools− Other
• Downtime-related cost
• Standardize („Standish – Transaktion“)
• Normalized System load• for comparison the Application costs are excluded
May 15, 2006 46
Different iceberg views...
Visiblecost
RISC UnixWindows/IntelLinx/Intel HP NonStop IBM Mainframe
„What the purchase department sees ...“
May 15, 2006 47
Total iceberg views..
Visible cost
Linux/Intel
Downtime:2.89 daysper year
10 % / 90 %
99.206 %
Windows/Intel
Downtime:4.65 daysper year
8 % / 92 %
98.724 %
RISC Unix
Downtime:20.15 hoursper year
17 % / 83 %
99.770 %
HP NonStop
Downtime:5 minutesper year
57 % / 43 %
99.999 %
IBM Mainframe
Downtime:4.55 hoursper year
53 % / 47 %
99.948 %
Source: Standish Group, VirtualADVISOR database, Feb. 2006
Percentage: visible cost / hidden costDowntime cost: 1 US$ per tx lost
Application availability:availability seen by end users
Linx/Intel Windows/Intel RISC Unix HP NonStop IBM Mainframe
May 15, 2006 48
Costs for NonStop IT Security ?
How much do you spend for Security today?
It’s not only the tag price of your Servers or Tools!It counts on the overall environment
• “Higher” Investment (Tag Price) but much lower TCO
• Less Stuff, only 30 % - 50% of other System
• Almost no vulnerabilities
• lowest Downtime (7 9’s)
• It’s you Reputation
May 15, 2006 49
NonStop – the best choice
• Overall low TCO for the bankATM switch TOC Comparison
based on Standish Group's VirtualADVISOR
0
5000
10000
15000
20000
25000
30000
35000
HP N
onS
top
IBM
pSer
ies
clus
ter
Sun c
lust
er
HP N
onS
top
IBM
pSer
ies
clus
ter
Sun c
lust
er
HP N
onS
top
IBM
pSer
ies
clus
ter
Sun c
lust
er
HP N
onS
top
IBM
pSer
ies
clus
ter
Sun c
lust
er
Pla
tfo
rms
Thousand US$
Basic Cost Appl. Cost w/o Basic Downtime Cost
70 TPS
140 TPS
200 TPS
500 TPS