One of the key points that I learnt from “Detection of Conflicts in Security Policies” chapter is conflicts in network security and detection anomalies or conflict in firewall configuration. Firewalls are core elements of network security. However, firewalls may become major vulnerability if firewall isn’t configured properly. Therefore, firewall filtering rules should be ordered and distributed properly to prevent firewall policy anomalies. Three approaches are used to ensure the preciseness of intrafirewall policies, which are manual testing, query-based approach and conflict and anomaly analysis tool.
It is so important that organizations ensure that their firewalls are configured properly in order to receive the maximum security needed from outside threats. If not, it does become a major vulnerability as you mentioned above.
In this chapter my unique aspect was learning about the top-down representation for the protection of an information system and the contradictory conflicts when several principals are authorized to do an action. This topic is as regards to access control management. The top -down representation of protection consists of five layers, these include; Security requirement, abstract policies, executable policies (Configuration), policy enforcement mechanisms and enforced polices. On other hand, when contradictory authorization conflicts arise, tools like the XACML as mentioned in the book define the so-called combining algorithms to compose the results of different access control rules. For example, the available options are the “deny-overrides” algorithm, in which rules prescribing access denial take precedence. This means that in case of conflict, negative authorization always wins. So forbidden action will never be permitted.
You have rightly pointed out the existence of negative authorization in security devices. For all the rules in the firewall database, every packet is checked for its relevance to corresponding rule. Normally, once a packet is matched to a particular rule, its action is performed is performed as per the rule and the packet is not checked for the remaining rules. However, due to laziness of security administrators, duplicate rules might exist which might render some of the other rules either irrelevant or repetition of some other rules. In order to overcome this challenge, there is a default deny policy for every packet which does not match with any rule or matches multiple rules in the firewall policy.
Percy, really nice response. I agree that it is vitally important for us to refresh ourselves on the structure of the auditing activities and control management in general. Having a stronghold in how each layer affects the others is important for knowing how up and downstream consequences could positively and negatively affect all relevant stakeholders. I think it’s interesting how you brought up the infusion of algorithms into IT Auditing and security. I think that as AI and ML take off, we will have more work and issue on our hands.
After reading through chapter 55 of the Computer and Information Security Handbook, focusing primarily on some of the most common conflicts that emerge from the implementation of security policies as well as some methods that are used to detect them, I came out finding my knowledge on the reasons why conflicts occur and their categorization to be lacking. For example, conflicts in a security policy can be categorized as either Intra-Policy Conflicts, meaning that the conflict originates from within a single policy, or Inter-Policy Conflicts, which occur due to the existence of two or more interacting policies. These conflicts can be further categorized as Contradictory, which makes the policy inconsistent, Redundant, meaning it does not contribute to the policy, or Irrelevant, which means it is never going to be brought into action.
The policy side you pointed out is very outstanding. Solving the conflicts, the policy can be done consistent and non-redundant. And with a good policy, risks can be managed and loss can be minimized.
This chapter explains the detection and management of conflicts in the security policies. One important key point which I took from this chapter is the separation of duty (SOD). User roles, responsibilities, and authorizations might cause of the conflict. Therefore, segregation of duty can help to set the constraints and best practice to reduce the fraud. The chapter gives the example that the function of people who can create and approve purchase order should be segregated. Another example which I think it is important is about the program change segregation of duty. The change environment should be segregated (Development, test, and production). Also, the developer must not allow the access to production environment.
Hi Num, It is interesting to know the importance of separation of duties, and to see how it is mentioned from finance & accounting to the software engineering world. This basically means that a person who developed a code cannot approve or deploy the code. This will prevent accidental or malicious release of unauthorized code into production.
However, the SoD rule is relaxed in DevOps. DevOps is about bringing various experts together (or merging) from the discrete functions of Development and Operations. The DevOps team can develop and test the code, and support the operation of the code in production.
99% of firewall breaches are resulting from misconfigurations. When firewalls are evaluating a set of rules in its database (Firewall policy database) to make decisions whether or not a connection is allowed, these rules can be verified with several methods.
Stateless firewalls (packet filter) working at the network and transport level. Stateful firewalls inspect the transport headers and maintain a state table for every connections. The firewalls behaviors/rules can be checked with tools like:
– SFQL (Structured Firewall Query) to detect anomalies/misconfigurations.
– Manual Pen testing to detect open ports
– Anomalies analysis for every shadowed/redundant/correlated rules
Application firewalls have some machine learning techniques to detect and prevent attacks.
Another key aspect to ensure proper firewall performance is continuous testing. The fire wall needs to be evaluated on a regular basis to make sure nothing in the configuration changed and its blocking the proper traffic. Firewalls are not something you can set up once and never look at it again.
One key takeaway that caught my attention was the access control list. There are rules that are composed of a condition clause. Depending on the rule a packet matches will depend on the action that is taken with the firewall from the ACL. I thought this was interesting because it enforces a consistent system of ensuring the proper information is processed into the system.
Hi Natalie,
I totally agree with you. Access control list (ACL) is the important control to set the appropriate rules to define how to forward or block the packet. This can reduce the risks of unauthorized intruder gain access to the internal system network.
Hi Natalie, I agree with you.
Implementing access control list on a router/switch can help discard unwanted frames or packets. It can help to isolate systems from worms and malware which made it into your trusted “green” network. It can also make monitoring of ingress/egress traffic much easier. However, the access control capabilities of a router (especially of a switch) are quite limited compared with implementing a firewall. Firms may not be able to match their desired access policies using only the access control capabilities of a switch or router.
This article highlights the importance of conflict detection capabilities while configuring security devices e.g. Firewall. The OWL (Web Ontology Language) which has a representation in RDF (Resource Description Framework) and is a language supported by Semantic Web Technology can be used for verifying the properties of security policies and has several advantages as it can be used in a distributed environment involving multiple organizations. The three approaches used by OWL to detect conflicts are 1) Standard Reasoners which uses variety of techniques developed through Artificial Intelligence, 2) Adhoc Reasoning which uses Role Authorization to verify structural and non-structural constraints and 3)Rules-based inferencing which combines rules and classical theorems to support complex property chains.
From this topic : Semantic web technology for security dispensation – it can be argued that security management is a challenge to the development of modern information systems. The development of systems that can offer substantial protection has to consider so many other aspects of the product like its functionality and compatibility with existing security infrastructure. However, it is necessary that components of IT systems are developed using a security-by-design approach, giving to security a critical role in the initial phases of the application development life cycle.
Hello,
After reading through your response regarding your main takeaways from chapter 55 of the Computer and Information Security Handbook, I can safely say that your summary of Semantic Web Technology and its role in developing a sophisticated security management program really helped me gather my thoughts from that section. I appreciate you also tying how security should be among the primary concerns when developing information systems to when it should start being thought about in the application development life cycle.
One of the key points from Chapter 55 is how filtering within a firewall functions and the conflicts. When a packet gets to the firewall and the header is evaluated the first rule with the highest priority or “the first applicable” rule the packet matches is what will happen to that packet. If its a deny then the packet will be dropped and if the packet doesn’t match any of the rules then it should be dropped as well. Higher level firewall observe more specific traffic like HTTP traffic or FTP traffic at the application layer and are able to preform more specific tasks. One of the biggest issues to fire walls is improper configuration of the ACL rules that allows traffic through that shouldn’t be. This needs to be controlled with ample texting to ensure the firewall is configured correctly.
I found this interesting as well, since I never really thought that there could be overlap with different policies that could potentially cause more harm than good. From what I read between these two readings for this unit, it seems like ACL rules need to be constantly updated and reconfigured depending on the different types of new vulnerabilities that may arise.
Security requirements are high-level declarative representations of rules against which access control must be managed.Policies specify policies that represent how business requirements are mapped to systems for service provisioning.Abstract policies representing access control and behavior in security conflict policies are represented declaratively.This means that controls are not in place, although the policy statement does not allow them.For executable policies, it is possible to enforce policies through security configuration.Conflicts of security policies are usually the run-in between control implementation, policy statements, and corporate business.Safety policies in place always affect the efficiency of the business.This is a difficult problem to solve.
One key point I found from this reading is in the 2nd section, Conflicts in Security Policies, explaining how design and analysis should consider policies and mechanisms separately, since they each have their own flaws and vulnerabilities. Security policies can exhibit contradictions or redundancies, which can lead to inconsistencies in meeting security requirements and increase the cost of security management with no actual benefit. This stresses the need for high-level representation of the security policies, so that anomalies within the policy can be detected and corrected early on.
The attached reading outlined the “detection of conflicts in security policies” which would be an important aspect of an IT Auditors day-to-day. The section that stuck out to me was the separation of duties segment which outlines the users, roles, and sessions with how they connect to the overall ‘permissions’ that are granted in and on an Information System. Dissecting and analyzing permissions would be an ideal way to start and identify breakdowns or overreaching policies in an IT environment. The SSoD and the DSoD are where these assignments come from. So starting with them would be the best way to attack the conflicts.
The one key point I learned from ‘Detection of Conflicts in Security Policies’ is that how new packets are categorized by firewalls from section 4. While basic way, the packet filter, can do a lot of work, a stateful firewall can perform stateful packet inspection, and it can also maintain information about the tcp state, but also protocols for stateful application layer. But stateful firewalls are also absolutely flawless, which will lead to stateful firewall analysis, mentioned in section 5.
Hi, Peiran Liu
You’re right. The two firewalls work at different levels. Stateless firewalls are generally faster and perform better under high load network traffic, but only in simple scenarios.A stateful firewall, on the other hand, is generally much safer because it can define more stringent rules.
One of the key points that I learnt from “Detection of Conflicts in Security Policies” chapter is conflicts in network security and detection anomalies or conflict in firewall configuration. Firewalls are core elements of network security. However, firewalls may become major vulnerability if firewall isn’t configured properly. Therefore, firewall filtering rules should be ordered and distributed properly to prevent firewall policy anomalies. Three approaches are used to ensure the preciseness of intrafirewall policies, which are manual testing, query-based approach and conflict and anomaly analysis tool.
Hi Zeynep,
It is so important that organizations ensure that their firewalls are configured properly in order to receive the maximum security needed from outside threats. If not, it does become a major vulnerability as you mentioned above.
Best,
Natalie Dorely
In this chapter my unique aspect was learning about the top-down representation for the protection of an information system and the contradictory conflicts when several principals are authorized to do an action. This topic is as regards to access control management. The top -down representation of protection consists of five layers, these include; Security requirement, abstract policies, executable policies (Configuration), policy enforcement mechanisms and enforced polices. On other hand, when contradictory authorization conflicts arise, tools like the XACML as mentioned in the book define the so-called combining algorithms to compose the results of different access control rules. For example, the available options are the “deny-overrides” algorithm, in which rules prescribing access denial take precedence. This means that in case of conflict, negative authorization always wins. So forbidden action will never be permitted.
Hello Percy,
You have rightly pointed out the existence of negative authorization in security devices. For all the rules in the firewall database, every packet is checked for its relevance to corresponding rule. Normally, once a packet is matched to a particular rule, its action is performed is performed as per the rule and the packet is not checked for the remaining rules. However, due to laziness of security administrators, duplicate rules might exist which might render some of the other rules either irrelevant or repetition of some other rules. In order to overcome this challenge, there is a default deny policy for every packet which does not match with any rule or matches multiple rules in the firewall policy.
Percy, really nice response. I agree that it is vitally important for us to refresh ourselves on the structure of the auditing activities and control management in general. Having a stronghold in how each layer affects the others is important for knowing how up and downstream consequences could positively and negatively affect all relevant stakeholders. I think it’s interesting how you brought up the infusion of algorithms into IT Auditing and security. I think that as AI and ML take off, we will have more work and issue on our hands.
After reading through chapter 55 of the Computer and Information Security Handbook, focusing primarily on some of the most common conflicts that emerge from the implementation of security policies as well as some methods that are used to detect them, I came out finding my knowledge on the reasons why conflicts occur and their categorization to be lacking. For example, conflicts in a security policy can be categorized as either Intra-Policy Conflicts, meaning that the conflict originates from within a single policy, or Inter-Policy Conflicts, which occur due to the existence of two or more interacting policies. These conflicts can be further categorized as Contradictory, which makes the policy inconsistent, Redundant, meaning it does not contribute to the policy, or Irrelevant, which means it is never going to be brought into action.
Hi Jordan,
The policy side you pointed out is very outstanding. Solving the conflicts, the policy can be done consistent and non-redundant. And with a good policy, risks can be managed and loss can be minimized.
This chapter explains the detection and management of conflicts in the security policies. One important key point which I took from this chapter is the separation of duty (SOD). User roles, responsibilities, and authorizations might cause of the conflict. Therefore, segregation of duty can help to set the constraints and best practice to reduce the fraud. The chapter gives the example that the function of people who can create and approve purchase order should be segregated. Another example which I think it is important is about the program change segregation of duty. The change environment should be segregated (Development, test, and production). Also, the developer must not allow the access to production environment.
Hi Num, It is interesting to know the importance of separation of duties, and to see how it is mentioned from finance & accounting to the software engineering world. This basically means that a person who developed a code cannot approve or deploy the code. This will prevent accidental or malicious release of unauthorized code into production.
However, the SoD rule is relaxed in DevOps. DevOps is about bringing various experts together (or merging) from the discrete functions of Development and Operations. The DevOps team can develop and test the code, and support the operation of the code in production.
99% of firewall breaches are resulting from misconfigurations. When firewalls are evaluating a set of rules in its database (Firewall policy database) to make decisions whether or not a connection is allowed, these rules can be verified with several methods.
Stateless firewalls (packet filter) working at the network and transport level. Stateful firewalls inspect the transport headers and maintain a state table for every connections. The firewalls behaviors/rules can be checked with tools like:
– SFQL (Structured Firewall Query) to detect anomalies/misconfigurations.
– Manual Pen testing to detect open ports
– Anomalies analysis for every shadowed/redundant/correlated rules
Application firewalls have some machine learning techniques to detect and prevent attacks.
Another key aspect to ensure proper firewall performance is continuous testing. The fire wall needs to be evaluated on a regular basis to make sure nothing in the configuration changed and its blocking the proper traffic. Firewalls are not something you can set up once and never look at it again.
One key takeaway that caught my attention was the access control list. There are rules that are composed of a condition clause. Depending on the rule a packet matches will depend on the action that is taken with the firewall from the ACL. I thought this was interesting because it enforces a consistent system of ensuring the proper information is processed into the system.
Hi Natalie,
I totally agree with you. Access control list (ACL) is the important control to set the appropriate rules to define how to forward or block the packet. This can reduce the risks of unauthorized intruder gain access to the internal system network.
Hi Natalie, I agree with you.
Implementing access control list on a router/switch can help discard unwanted frames or packets. It can help to isolate systems from worms and malware which made it into your trusted “green” network. It can also make monitoring of ingress/egress traffic much easier. However, the access control capabilities of a router (especially of a switch) are quite limited compared with implementing a firewall. Firms may not be able to match their desired access policies using only the access control capabilities of a switch or router.
This article highlights the importance of conflict detection capabilities while configuring security devices e.g. Firewall. The OWL (Web Ontology Language) which has a representation in RDF (Resource Description Framework) and is a language supported by Semantic Web Technology can be used for verifying the properties of security policies and has several advantages as it can be used in a distributed environment involving multiple organizations. The three approaches used by OWL to detect conflicts are 1) Standard Reasoners which uses variety of techniques developed through Artificial Intelligence, 2) Adhoc Reasoning which uses Role Authorization to verify structural and non-structural constraints and 3)Rules-based inferencing which combines rules and classical theorems to support complex property chains.
From this topic : Semantic web technology for security dispensation – it can be argued that security management is a challenge to the development of modern information systems. The development of systems that can offer substantial protection has to consider so many other aspects of the product like its functionality and compatibility with existing security infrastructure. However, it is necessary that components of IT systems are developed using a security-by-design approach, giving to security a critical role in the initial phases of the application development life cycle.
Hello,
After reading through your response regarding your main takeaways from chapter 55 of the Computer and Information Security Handbook, I can safely say that your summary of Semantic Web Technology and its role in developing a sophisticated security management program really helped me gather my thoughts from that section. I appreciate you also tying how security should be among the primary concerns when developing information systems to when it should start being thought about in the application development life cycle.
One of the key points from Chapter 55 is how filtering within a firewall functions and the conflicts. When a packet gets to the firewall and the header is evaluated the first rule with the highest priority or “the first applicable” rule the packet matches is what will happen to that packet. If its a deny then the packet will be dropped and if the packet doesn’t match any of the rules then it should be dropped as well. Higher level firewall observe more specific traffic like HTTP traffic or FTP traffic at the application layer and are able to preform more specific tasks. One of the biggest issues to fire walls is improper configuration of the ACL rules that allows traffic through that shouldn’t be. This needs to be controlled with ample texting to ensure the firewall is configured correctly.
I found this interesting as well, since I never really thought that there could be overlap with different policies that could potentially cause more harm than good. From what I read between these two readings for this unit, it seems like ACL rules need to be constantly updated and reconfigured depending on the different types of new vulnerabilities that may arise.
Security requirements are high-level declarative representations of rules against which access control must be managed.Policies specify policies that represent how business requirements are mapped to systems for service provisioning.Abstract policies representing access control and behavior in security conflict policies are represented declaratively.This means that controls are not in place, although the policy statement does not allow them.For executable policies, it is possible to enforce policies through security configuration.Conflicts of security policies are usually the run-in between control implementation, policy statements, and corporate business.Safety policies in place always affect the efficiency of the business.This is a difficult problem to solve.
One key point I found from this reading is in the 2nd section, Conflicts in Security Policies, explaining how design and analysis should consider policies and mechanisms separately, since they each have their own flaws and vulnerabilities. Security policies can exhibit contradictions or redundancies, which can lead to inconsistencies in meeting security requirements and increase the cost of security management with no actual benefit. This stresses the need for high-level representation of the security policies, so that anomalies within the policy can be detected and corrected early on.
The attached reading outlined the “detection of conflicts in security policies” which would be an important aspect of an IT Auditors day-to-day. The section that stuck out to me was the separation of duties segment which outlines the users, roles, and sessions with how they connect to the overall ‘permissions’ that are granted in and on an Information System. Dissecting and analyzing permissions would be an ideal way to start and identify breakdowns or overreaching policies in an IT environment. The SSoD and the DSoD are where these assignments come from. So starting with them would be the best way to attack the conflicts.
The one key point I learned from ‘Detection of Conflicts in Security Policies’ is that how new packets are categorized by firewalls from section 4. While basic way, the packet filter, can do a lot of work, a stateful firewall can perform stateful packet inspection, and it can also maintain information about the tcp state, but also protocols for stateful application layer. But stateful firewalls are also absolutely flawless, which will lead to stateful firewall analysis, mentioned in section 5.
Hi, Peiran Liu
You’re right. The two firewalls work at different levels. Stateless firewalls are generally faster and perform better under high load network traffic, but only in simple scenarios.A stateful firewall, on the other hand, is generally much safer because it can define more stringent rules.