Security Intelligence |
Authors:Qing Li and Gregory Clark Intended as a handbook for security in modern times, this book comes from a leading provider and security and networking solutions. This is a really interesting book that gives an in-depth explanation of how to create a network security system. The usefulness of the material is partially as a result of the background of the two authors. Qing Li is Chief Scientist at Blue Coat Systems, responsible for IPv6 products there, and he produced the first IPv6 secure web gateway product. Gregory Clark is CEO at Blue Coat, but was responsible to IBM’s security technology when he worked there. This background is behind the material in the book, which straddles the line between strategic and technical, but this isn’t a puff piece for managers, there’s real useful material. The idea throughout the book is to take a security goal, and translate it into a set of security variables, substitute those into a specific technology, work out the equation for deploying the strategy, then look at how it might go wrong in real life. A security goal might be ‘stop users browsing adult entertainment websites’, or ‘don’t let employees share sensitive information outside the company’. The expectation is that readers have a basic understanding of TCP/IP and HTTP, and a high-level grasp of SSL/TLS. Given the Blue Coat backgrounds of the authors, the examples relate to Blue Coat products, but not to an extent where it is problematic.
The book opens with a chapter on the fundamentals of secure proxies. It looks at why proxies had to be developed by looking at traditional technologies such as firewalls, IDS and IPS systems and their weaknesses, then discusses proxy technology from a developer’s view, before looking at how SSL interception works. The next chapter moves on to proxy deployment strategies and challenges, looking at the advantages and disadvantages of different choices. This was really interesting chapter, discussing alternatives such as transparent and explicit proxies, physical and virtual inline deployments, and the challenges of transparent interception. The next topic to be covered, proxy policy engine and policy enforcements, shows how the policy language of Blue Coat’s ProxySG product is used to create a policy system and how that is implemented. The examples are written in what the authors refer to as pseudo content policy language, which is the actual programming language for the proxy with some additions to make it easier to read. As with the rest of the book, the examples are based on real-world problems (what happens if Mary logs on to Facebook, your policy generates the correct transaction type, then Mary begins playing the Facebook game Candy Crush). This makes following the technical discussions of policy checkpoints and execution timings a lot easier.
Chapter 4 moves on to malware and malware delivery networks, giving an overview of the different types of malware currently active, with descriptions of actual incidents to show the ways users are sucked in. The chapter also covers advanced persistent threats and strategies such as Stuxnet and Flame, and the way these are used as cyber weapons. The following chapter looks at ways to detect malnets, malware distribution networks. The authors describe the techniques you can use to detect suspicious URLs and content, and also discuss some of the open source toolkits such as Capture-HPC, Thug, Zozzle and Revolver that can be used to help avoid the traps. Policy writing is next on the agenda, and is explored using a set of example scenarios with specific security goals, alongside explanations of how to implement those goals using ProxySG. The scenarios are quite general – avoiding adult websites in web access; managing different levels of access for different groups of users; ensuring content is retrieved safely; data loss prevention, and so on. Chapter 7 looks at the art of application classification, real-time identification of traffic flows as being part of a specific protocol or application. The authors describe this as being a ‘challenging class of security problems under active research’, and the techniques described back this up, being largely based on machine learning and finite-state machines. It was an interesting read, but sounded as though things are still at the development stage. The next chapter covers retrospective analysis, with techniques for data logging, storage, management and mining knowledge of security intelligence. The chapter describes how things like b-tree indexes and inverted indexes work, then goes on to look at how you could put a retrospective analysis system for network security. The final chapter looks at mobile security, and why it’s difficult, discussing hazards such as cross origin vulnerabilities and the risks of near field communications. I was much more impressed by this book than I expected to be. At the end of reading it, I felt I understood a lot more about how network security systems work, and what I might need to do to ensure my apps would play nicely and not fall foul of the security. There is definitely an underlying message that proxy servers are the way forward, and you do need to bear in mind the Blue Coat product line and remember that other companies might have different recommendations. Overall, though, for a security IO or administrator, it would be an excellent read.
|
|||
Last Updated ( Friday, 24 August 2018 ) |