Information Technology Reference
In-Depth Information
Second sub-taxonomy is formed taking into
account types and categories of as-
sets
. Assets are divided on the following types: (1) informational resources (confiden-
tial and critical information); (2) software resources (OS, DBMS, etc.); (3) physical
resources (servers, workstations, etc.); (4) services (web, mail, ftp, etc). There are
several approaches for assets categorizing. We use an approach which is based on di-
viding of assets into groups by confidentiality and criticality levels (fig.6). Examples
of security metrics of this taxonomy are as follows: total score of confidentiality and
criticality of assets that have been successfully attacked; number of confidential and
critical assets that have been successfully attacked, etc.
Evaluation of these metrics is based on attacks results and reaction of the analyzed
system.
Assets categories
By confidentiality level
By criticality level
•
Top Secret (8-10]
•
Critical (8-10]
•
Secret (5-8]
•
Important (2-8]
•
For internal utilization (0-5]
•
Insignificant (0-2]
•
Open [0]
•
Uncritical [0]
Fig. 6.
Security metrics sub-taxonomy based on assets' categories
7 Case Study
For testing and evaluating our approach we specified, developed and deployed the
computer network which configuration is shown in fig.7. The experiments were car-
ried out using “VMWare Workstation 5.0”, that allows to emulate the work of per-
sonal computers and to form a virtual computer networks.
The network consists of the following three subnets: (1) Internet area including
hosts
Internet_host
and
ISP_DNS
with IP-addresses 195.19.200.*; (2) demilitarized
zone including two servers with IP-addresses 192.168.0.*; (3) local area network with
IP-addresses 10.0.0.*. The basic elements of the network are: (1) Internet host with
SAS; (2) Firewall 1 - a firewall between Internet and demilitarized subnet; (3) File
Server and (4) Mail Server - servers, located in the demilitarized subnet; (5) Firewall
2 - a firewall between local area network and demilitarized subnet; (6) DNS server -
a local DNS server, which services the clients from LAN; (7) AAA Server - an au-
thentication, authorization and accounting server; (8) Workstation 1..4 - workstations.
The generalized functional scheme of SAS prototype implemented is presented on
fig.8.
The model of analyzed system uses specification of security policy and system ar-
chitecture, defined on Security Policy Language (SPL) and System Description Lan-
guage (SDL) [27]. SDL and SPL are represented in Common Information Model
(CIM) format. The Common Information Model (CIM) is an approach from the
DMTF to the management of systems, applications, networks and services that
