Guard (information security)

Last updated

In information security, a guard is a device or system for allowing computers on otherwise separate networks to communicate, subject to configured constraints. In many respects a guard is like a firewall and guards may have similar functionality to a gateway.

Contents

Whereas a firewall is designed to limit traffic to certain services, a guard aims to control the information exchange that the network communication is supporting at the business level. Further, unlike a firewall a guard provides assurance that it is effective in providing this control even under attack and failure conditions.

A guard will typically sit between a protected network and an external network, and ensure the protected network is safe from threats posed by the external network and from leaks of sensitive information to the external network.

A guard is usually dual-homed, though guards can connect more than two networks, and acts as a full application layer proxy, engaging in separate communications on each interface. A guard will pass only the business information carried by the protocols from one network to another, and then only if the information passes configured checks which provide the required protection.

History

The development of guards began in the late 1970s with the creation of several "Secure Communications Processors" and "Guard" applications. The secure communications processors were high assurance operating systems and security kernels developed to support controlled plain-text bypasses for packet network encryption devices. The guard applications were designed to sanitise data being exported from a classified system to remove any sensitive information from it.

The Honeywell Secure Communications Processor (SCOMP) [1] was an early guard platform. This was evaluated against the DoD Computer Security Center Orange Book evaluation criteria at level A1.

The RSRE Secure User Environment (SUE) ran on a PDP-11/34. It was very simple separation kernel designed and constructed by T4 Division of the Royal Signals and Radar Establishment (RSRE) at Malvern, England. [2] [3]

The Advanced Command and Control Architectural Testbed (ACCAT) guard was developed to export email from a classified system through a human review stage. [4]

Later developments of guards addressed the problem of automatic "downgrading" of information exported from a classified system. The Secure Network Server (SNS) Mail Guard (SMG) enforced source/destination address whitelists, security label checks, attachment type filtering and digital signatures to ensure sensitive information is not released [5]

Firewalls were a later development, arriving around 1987. [6] Over time the functionality of firewalls have increased to provide similar capabilities to guards. The main difference remaining is that guards are built in such a way to provide assurance that they are effective at protecting the network and themselves.

The SWIPSY firewall toolkit was developed by the Defence Evaluation and Research Agency to act as a general Guard platform. SWIPSY was layered on top of Trusted Solaris 8.

Functionality

Guards were initially designed to control the release of information from classified systems, protecting the confidentiality of the sensitive information handled by the protected system. Since then their scope has been extended to cover controls over the import of data, in order to protect the integrity of information and availability of services in the protected network.

Guards generally provide the following functionality:

Assurance

Guards are functionally equivalent to a bastion host acting as an application proxy placed within a DMZ network, where the proxy imposes the necessary controls over the data that is exchanged to provide the protection against external threats and internal leaks. But they can be distinguished by the way they are constructed. A DMZ network relies on the outer packet filtering firewalls to route traffic to the bastion host. If the firewalls function incorrectly they may pass traffic through the DMZ without passing through the bastion host, so the checks imposed by the proxies are bypassed. Also, if the networking stack of the bastion host behaves incorrectly it may route traffic through the DMZ without passing through the proxies.

A guard is constructed so the software that needs to function correctly is minimised and that the work needed to demonstrate this to a third party is also minimised. That is, guards are engineered to provide assurance that they apply the appropriate checks. [7]

Guards can use a trusted operating system to separate the security critical checker components from the less critical protocol handling components. In this way failure of the protocol handling components cannot cause data to bypass the checker. [8] For example, Security-Enhanced Linux is used by the Nexor guards [9] and Solaris 10 with Trusted Extensions is used by the Radiant Mercury and the ISSE Guard, [10] and by Deep-Secure. The type enforcement controls developed for the LOCK operating system [11] were used in Sidewinder. [12]

Guards can also use physically separate computers to ensure that critical components are not bypassed. [13]

Products

Government-off-the-shelf products:

Commercial-off-the-shelf products:

See also

Related Research Articles

<span class="mw-page-title-main">Proxy server</span> Computer server that makes and receives requests on behalf of a user

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and performance in the process.

In computer security, a DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN): an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is protected behind a firewall. The DMZ functions as a small, isolated network positioned between the Internet and the private network.

<span class="mw-page-title-main">Personal firewall</span>

A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall.

<span class="mw-page-title-main">Port forwarding</span> Computer networking feature

In computer networking, port forwarding or port mapping is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall. This technique is most commonly used to make services on a host residing on a protected or masqueraded (internal) network available to hosts on the opposite side of the gateway, by remapping the destination IP address and port number of the communication to an internal host.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

An application firewall is a form of firewall that controls input/output or system calls of an application or service. It operates by monitoring and blocking communications based on a configured policy, generally with predefined rule sets to choose from. The application firewall can control communications up to the application layer of the OSI model, which is the highest operating layer, and where it gets its name. The two primary categories of application firewalls are network-based and host-based.

A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks, so named by analogy to the bastion, a military fortification. The computer generally hosts a single application or process, for example, a proxy server or load balancer, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or inside of a demilitarized zone (DMZ) and usually involves access from untrusted networks or computers. These computers are also equipped with special networking interfaces to withstand high-bandwidth attacks through the internet.

In computer networks, a tunneling protocol is a communication protocol which allows for the movement of data from one network to another. It involves allowing private network communications to be sent across a public network through a process called encapsulation.

An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.

Privacy software is software built to protect the privacy of its users. The software typically works in conjunction with Internet usage to control or limit the amount of information made available to third parties. The software can apply encryption or filtering of various kinds.

A unidirectional network is a network appliance or device that allows data to travel in only one direction. Data diodes can be found most commonly in high security environments, such as defense, where they serve as connections between two or more networks of differing security classifications. Given the rise of industrial IoT and digitization, this technology can now be found at the industrial control level for such facilities as nuclear power plants, power generation and safety critical systems like railway networks.

Defense in depth is a concept used in information security in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical security for the duration of the system's life cycle.

<span class="mw-page-title-main">Screened subnet</span>

In network security a screened subnet refers to the use of one or more logical screening routers as a firewall to define three separate subnets: an external router, that separates the external network from a perimeter network, and an internal router that separates the perimeter network from the internal network. The perimeter network, also called a border network or demilitarized zone (DMZ), is intended for hosting servers that are accessible from or have access to both the internal and external networks. The purpose of a screened subnet or DMZ is to establish a network with heightened security that is situated between an external and presumed hostile network, such as the Internet or an extranet, and an internal network.

Data loss prevention (DLP) software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.

A distributed firewall is a security application on a host machine of a network that protects the servers and user machines of its enterprise's networks against unwanted intrusion. A firewall is a system or group of systems that implements a set of security rules to enforce access control between two networks to protect the "inside" network from the "outside" network. They filter all traffic regardless of its origin—the Internet or the internal network. Usually deployed behind the traditional firewall, they provide a second layer of defense. The advantages of the distributed firewall allow security rules (policies) to be defined and pushed out on an enterprise-wide basis, which is necessary for larger enterprises.

A jump server, jump host or jump box is a system on a network used to access and manage devices in a separate security zone. A jump server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. The most common example is managing a host in a DMZ from trusted networks or computers.

<span class="mw-page-title-main">Ultrasurf</span>

UltraSurf is a freeware Internet censorship circumvention product created by UltraReach Internet Corporation. The software bypasses Internet censorship and firewalls using an HTTP proxy server, and employs encryption protocols for privacy.

<span class="mw-page-title-main">Nexor</span>

Nexor Limited is a privately held company based in Nottingham, providing products and services to safeguard government, defence and critical national infrastructure computer systems. It was originally known as X-Tel Services Limited.

SWIPSY was a firewall toolkit produced by the Defence Evaluation and Research Agency in the UK. The SWIPSY toolkit was an ITSEC E3 evaluated product that allowed additional code to be added to its security ‘compartments’ without affecting the evaluation status of the toolkit itself.

Data center security is the set of policies, precautions and practices adopted at a data center to avoid unauthorized access and manipulation of its resources. The data center houses the enterprise applications and data, hence why providing a proper security system is critical. Denial of service (DoS), theft of confidential information, data alteration, and data loss are some of the common security problems afflicting data center environments.

References

  1. Steven Padilla and Terry Benzel, Final Evaluation Report of SCOMP, CSC-EPL-85/001, 1985
  2. John Rushby (1981). "Design and Verification of Secure Systems" (PDF). ACM Operating Systems Review. SRI International Computer Science Laboratory. 15 (5): 12–21. doi:10.1145/1067627.806586.
  3. D H Barnes, Secure Communications Processor Research, Procs. 7th DoDNBS Computer Security Initiative Conference 1984
  4. Woodward, J.P.L, Applications for multilevel secure operating systems, Proc. AFIPS 1979 Nat. Comput. Conf., June, 1979
  5. R.E.Smith Constructing a High Assurance Mail Guard Archived 2012-06-17 at the Wayback Machine 1984
  6. Ingham, K and Forrest S A History and Survey of Network Firewalls
  7. Charles Maney Security Issues When Data Traverses Information Domains: Do Guards Effectively Address the Problem?
  8. Rick Smith The Challenge of Multilevel Security, Blackhat, Oct 2003
  9. "Nexor Sentinel 3E Filtering System Common Criteria Security Target"
  10. Cheryl Gerber Dot-Connecting Across Domains Archived 2016-01-31 at the Wayback Machine , Military Information Technology Vol 14 Issue 1Feb 2010
  11. Richard Smith Archived 2009-01-06 at the Wayback Machine Mandatory Protection for Internet Server Software
  12. Saydjari, Sami (May 1989). "LOCK Trek: Navigating Uncharted Space". Procs. IEEE Symp Security and Privacy.
  13. Read "Computers at Risk: Safe Computing in the Information Age" at NAP.edu. 1991. doi:10.17226/1581. ISBN   978-0-309-04388-5.
  14. "Radiant Mercury" (PDF).
  15. "Imagery Support Server Environment (ISSE) Guard".
  16. "Rockwell Collins High Assurance Guards".
  17. "Mail Guard". Archived from the original on 2012-07-21. Retrieved 2012-08-06.
  18. "Cross Domain Solutions".
  19. "Metro Guards".
  20. "SDoT Security Gateway".
  21. Focke, Michel. "SAGE Standard Automated Guard Environment Technical Overview". CiteSeerX   10.1.1.133.4225 .{{cite web}}: Missing or empty |url= (help)
  22. "Secure cross domain solution: SyBard". Archived from the original on 2012-05-28. Retrieved 2012-07-23.