124 ◾ Security Strategy: From Requirements to Reality
write access, and availability is about ensuring access (the CIA model). Authentication and autho-
rization control access to systems and data, whereas audit controls record access to these elements
(AAA model). e Trusted System Evaluation Criteria (TSEC) model is designed to prevent
unauthorized access, modifi cation (write access), destruction (write/delete access), or denial of
access to systems and data. erefore, the same principles used to defend castles can be applied to
in-house enclaves by leveraging advances in network bandwidth, fi rewall, and proxy technologies.
e following discussion presents one possible scenario for implementing limited and controlled
access points in a local (in-house) computing environment.
e local computing enclave, the other enclaves it connects to, and the associated infrastruc-
ture are areas that have a well-defi ned set of member entities and a set of access rules to defi ne what
entities (people or processes) can reside in the enclave, what entities have access into the enclave,
what entities have access out of the enclave, and what accesses within the enclave are permitted. A
simple example is the Internet (although it is hard to imagine it as an enclave) where any IP entity
can be placed in the enclave, any entity can gain access into the enclave, any entity in the enclave
can gain access out, and connections within the enclave are generally not restricted. e Internet
is like the countryside surrounding the castle: Anyone can move into the area, and they are free to
move about as they please, visiting people and villages to conduct their business. By contrast, the
castle keep was a highly restricted area where a limited number of nobles resided and access to and
from the keep was limited to a handful of trusted individuals (members of the court).
IT resources are placed into enclaves based on their value to the corporation. Although there
can be any number of enclaves within the local computing environment, four are fairly common:
core, internal, extranet, and external. Each enclave has a specifi c set of security rules that govern
internal operations and accesses from other enclaves. As in the castle, the most valuable assets are
placed in the core enclave, which is protected by a well-defi ned security boundary, limited access
points (gateways), continuous monitoring, and highly restricted access. Resources in the core
enclave would include critical network and corporate services such as directory, time and name
services, messaging, network management, and backup systems, as well as major corporate data-
bases and other valuable data stores.
Enclaves are governed by a set of security rules that defi ne fi ve specifi c things:
1. What entities can be located in the enclave
2. How entities interact within the enclave (internal operations)
3. What external entities are allowed access into the enclave
4. What internal entities are allowed access outside the enclave
5. How these activities will be monitored
ese rules limit and control the enclave’s boundary access points. For example, in the core enclave
the only entities allowed are critical systems, maintenance and support processes, and system
administrators. Interactions are limited to:
Authentication/authorization traffi c between systems and the credential authorities (domain ◾
controller, directory services, certifi cate services, etc.)
Domain naming (DNS), Network Time (NTP), traffi c between systems and infrastructure ◾
servers
Monitoring traffi c between systems and the system management stations (Microsoft opera- ◾
tions manager, IBM Tivoli, HP Openview, etc.)
Backup traffi c between systems and backup services ◾
TAF-K11348-10-0301-C008.indd 124TAF-K11348-10-0301-C008.indd 124 8/18/10 3:08:40 PM8/18/10 3:08:40 PM