Information Security Management System

An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.

ISO 27001 is a specification for creating an ISMS. It does not mandate specific actions, but includes suggestions for documentation, internal audits, continual improvement, and corrective and preventive action.

Chief objective of Information Security Management is to implement the appropriate measurements in order to eliminate or minimize the impact that various security related threats and vulnerabilities might have on an organization. In doing so, Information Security Management will enable implementing the desirable qualitative characteristics of the services offered by the organization (i.e. availability of services, preservation of data confidentiality and integrity etc.).

The expertise, which are necessary to implement these steps :

1.       Define ISMS Scope

Management defines the scope and the boundaries. Implementing an ISMS is an investment. Deciding and defining the scope must be done at the strategic level of the organization to ensure returns on investment.

2.       Define ISMS Policy

Normally this is done by an ISMS Cleints in consultation with ISMS Project team (composed of representatives from the scope). Draft ISMS Policy is then shoved up management's desks for review and approval.

3.       Define a Risk Assessment approach

If you have a consultant, the consultant may do this for you unless you do some research and litmus test on the various risk assessment methods to decide which fits your organization.

4.       Identify Risk

Asset owners or penetration tester if you have one.

5.       Analysis and evaluate risk

Asset owners.

6.       Perform risk treatment

Asset owners.

7.       select control objectives and control

Asset owners.

8.       Prepare a Statement of Applicability

ISMS Clients

9.       Approve residual risks

Management.

10.   Implement controls

Asset owners. Managers. To some extent this includes everybody in the defined scope. E.g. anyone using an anti-virus software, anyone closing the door at night, etc.

11.   Carry out training and awareness

Human resources for generic IS training and awareness. Members of the ISMS Project Team for more focused training per business unit.

12.   Manage Operations of the ISMS

ISMS Project Team and ISMS Clients

13.   Manage Resources

ISMS Clients

14.   Implement detective and reactive controls for security incidents

Depends on the security incident. In my recent project, physical incidents are managed by the Facilities Department. IT-related incidents by the IT.

15.   Monitor procedures and controls

Process owners and asset owners

16.   Review ISMS regularly

Internal ISMS auditors. External ISMS auditors. ISMS Clients. Risk owners. Asset owners. Management.

17.   Carry out improvement measures

ISMS Clients.

18.   Communicate the action that has been taken

Action owner.

 Firewall Policies for a Software Development Company

Major goal of Software Development Company is to design, develop and distribute software applications, framework or platform which belongs to interested domains such as finance, security, travel and tourism, healthcare, public services etc.  Different roles associated with software development company are as follows.

• Software Development Team (Software Architects, Engineers, Developers, QA Engineers, Business Analysts, Project Managers)
• Software Deployment and Support Team (Deployment Engineers, App Support Team)
• Enterprise Management (CEO, HR personnel)
• Marketing and Sales Team
• Customers and Clients

Depending on the nature of the business and the above stakeholders, the different segments of network design of Software Development Company can be listed as follows.

• Wired LAN for enterprise users
• Wireless LAN for mobile users
• Branch offices connect via WAN
• Server Rooms (File servers, Mail servers, App servers)
• Remote Data Centers and Server farms
• DMZ which interfaces with general public
• Home users connected via VPN
• Extranet for customers and clients

Before a firewall policy is created, some form of risk analysis should be performed to develop a list of the types of traffic needed by the organization and categorize how they must be secured—including which types of traffic can traverse a firewall under what circumstances.

Generally, firewalls should block all inbound and outbound traffic that has not been expressly permitted by the firewall policy. Which kind of traffic should be blocked can be defined by firewall policy and these policies which can be applied by software development organization can be categorized as follows.

• Policies based on IP address and Protocols

Network traffic can be blocked based on source and destinations address or protocols such as FTP, HTTP

• Policies based on applications

These policies provide application layer filtering and proxy server functionality.

• Policies based on user identity

Based on user authentication by using VPN,SSL etc.

• Policies based on network activity

Based on user activities on the network.

 References :
Karen Scarfone and Paul Hoffman,"Guidelines on Firewalls and Firewall Policy" ,In NIST Special Publication 800-41, Sept 2009
(http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf)

 Automated Threat Modelling

The threat modelling process describes here is a manual process where different personnel from software development life cycle should work together. Recently there are several research works have started on automating the threat modelling process. Security testing is also labor intensive because a real-world program usually has too many invalid inputs. Also it requires engineers to have deep software security skills to carry out some of the most important steps of this process, and training them on security is expensive. So researchers are interested in finding ways to partially or fully automate the threat modelling and security testing process.

In 2012, Guifre Ruiz et al. has proposed a new automated approach to analyze software designs to identify, risk rank and mitigate potential threats to the system. They have designed a new data structure to detect threats in software designs called Identification Tree and another new data structure to classify threat countermeasures called Mitigation Trees. The information of both of these data structures has been taken from several relevant security sources and standards. They have modeled and automated approach that relies on the these data structures to identify the potential threats to a system design, to purge the less relevant threats according to the user's policies, and computes the software specifications to mitigate those threats [1].

Microsoft also introduces a threat modelling tool called Security Development Life Cycle (SDL) Threat modeling tool. It makes threat modeling easier for all developers by providing guidance on creating and analyzing threat models [2].

While threat modeling can uncover the broad threats and vulnerabilities of an embedded system, it cannot mitigate those threats. To do so, development teams must practice defensive coding, engage in frequent code reviews, and perform penetration testing.

[1]. Guifre Ruiz et al.," Automating Threat Modeling through the Software Development Life-Cycle", Sep 2012(http://research.cs.wisc.edu/mist/papers/Guifre-sep2012.pdf)
[2]. SDL Threat Modeling Tool
http://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx

C++ Libraries

What is a library?

A library is a package of code that is meant to be reused by many programs. Typically C functions/C++ classes and methods which can be shared by more than one application are broken out of the application's source code, compiled and bundled into a library.

Why use libraries?

• Libraries rarely change, they do not need to be recompiled often. It would be a waste of time to recompile the library every time you wrote a program that used them.
• Each and every object file need not be stated when linking because the developer can reference the individual library. This simplifies the multiple use and sharing of software components between applications.
• Allows application vendors a way to simply release an API to interface with an application.
• Components which are large can be created for dynamic use, thus the library remain separate from the executable reducing it's size and thus disk space used. 
• Because precompiled objects are in machine language, it prevents people from accessing or changing the source code, which is important to businesses or people who don’t want to make their source code available for intellectual property reasons.

What library contains?

Typically, a C++ library comes in two pieces:

1) A header file that defines the functionality the library is exposing (offering) to the programs using it.
2) A precompiled binary that contains the implementation of that functionality pre-compiled into machine language.

Some libraries may be split into multiple files and/or have multiple header files.

Types of Libraries

There are two library types:

1)Static Library(Archive)

In windows : .lib extension

In Linux      : .a(archive)  extension

2)Dynamic Library(Shared Library)

In windows : .dll (Dyamic Link Library) extension

In Linux      : .so(Shared Object)  extension

Static Library	Dynamic Library
Consists of routines that are compiled and linked directly into your program.	Consists of routines that are loaded into your application at run time.
All the functionality of the static library becomes part of your executable.	The library does not become part of your executable — it remains as a separate unit.
Copy of the library becomes part of every executable that uses it, this can cause a lot of wasted space.	Many programs can share one copy, which saves space.
Static libraries also can not be upgraded easy — to update the library, the entire executable needs to be replaced.	Can be upgraded to a newer version without replacing all of the executables that use it.
Always loaded and whatever version of the code you compiled with is the version of the code that will run.	Dynamic libraries are stored and versioned separately.
Static binaries will load and run faster due to the fact that there is no need for extra indirection to access symbols.	Dynamic libraries are not linked into your program, programs using dynamic libraries must explicitly load and interface with the dynamic library.

References: Static and dynamic libraries

                     Static, Shared Dynamic and Loadable Linux Libraries

Setting up the Android Development Environment.

Setting up the Android Development Environment using Eclipse IDE is as follows.

•  Download  and install the latest version of Eclipse Classic for your Operating System from http://www.eclipse.org/downloads/. If you have not installed java already, you need to install JDK in order to run the Eclipse. Download the latest SDK form http://www.oracle.com/technetwork/java/javase/downloads/index.html

• Download and install the Android SDK from http://developer.android.com/sdk/index.html .Android SDK contains the core tools such as Android emulator, builder which are needed to build and run Android apps. 
• Install Android Development Tools(ADT).  ADT is an eclipse plugin and it can be installed using standard Eclipse plugin installation mechanism. ADT connects Android SDK with Eclipse.

                      In Eclipse go to Help -> Install new software and add https://dl-ssl.google.com/android/eclipse

                 

• Configure ADT – Set the Android SDK Location in ADT by going to Window -> Preferences in Eclipse

• Install Android packages – Configure the installed package by Window ->Android SDK Manager.

Useful Linux VI commands

Command Mode

Open File

·        vi filename         - edit filename starting at line 1

·         vi –r filename    - recover filename that was being edited when system crashed

Exit File

·         :q                            - To exit Vi

·         :wq or :x              - To exit Vi after saving the edited file

·         :q!                          - To exit Vi without saving the edited file

Move the cursor

·         j                               - ↓     one line

·         k                              - ↑     one line

·         h                             - ←     one character

·         l                               - →     one character

·         0                              - beginning of current line

·         $                              - end of current line

·         w                            - beginning of next word

·         b                             - beginning of previous word

·         nG (1G, 10G..)   - beginning of nth line

·         G                             - beginning of last line

·         H                             - Top of the screen

·         M                            - Middle of the screen

·         L                              - Bottom of the screen 

Screen Manipulation

·         ^f                            - ↓ (forward) one screen           

·         ^b                           - ↑(backward) one screen

·         ^d                           - ↓(down) half screen

·         ^u                           - ↑(up)half screen

·         ^l                            - redraw the screen

·         ^r                            - redraw the screen removing deleted lines

Searching Text

·         /string                  - Search forward occurrence of string from the current position

·         ?string                  - Search backward occurrence of string from the current position

·         n                             - Move to next occurrence

·         N                             - Move to next occurrence in opposite direction

Searching and Replacing Text(Substitute)

Search for the word ‘find’ and replace it with the word ‘new’

·         :s/find/new/       -  current line only

·         :1,10s/find/new/- line 1 to 10 only

·         :1,.s/find/new/  -  line 1 to current line

·         :1,$s/find/new/  -  line 1 to last line (entire file)

·         :-5,+5s/find/new/  -  5lines beyond the current line to 5 lines after current line

Determining line numbers

·         :.=                           - Line number of current line

·         :=                            - Total number of Lines

Saving and Reading Files

·         :r test                    - Read file named test and insert after the current line

·         :w                           - Write the current content of the file to the original file

·         :w nwfilename - Write the current content of the file to a new file called nwfilename

·         :4,9w newfile     - Write the content from line 4 -9 to a new file named newfile

·         :w! existfile        - Write the current contents over a existing file named existfile

Manipulating Text

Undo the last edition action

·         u                             - Undo the last action

Inserting or adding text

·         i                               - Insert text before cursor

·         I                               - Insert text at the end of the line

·         a                              - Append text after the cursor

·         A                             - Append text at the beginning of line

·         o                             - Put a new line below current line

·         O                             - Put a new line above current line

changing text

·         r                              - Replaces the character under cursor – no esc needed

·         R                             - Replace the characters starting from the current position- till esc

·         cw                          - Change the current word starting from the current position – till esc

·         cNw                       - Change the N words  starting with the current position – till esc

·         C                             - Replace the content in the current line after the current position

·         cc                            - Replace the entire line

·         Ncc                         - Replace next N lines  starting with the current line

changing text

·         x                              - Delete a single character under cursor

·         Nx                          - Delete N characters starting from the cursor

·         dw                          - Delete the content of the current word after the cursor

·         dNw                      - Delete the content of the next N words starting after the cursor

·         D                             - Delete the remainder of the current line after the cursor

·         dd                           - delete entire current line

·         Ndd                       - delete N lines, beginning with the current line

Copying and pasting text

·         yy                           - Copy the current line

·         Nyy                        - Copy the next N lines including the current line

·         p                             - Paste the copied lines after the current line

·         P                             - Paste the copied lines before the current line

Asynchronous (overlapped/nonblocing) IO

Using a feature in Win32 called overlapped IO, it is possible to set up all the IO operations to run concurrently and the program will be notified as each operation completes. The implementation of overlapped IO uses threads inside the kernel to do the work.  There are two situations where overlapped IO will always be performed synchronously.

ØDoing a write operation that causes a file to be extended.

Øreading or writing a compressed file

 ·   Allows several I/O calls to be pending at the same time.

·   Usually an asynchronous I/O call returns immediately, leaving the I/O call itself pending.

·   How do applications obtain the result of the I/O call? – There are four ways of using asynchronous I/O.

ØUsing events 

ØUsing the GetOverlappedResult function 

ØUsing asynchronous procedure calls (or APCs)

ØUsing I/O completion ports - particularly important because they are the only mechanism that is suited for high-volume servers that must maintain many simultaneous connections. Uses one active thread per processor.

IOCompletionPort – IOCP

·   I/O completion ports provide an efficient threading model for processing multiple asynchronous I/O requests on a multiprocessor system.

·   IOCP - very special kind of kernel object that coordinates how a pool of threads services overlapped requests, even across multiple processors.

·   IOCP allows to decouple the thread that starts an overlapped request from the thread that services it.

·   When a process creates an I/O completion port, the system creates an associated queue object for requests whose sole purpose is to service these requests.

·   IOCP allows an application to use a pool of threads that are created to process asynchronous I/O requests. This prevents the application from creating one thread per client which can have severe performance issues.

·    The overlapped I/O mechanism in Win32 allows an application to initiate an operation and receive notification of its completion later. The thread that initiates the overlapped operation is then free to do other things while the overlapped request completes behind the scenes.

·   The only I/O model that provides true scalability on Windows NT and Windows 2000 is overlapped I/O using completion ports for notification.

·    A completion port is a queue into which the operating system puts notifications of completed overlapped I/O requests.

How I/O Completion Ports Work

·   The CreateIoCompletionPort function creates an I/O completion port and associates one or more file handles with that port.

File handle - system abstraction representing an overlapped I/O endpoint.  Eg: file on disk, network endpoint, TCP socket, named pipe, or mail slot.

·   When an asynchronous I/O operation on one of these file handles completes, an I/O completion packet is queued in Last-in-first-out (FIFO) order to the associated I/O completion port.

·   Once the completion port has been created and sockets have been associated with it, one or more threads are needed to process the completion notifications.

·   Unlike some other operating systems, the Windows NT and Windows 2000 transport protocols do not have a sockets-style interface which applications can use to talk to them directly. Instead, they implement a much more general API called the Transport Driver Interface (TDI).

·   The Winsock kernel mode driver provides the sockets emulation (currently implemented in AFD.SYS).

Overview of Operation

•    To use an IO completion port, application creates a bunch of threads that all wait on the IO completion port.  These threads become the "pool" of threads that can take care of completed overlapped IO requests.
• A thread implicitly becomes part of the pool by waiting on the IO completion port.
•  Every time a new file is opened for overlapped IO, you associate its file handle with the IO completion port.
• Once this association is established, any file operation that completes successfully will cause an IO completion packet to be sent to the completion port.
•  This happens inside the operating system and is transparent to the program.
• In response to the IO completion packet, the completion port releases one of the waiting threads in the pool.
• The completion port does not create new threads if no threads are currently waiting.
• The released thread is given enough information to be able to identify the context of the completed overlapped IO operation.
•  The thread can then go off and handle the request as necessary, but it remains in the pool of threads that is assigned to the completion port.  
• The difference is that the thread becomes an active thread and not a waiting thread. When the thread is done handling the overlapped VO request, it should wait on the IO completion port again. 

Resource constraints that an application encounters when using Winsock

·   bandwidth of the network on which the application is sending data. -bandwidth management method are application-dependent

·    Virtual memory used by the application - use the SetWorkingSetSize Win32 API to increase the amount of physical memory the operating system will let it use

·   locked page limit - Whenever an application posts a send or receive, and AFD.SYS's buffering is disabled, all pages in the buffer are locked into physical memory. They need to be locked because the memory will be accessed by kernel-mode drivers and cannot be paged out for the duration of the access. The goal is to prevent an ill-behaved application from locking up all of the physical RAM and bringing down the system. This means that your application must be conscious of hitting a system-defined limit on the number of pages locked in memory.

·   system non-paged pool limit –

 Handling the resource constraints is complicated by the fact that there is no special error code returned when either of the conditions is encountered.

 Advantages:

·   IOCP using WinSock is very useful, robust, and scalable mechanism.

·   Completion ports and Windows Sockets 2.0 can be used to design applications that will scale to thousands of connections.

·   Mechanisms like the WSAAsyncSelect and select functions are provided for easier porting from Windows 3.1 and Unix respectively, but are not designed to scale.

·   The completion port mechanism is optimized for the operating system's internal workings.

·   There is no limit to the number of handles that can be used with an IOcompletion port.

·   IO completion ports allow one thread to queue a request and another thread to service it.