Vsia Ip Protection Measurements

8/2/2019 Vsia Ip Protection Measurements

1/42

VSI AllianceTM

White Paper

Technical Measures and

Best Practices forSecuring Proprietary Information

Version 1.0(IPPWP3 1.0)

Issued by the

Intellectual Property Protection

Development Working Group

November 2002


2/42


3/42

VSI Alliance (IPPWP3 1.0)

Copyright 2002 by the VSI Alliance, Inc. iAll Rights Reserved. VSIA CONFIDENTIAL DOCUMENT

NOT LEGAL ADVICE

The discussions of the law in this document are not intended to be legal advice.

This document is not to be used as a legal reference. Readers should refer totheir own legal counsel for answers to questions concerning the law.

Copyright 2002 by

VSI Alliance, Inc.

15495 Los Gatos Boulevard, Suite #3

Los Gatos, California 95032, USA

Phone: (408) 356-8800, Fax: 408-356-9018

http://www.vsi.org, [email protected]

VSI Alliance is a trademark of the VSI Alliance, Inc.

All other trademarks are the property of their respective owners.

Please send comments and questions to:

IP Protection Development Working Group (DWG), VSIA

Ian R. Mackintosh

Chair

3054 Three Springs Road, San Jose, CA 95140

408-406-3152, [email protected]

Raymond Burkley

Vice-Chair

Burkley Associates, P. O. Box 496, Cupertino, CA 95015

408-735-1540, [email protected]

VSI Alliance

115495 Los Gatos Blvd, Suite 3, Los Gatos, CA 95032

408-356-8800, info
http://www.vsi.org/http://www.vsi.org/


4/42


Copyright 2002 by the VSI Alliance, Inc. iiAll Rights Reserved. VSIA CONFIDENTIAL DOCUMENT


5/42


Copyright 2002 by the VSI Alliance, Inc. iiiAll Rights Reserved. VSIA CONFIDENTIAL DOCUMENT

Notice

The document is provided by VSIA subject to a license agreement, which restricts how thisdocument may be used.

THIS DOCUMENT MAY NOT BE COPIED, DUPLICATED, OROTHERWISE REPRODUCED.

THE DOCUMENT IS PROVIDED BY VSIA ON AN "AS-IS" BASIS, ANDVSIA HAS NO OBLIGATION TO PROVIDE ANY LEGAL OR TECHNICALASSISTANCE IN RESPECT THERETO, TO IMPROVE, ENHANCE,MAINTAIN OR MODIFY THE DOCUMENT, OR TO CORRECT ANYERRORS THEREIN. VSIA SHALL HAVE NO OBLIGATION FOR LOSS OFDATA OR FOR ANY OTHER DAMAGES, INCLUDING SPECIAL ORCONSEQUENTIAL DAMAGES, IN CONNECTION WITH THE USE OF

THE DOCUMENT. VSIA MAKES NO REPRESENTATIONS ORWARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUTLIMITATION, ANY WARRANTY AS TO INFRINGEMENT, OR THEIMPLIED PURPOSE. THE READER SHOULD BE AWARE THATIMPLEMENTATION OF THE DOCUMENT MAY REQUIRE USE OFSUBJECT MATTER COVERED BY PATENT OR OTHER INTELLECTUALPROPERTY RIGHTS OF THIRD PARTIES. NO LICENSE, IMMUNITY, OROTHER RIGHT IS GRANTED BY USE OF THIS DOCUMENT IN ANYSUCH THIRD-PARTY RIGHTS. NEITHER VSIA NOR ITS MEMBERSTAKE ANY POSITION WITH RESPECT TO THE EXISTENCE OR

VALIDITY OF ANY SUCH RIGHTS.


6/42


Copyright 2002 by the VSI Alliance, Inc. ivAll Rights Reserved. VSIA CONFIDENTIAL DOCUMENT


7/42


Copyright 2002 by the VSI Alliance, Inc. vAll Rights Reserved. VSIA CONFIDENTIAL DOCUMENT

Intellectual Property Protection

Development Working Group

Company Members

ARM Cadence Design SystemsECSI Ellipsis Digital Systems

Fujitsu IBM

Mentor Graphics Oki Telecom

Philips Semiconductor VCX

Individual MembersRaymond Burkley (Vice-Chairman) Eduardo Charbon

Suzanne P. Harrison Robert Helt

Ken Hodor Gerald N. Keeler

Ian R. Mackintosh (Chairman) Miodrag Potkonjak

Brahmajai Potu Gang Qu

Patrick H. Sullivan Joseph F. Villella, Jr.

Current DWG Member RepresentativesSimon Watt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ARM

Richard Terrill . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cadence Design Systems

Mark Bales . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cadence Design Systems

Adam Morawiec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ECSI

Minesh Shah . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fujitsu Ltd.

Takeshi Fuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fujitsu Ltd.

Ken Goodnow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IBMKen Hodor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Individual Member

Ian R. Mackintosh (Chair) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sonics

Al Kwok . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NetLogic MicrosystemsTadashi Hiruta. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Oki Electric Industry

Miodrag Potkonjak . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Individual Member

Patrick Beauvillard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Individual Member

Raymond Burkley (Vice-Chair) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Individual Member

Larry Rosenberg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VSIA-TC Chair

AuthorsHimanshu Dwivedi

Robert Helt

Myles Conley


8/42


Copyright 2002 by the VSI Alliance, Inc. viAll Rights Reserved. VSIA CONFIDENTIAL DOCUMENT


9/42


Copyright 2002 by the VSI Alliance, Inc. viiAll Rights Reserved. VSIA CONFIDENTIAL DOCUMENT

Revision History

Version 1.0 Jun02 Draft edited and formatted for member reviewVersion 1.0 Oct02 Copy edited for IPP DWG reviewVersion 1.0 Oct02 Copy edited and formatted for Board reviewVersion 1.0 Nov02 Formatted for final release


10/42


Copyright 2002 by the VSI Alliance, Inc. viiiAll Rights Reserved. VSIA CONFIDENTIAL DOCUMENT


11/42


Copyright 2002 by the VSI Alliance, Inc. ixAll Rights Reserved. VSIA CONFIDENTIAL DOCUMENT

Table of Contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Finding the Right Level of Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Establishing a Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Storage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Transport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

A. About the Authors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

B. Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

C. Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

List of TablesTable 1: Authorization and Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Table 2: Levels of Console Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Table 3: Remote Users Classification. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Table 4: Levels of Security Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Table 5: Levels of Security Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Table 6: Layers of Transport Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

List of Figures

Figure 1: IP Filters in Windows 2000 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Figure 2: Graphical Representation of SSH (Secure Shell) . . . . . . . . . . . . . . . . . . . . . 8

Figure 3: EM4 File System Encryption - Example 1 . . . . . . . . . . . . . . . . . . . . . . . . . 15



Figure 6: PGP Encryption - Example 1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Figure 7: PGP Encryption - Example 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Figure 8: PGP Encryption - Example 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Figure 9: PGP Encryption - Example 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Figure 10: Example of Best Practices for Protecting IP . . . . . . . . . . . . . . . . . . . . . . . 24
http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_27jun02_body.pdf/http://ip_whitepaper_rauchtobaker_body15may02.pdf/


12/42


Copyright 2002 by the VSI Alliance, Inc. xAll Rights Reserved. VSIA CONFIDENTIAL DOCUMENT
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


13/42


Copyright 2002 by the VSI Alliance, Inc. 1All Rights Reserved. VSIA CONFIDENTIAL DOCUMENT

Introduction

Preface

This white paper is a primer on digital security, and specifically, how it applies to the protectionof a companys proprietary information (or Intellectual PropertyIP). A survey of VSIAmembers in early 2001 showed us that many of you are directly involved in the everydaydevelopment, management, or use of proprietary information for your companies. This samesurvey told us that protecting this information from theft, misappropriation, compromise, andunauthorized access through your companys networks and systems is of tremendous currentinterest.

Our intent is to raise awareness about issues and challenges that need to be considered insecuring Access, Storage, and Transmission of your companys proprietary information anddescribe some best practices that companies implement. We assume only that you, orsomeone you work with, ultimately owns your organizations IP and that while you

personally may not have direct responsibility for deciding specific security technologies andoptions that your company deploys, you will want to or need to discuss this security with ITprofessionals. This paper begins the discussion about the need for security standards, andpresents a set of common best practices that might ultimately be extended in recommendationform for VSIA member companies.

Scope

The purpose of this document is to begin to define standards and best practices for securingintellectual property (IP) from external (outside the corporate perimeter) attacks and internal(inside the corporate perimeter) compromise. It covers protection for IP that is stored and forIP that is transported over data networks. This paper is for anyone in the SoC design

community who is involved in the development and management of designs, documents,specifications, and other information that is considered the lifeblood or IP of the business. Atone level, securing critical information from unauthorized access is the responsibility of allemployees. However, since IP is one of the pillars the company is built upon, it is particularlynecessary that everyone who develops, manages, or uses the companys IP must ensure that itis handled, distributed and stored with all due care.

Background

Attacks, probes, intrusions, and other types of exploits are constantly being attempted againstcorporate web sites and networks. Ask your security department how many times your firewallis probed each month. An IP Protection (IPP) Development Working Group (DWG) membernoted that the firewall on his home PC, using a dial-up connection, frequently records 10 ormore attempts in an hour. It is important to understand that these probes, threats, and attacksare aimed not just at high-profile, household-name companies, but also at smaller, lesserknown, and even unknown companies. Studies conducted by the FBI/CSI, SANS, and CERT,among others, all tend to report a rapid increase in the number of attacks that companies haveexperienced in the last five years. Threats can range from kids looking for the challenge andassociated bragging rights of breaking in to a site, to more disreputable individuals looking forcredit card numbers and other confidential information, to motivated, well paid professionalswho are hired for organized crime and corporate espionage.
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


14/42



At the next level, there are foreign government-sponsored groups strategically looking forweaknesses in the US critical infrastructure or information that could be used for competitiveadvantage. This expands the scope of the problem from the traditional targets of infrastructuressupporting financial institutions, utilities, government, and the military to chip manufacturersand the sites of large manufacturing and commerce companies. In highly competitive industriesand environments, unscrupulous companies may try to obtain information that can help them

compete more effectively. They look for data that will give them an edge in the market,including plans, designs, market data, cost, price, specifications, technology partnerships, bidinformation, and any other insight into what their competitors are doing. In short, theinformation that is useful for building your IP is also useful to them.

Take the case of Microsoft. In October, 2000, according to BBC News1 published reports,Microsoft discovered that someone had gained unauthorized access to its internal systems andmay have viewed some of the source code of key programs under development. While it wasreported that no source code had been taken or compromised, Microsoft spokesman RickMiller characterized the break-in as a deplorable act of industrial espionage. Microsoft calledin the FBI to assist in the subsequent investigation.

What is compelling about this story is that it happened to Microsoft, which knows that it is atarget for a wide range of attackers. Microsoft has taken the necessary precautions to protectitself with firewalls, intrusion detection devices, and other sophisticated technology, and has aworld-class security management team that knows how to plan for and respond to attacks.According to the BBC News report, even with its technology and expertise, Microsoft was notimmediately sure how long the attacker had been able to access its network. The originalstatements indicated up to five weeks, but were later proven to be twelve days. Other, lesssophisticated companies may not even know if they have been breeched. Possession of securitydevices and infrastructure cannot be enough. Unless you apply and profile the technologycorrectly, it may not be sufficient to help you when you need it the most. A company needs tohave the ability to detect, respond to, and re-create attacks, and hopefully, identify the attacker.

Finding the Right Level of SecurityGiven that any security system is a compromise between theoretical perfection and practicalreality, this specification does not attempt to define a perfectly secure system. Instead, aspectrum of recommendations and best practices are defined, with five general levels fromwhich the desired level of security may be compared. The lowest level defines the minimumlevel of security that any organization or individual who owns or maintains data processing andstorage equipment should implement. The highest level defines the ultimate level of securityattainable with state-of-the-art techniques and technologies.

1. BBC News, October 30, 2000: http://news.bbc.co.uk/hi/english/business/newsid_998000/998449.stm
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


15/42



Think of your house and the levels of security you apply to it. At the base level, you put lockson the doors and windows that help keep intruders from simply walking in. However, aminimally skilled person would be able to break the windows. It would take someone withmore proficiency and motivation to pick your locks, and while this raises the skill level neededto break in, the end result is that someone is still able to breech your security. You can add analarm system and motion detectors to alert you and the local police department that someone

has entered the perimeter and tripped the alarm. The intruder, while under a definite timeconstraint, still has some time to get something of value and run. You can add a dog, which willgive you additional advanced notice, but might be circumvented with a bone. In ascendingorder of strength, you can add neighborhood watch, gates, moat and alligators or guard towers,and soon, you are reasonably certain that only someone who is motivated and skilled enoughfor a Hollywood heist film would be able to get into your house.

It should be noted that in determining the right level of security for you, there is a return-on-investment (ROI) or break-even point on the costs required to reach the next level. As a generalrule, there is an exponential function of the security realized by the increased investment fromeach level to the next. This is because there is a diminishing return from implementing a newsecurity technology and the vulnerabilities it can address relative to your total security

exposure. A firewall, like locks on doors and windows, protects against someone breaking intoyour site unnoticed. However, as with the house model, if you require complete information onnumber of attempts and successful attempts to enter or identification of the intruders, you willneed to invest in more elaborate measures, such as card readers or armed security. The same istrue for your IP. In order to elevate the bar for the skill required to breech your current level ofsecurity, an investment must be made that must be valued against the information you areprotecting. In a related observation, Richard Clarke of President Bushs Critical InfrastructureDepartment stated, Most Fortune 500 companies spent .0025% of revenue on IT securityless than coffee. [Now,] if you spent .0025%, you deserve to be hacked. And by the way, you

will be.2 This implies that many companies have not been properly concerned aboutprotecting their IP, and that there is a lot of room for increasing efforts to protect IP.

In many cases, the ROI will not be sufficient to warrant the cost of attaining the highest levelof security. It is often the case that the ROI of implementing security improves when securityis integrated as early as possible in the architecture or design phase. It is much easier to buildsecurity into the architecture than it is to retrofit it. Likewise, the cost of enabling theappropriate level of security for a given situation depends on many factors associated with thelevel of security desired; the size and type of company; the type and value of the IP to beprotected; and so on. The cost and ROI need to be analyzed on an individual company basis tomeet the needs and financial capabilities of the company.

2. Speech by Richard A. Clarke, Special Advisor to the President for Cyber Security. February 14, 2002.

Also, Wired Digital, Inc. Wired Magazine. The Sentinel by Declan McCullagh, Washington Bureau

Chief for Wired News, October 2000. http://www.wired.com/wired/archive/10.03/clarke_pr.html
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


16/42


http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


17/42



Establishing a Framework

Protecting IP can be a daunting task. The highly sensitive data to be secured may reside onmany different systems, be accessible by a wide spectrum of users, be managed by multipleowners, and require varying levels of access. In a company with 10,000 employees, securingcritical intellectual information is not an easy task, especially with different levels of access forvarious users. For example, what is the proper procedure for securing salary information for alarge software company? Encryption of the data on the physical disk is a given, but accesscontrols and lockout measures to the files also need to be considered. Securing the underlyingoperating system, including patches and updates, is critical. The network also needs to beconsidered, including firewall or router Access Control Lists (ACLs), access to differentsubnets or management networks. Additionally, business needs and functional requirementsneed to be supported, such as the need for 75 percent of the company to access criticalinformation on a daily basis, both from work and at home. This is combined with the fact thatout of the 75 percent that need access, only 74 percent care about security.

Protecting data, whether it is salary information or IP, can be difficult. Unlike salaryinformation, IP needs to be accessed by employees on a daily basis from everywhere thecompany does business. This has come to include remote offices, hotels rooms, externalbusiness partners, and employees homes. When properly implemented, security measures andprocedures can help an organizations security needs andadd a level of functionality for manyusers.

This document organizes IP security into three general areas:

Access (internal and external), including authorization and authentication of users

Storage (physical storage), including host systems

Transport (network facilities), including Local Area Networks, Wide Area Networks,

and Virtual Private Network technologies.The delineation between these components is often difficult to define due to the way IP isdistributed throughout a companys infrastructure (networks and host systems), the wide rangeof applications that use IP, and remote networking methodologies such as VPN and tunneling.

Access

Access to data that supports business and technical development needs to foster openness.Information flowing easily from a data center to an authorized user does not have to mean thatno security is involved. Most importantly, the process of securing the data must be efficient inorder to be practiced.
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


18/42



Internal

Authorization and Authentication

Each department should establish data ownership. Additionally, different levels ofauthorization should be established to determine the type of access to information a databaseengineer needs (level 4) versus the access that a sales engineer needs (level 1). After data

ownership is established between departments, the right to grant or deny individuals ordepartments needs to be determined. The determining factor of classes should be based on jobrequirement, job responsibility, and functional duties. Each department should have a qualifiedclass level. For example, if you are in department X with the Y job functions and Zresponsibilities, you might be granted an authorization rating of 4. The level will not onlydetermine what portions of the IP you may access, but also determine what type ofauthentication is required to access that information. Depending on the different levels of dataclassification and ownership, different levels of authentication would be required. Thefollowing is an example of possible classification types and authorization requirements for achip manufacturer:

Table 1: Authorization and Authentication

Authentication Types

There are several authentication mechanisms that can be used individually or in combination.Username and passwords are the first level. However, any username and password used forauthentication should always use secure encrypted protocols such as Kerberos, SSH, IPSEC,

NTLMv2, and so on. Protocols used for authentication that have known security problemsshould be restricted, such as NTLM, Telnet, FTP, Citrix, PPTP, and so on. The insecureprotocols add weaknesses to the overall authentication system, and therefore, should not beused.

Levels of Security Authentication

LEVEL DESCRIPTION AUTHORIZATION TYPES ADDITIONAL ACCESS CONTROLS

1 Contractors, guests, andother temporary positions

Username and password Operating system security

2 Sales, HR, f inance Username and password,public/private key authentication

Operating system security

3 IT department,management network,sensitive subnets

Username and password,public/private key authentication

Operating system security, firewallrulesets and router ACLs

4 IP departments,engineers anddepartments that supportthe chip design

Username and password,public/private key authentication,hardware tokens

Operating system security, firewallrulesets and router ACLs, operatingsystem ACLs

5 IP departments/engineers working onchip design

Username and password, public/pri-vate key authentication, hardwaretokens, One time password usagesystem

Operating system security, firewallrulesets and router ACLs, operatingsystem ACLs
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


19/42



A second level of authentication can be added through operating system ACLs. Specificpermissions or restrictions should be placed on both the file and network level. Restrictions toindividual files and folders should be implemented in addition to the ability to have access(authentication rights) to log on to the machine. For example, a user in department Z, securitylevel 4, should be given specific rights to access appropriate folders and denied for the rest. OnUNIX systems, the TCP wrapper program should be implemented to grant access only to

appropriate users from specific IP addresses or subnets. The Windows 2000 IP Filters offersimilar functionality. Therefore, even if an unauthorized user possesses a valid username andpassword for the user in department Z, authentication does not succeed unless the user connectsfrom the appropriate subnet. The following figure shows a screen shot of IP Filters in Windows2000.

Figure 1: IP Filters in Windows 2000
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


20/42



The third level of authentication is a public and private key combination. There are severalways to use a public and private key system, including SSH (Secure Shell). Using SSH, the useris required to hold a public key and private key to authenticate to a particular server. Both theserver and client are required to hold the users public key. The client needs both a private keyand a correct password to authenticate to the public key. After authentication to the public key,the public key is used to authenticate to the server, which also has a copy of the users public

key to match credentials. Using this scenario, a lost username and password does not grant anyaccess unless the unauthorized user has managed to capture the public and private key of theauthorized user, which should be stored in two separate and secure places on the operatingsystem. The following figure shows a graphical representation of SSH.

Figure 2: Graphical Representation of SSH (Secure Shell)

The fourth level of authentication could be a hardware token, such as SecureID from RSA(please refer to www.rsa.com for more information). SecureID requires a user to physicallypossess a hardware token, the SecureID object, to be used for authentication. Without goinginto detail about SecureID, the token displays a changing password authentication scheme

which the user needs to authenticate to the appropriate server. Therefore, attackers whosuccessfully steal a username, password, and both SSH public and private keys are blocked ifthey do not physically possess the appropriate SecureID token.

Secured ServerNOC Workstation

Holds SSHPublic andPrivate keys Holds SSH

Public keys

2. SSH public key sent

3. SSH public successfully matched

1. SSH password

matched against

private key

4. SSH session begins
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


21/42



Authentication Tracking

After authentication has been completed, the use of privileged user or department credentialsshould be tracked. It is difficult to impossible to verify if any unauthorized use is occurringwithout the proper audit trails and timestamps. In additional to providing evidence on when thedata was accessed and by whom, log files provide a method of tracking who is viewinginformation, if or what something has been copied, and if someone has copied sensitiveinformation. As a policy, users should be required to work on appropriate and secured servers.For example, if any authorized user copies IP to inappropriate servers, unauthorized accessshould be suspected even though the user is granted the highest security clearance. Copyingany IP information off of authorized servers should be strictly prohibited. Furthermore, if anyremoval of the information occurs, even by an authorized user, the event needs to be recorded.For example, authorized users may copy a piece of data to their local machine. However, inmost environments, the users local machine may be insecure or shared between various userswho do not possess the same level of clearance. This situation is a direct violation of securitybecause the data is now in greater jeopardy. When dealing with IP, appropriate loggingmeasures provide an organization with the necessary information and controls to improve theprotection of their data.

Console Privacy

Console privacy can be as simple as it sounds: simply controlling physical access to onesmachine. However, a screensaver on a Windows 9x machine should not be the only measure.There are many ways to get the password from a Window 9x screensaver, which, if theunauthorized user is lucky, will be the same password that the user uses on the network.Protecting intellectual property requires steps beyond screensaver passwords, such as usingdisk-encryption software to control access to sensitive information on the local drive.Additionally, BIOS passwords should be implemented to prevent the ability to boot off of othermedia, such as a CD-ROM or floppy disk, and thus gain access to an operating systems foldersand password files. The following table describes recommended levels of console securitymethods.

Table 2: Levels of Console Security

Levels of Console Security

LEVEL DESCRIPTION CONSOLE SECURITY METHODS

1 Contractors, guests, and other temporary posi-tions

Screen saver passwords

2 Sales, HR, Finance Screen saver passwords, Encrypted PGPdisk/E4Mdisk, BIOS passwords

3 IT department, management network, sensitivesubnets

Screen saver passwords, encrypted PGPdisk/E4M disk,BIOS passwords

4 IP departments/engineers and departmentssupport the chip design


5 IP departments/engineers working on chipdesign

http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


22/42



External

Authorization

The IT security policy needs to clearly define the corporate policy for offsite remote access.External users should be categorized into security profiles, based on desired type of remoteaccess, to ensure that critical information is not going offsite to unauthorized users. For

example, users who simply need to use email from remote sites will probably pose a smallerrisk than users doing remote development work on source code or databases. The usercategorization allows employers to clearly define what type of access rights require a basiclevel of security precaution (for example, username and password) as opposed to multiplelevels of security. The following table gives an example of five different levels of access forremote user.

Table 3: Remote Users Classification

Remote Users Classification

LEVEL TYPE OF ACCESS DESCRIPTION

1 Email access A level 1 type of user will only require access to email from off-sitelocations.

2 Email accessOn-line administrativeapplications (calendaring,timesheet apps, and so on.)

A level 2 type of user will require access to email and other administrativeapplications; however, none of this information is sensitive or critical to theemployers core business.

3 Email accessOn-line administrativeapplications (calendaring,timesheet apps, and so on.)File server access

A level 3 type of user will require both level 1 and 2 types of informationand will require access to actual files and file servers in the internalnetwork. However, the files and/or servers are not considered to hold IP.

4 Email accessOn-line administrative

applications (calendaring,timesheet apps, and so on.)File server accessSensitive file servers

A level 4 type of user will require all of the above and access to informationand/or servers that are sensitive and critical to the employers core busi-

ness practices and strategies. A level 4 type of user will have access to thecompanys business goals and financial statement.

5 Email accessOn-line administrativeapplications (calendaring,timesheet apps, and so on.)File server accessSensitive file serversCritical data stores

A level 5 type of user will require all of the above and access to informationand/or servers that hold sensitive data stores that are critical to theemployers core product or service line. A level 5 type of user will haveaccess to source code files and other types of IP.
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


23/42



Authentication

External authentication needs to be multi-factored and controlled, with proper auditing inplace. Different levels of external authorization should be established and correlated to theclassification of the user. For example, a network administrator might need level 4, and aproject manager might only need level 2. After user classification is established, the ability togrant or deny individuals or departments can be determined. The classification factor of classesshould be based on desired access, job responsibility, and functional duties. For example, if auser needs to access source code information for a business partner network, the user will beclassified as level 4 and required to use the appropriate types of authentication. Depending onthe different levels of user classification, different levels of authentication would be required.The following table gives an example of possible classification types and authorizationrequirements.

Table 4: Levels of Security Authentication

Levels of Security Authentication

LEVEL TYPE OF ACCESS AUTHORIZATION TYPES TYPES OF TYPICAL USERS

1 Email access Username and password Contractors, guests, andother temporary positions

2 Email accessOn-line administrative applications(calendaring, timesheet apps, and so on.)

Username and password Sales, HR, finance

3 Email accessOn-line administrative applications(calendaring, timesheet apps, and so on.)File server access

Username and password,public/private keyauthentication, VPN (IPSEC)tunnels

IT department,management network,sensitive subnets

4 Email accessOn-line administrative applications(calendaring, timesheet apps, and so on.)File server accessSensitive file servers

Username and password,public/private keyauthentication, VPN (IPSEC)tunnels, Secure ID token

Executive positions andfinancial departments

5 Email accessOn-line administrative applications(calendaring, timesheet apps, and so on.)File server accessSensitive file serversCritical data stores

Username and password,public/private keyauthentication, VPN (IPSEC)tunnels, Secure ID token,one-time password usagesystem

IP departments/engineersworking on chip design
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


24/42



Remote Access

Remote access for external untrusted sites, such as the Internet and business partner locations,needs to be easy and streamlined, without adding complex levels of security. Level 1 users (foremail) and level 2 users (for email and access to administrative applications such ascalendaring) can dial into networked devices that accept incoming connections on a regularphone line or Ethernet connection. This process can be accomplished with a variety of devices,such as the Cisco RADIUS server, Microsoft VPN (PPTP) server, and Sun MicrosystemsSunscreen server. The user is required to enter a username and password in order to accessemail. Levels 3 to 5 (which require access from regular file servers to sensitive data stores)should have a multi-factor authentication. The external user is required to have a regularusername and password to access email and calendaring applications, along with additionalpasswords, authentication keys, or SecureID or one-time passwords to access other devices indifferent parts of the internal network. Devices that are involved in these levels are SSHservers, VPN servers, RSA servers, and so on. These devices support all types of platforms(Microsoft Windows, Sun Solaris, and all types of Linux operating systems) that the end usermay be using. Additionally, all three of these further layers of authentication can be virtuallyinvisible or highly streamlined to the end user, thus hiding any complexity.

In additional to SSH, VPN, and SecureID remote access methods, all level 3 to level 5 usersshould have a secured operating system from which the remote user can access the companyscritical resources. An insecure workstation combined with a very secure remote access solutioncreates a weak link in the network. An attacker could compromise a users workstation and usethe existing VPN or SSH connections to the corporate network to access information and stealor modify data. Since remote access methods usually subvert most firewalls, attackers targetthese attack methods. (More information on DSL and Cable home users is provided in theTransfer section.)

Monitoring

In most networks, information is passed from a variety of locations and in a variety of ways,

both in the internal network and external network. With the increase of business partnernetworks and extranets, it is important to understand what is happening on a companysnetwork, especially in areas where external users may be allowed access. Monitoring, whetherby Intrusion Detection Systems (IDS), operating systems logs, or firewall logs, needs to be inplace and at appropriate levels. Appropriate logging and IDS devices allow an administrator tosee that a certain network is being attacked or that an external user just logged into the sourcecode database. Not only does this information provide real-time alerts to appropriateadministrators, but it also provides post-mortem understanding of a possible security event orsituation. The lack of IDS monitor or log collection may allow attackers to virtually gounnoticed for several weeks, or even months, if nothing traces unauthorized access orsuspicious use.

A best practice for monitoring is to deploy a central log server in a given network, such as aSyslog server. A central log server can hold critical information from all types of devices in thenetwork, including firewalls, routers, Solaris systems, and Microsoft systems, allowing anadministrator to view and analyze log data from a central and convenient location.


25/42



In addition to providing a central repository for analysis, a central log server also increasessecurity by moving critical log information off of regular systems and into a secured log server.If attackers compromises a machine, they will probably delete all log information immediately,in order to remove all traces of their activities. However, if all logs are exported to a securedcentral log server, the attacker would not be able to remove any traces, thus increasing thelikelihood of catching the incident and recovering a possible loss.

Storage

Thus far, we have discussed data as it is transferred through internal and external networks andhow to protect data over the wire. However, after the data reaches the disk, how secure is it?Lets say that all the protocols are secure, from SSH and SSL to IPSec, and now the data issitting on a physical disk drive; is it still susceptible to attacks? Data in storage is one of themost common perceptions of trust, meaning that security usually focuses on protocols andarchitecture, not the actual data on the disk. The data on the disk is often considered to be safe,since multiple firewalls and encryption are used on the network. However, the truth is that datain storage is exposed if an unauthorized person is able to worm their way onto the drive.

The obvious solution is encryption of the data on the disk, but how does that affect thefunctionality of the network and the ability of employees to do their job without overbearingsecurity controls? The answer to that question is never easy. In fact, this issue is not usuallyaddressed because there is not a good solution that addresses all vulnerabilities. However, thesolution does not have to encompass everything, as long there is a solution that protects the datain storage more than in the file system permissions. Furthermore, the solution does not have tobe overly complicated, and products such as PGP (www.pgp.com), E4M (www.e4m.net), andProtegrity (www.protegrity.com), can help address many of these issues.

The first step is similar to those discussed in prior sections. However, instead of simplyconsidering the ownership of the data, we need to consider the sensitivity of the data. Forexample, the core source code for Windows 2000 is important to protect; however, freelyavailable libraries and data files that the source code includes are not necessary to protect. It is

very important to classify the proprietary data on the disk into categories that are appropriatefor the environment, and classification can be as simple as not sensitive, sensitive, and highlysensitive.

The first step is for each organization to establish categories for data sensitivity. Differentlevels of sensitivity will determine the type of encryption to use or not to use on the disk. Core(kernel) source code data needs a higher level (level 1) than data for shared libraries (level 4).Furthermore, core source code data requires a high level of encryption on the disk, and shouldonly be accessible to core individuals that have a business requirement to access theinformation. Using the above scenario, data that is involved in the final design was actuallytaken from industry standards, so it requires low to no levels of encryption, and therefore, thedata can sit in the clear.
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


26/42



Depending on the different levels of data sensitivity, different levels and types of encryptionare required. The following table gives an example of possible classification types andencryption requirements for a chip manufacturer.

Table 5: Levels of Security Encryption

Levels of Security Encryption

LEVEL DESCRIPTION ENCRYPTION TYPES EXAMPLE TOOLS

1 Free available data sets None N/A

2 Propriety code for productsthat do not highly influencethe financial statements ofthe company

Encryption of data in shared fi le systems

Encrypted databases

PGP, E4M

Protegrity, Oracle 9i

3 Propriety code for productswith highly bloodthirsty com-petitors


Encryption of individual data sets

Encrypted databases

Encrypted email

PGP, E4M

PGP


PGP

4 Core source code for allproducts

Encrypted file system on all workstations


Encryption of individual data sets

Encrypted databases

Encrypted email

PGP, E4M

PGP, E4M

PGP


PGP


27/42



File System Encryption

File system encryption means having a data drive encrypted. This drive can hold multiple datasets, files, folders, binaries, C and C++ files, and so on. Whether this encrypted file system ison a local workstation or on shared resources, a proper username and password and/or a privatekey would be required to decrypt the drive to access the data. The following two examples

show a publicly available tool for file system encryption and the Windows 2000 method of filelevel encryption (Encrypted File System [EFS]).

Figure 3: EM4 File System Encryption - Example 1

E4M mounts an entire encrypted file system with a valid password that cannot be viewed tounauthorized users.

http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


28/42



The encrypted file system appears after successful authentication.


File or folder encryption can be used on Windows 2000 for both local and remote resources.

Data Set Encryption

Data set encryption involves encrypting individual files or datasets themselves. These files canrange from a C++ file to a JAVA library file that is propriety to the organization. Data setencryption is encrypted on an individual level, with each file requiring a username andpasswords for valid authentication. Below is PGP encryption for an individual file.

Figure 6: PGP Encryption - Example 1

The user selects which individuals are authorized to view the file.
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


29/42




PGP encrypts the individual file.


The encrypted file is created.
http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/http://ip_whitepaper_rauchtobaker_28oct02_body.pdf/


30/42




A valid passphrase is required to decrypt the file for usage. Notice that only the authorized userwho was initially selected is able to attempt to decrypt and view the file.

Database Encryption

There is a lot of concern about the amount of encryption used in databases. Since most coredata to products and designs are in databases, such as Oracle, MS-SQL, or mySQL, databaseencryption is of primary concern. Database encryption provides a method for valid users toview only the materials they need to perform their business functions. With databaseencryption, if an unauthorized user is able to subvert the file system permission, a validpassphrase or private key is needed to view the data, or else the unauthorized user would justview encrypted garbage. This method protects against weak or non-exiting file permissions andallows all database information to be sitting on the disk in an encrypted format. Protegrity isone example of software that can be used for encryption on databases. Additionally, Oracle 9i(www.oracle.com) inherently provides database encryption with its software package.

Email Encryption

An email containing any amount of IP must be appropriately secured. Email protocols are inclear-text, and email systems are often popular targets. With todays ever-growing electroniccommerce, email is the prime source for communication. However, email has also become theprime source for the exchange of files, datasets, and code between co-workers or officelocations. With this trend, propriety information is being sent out of the company into remotemail

Vsia Ip Protection Measurements

Documents

Transcript of Vsia Ip Protection Measurements