The network security system is a complex system engineering, which needs to organically integrate the security organization system, security technology system and security management system to build an integrated overall security barrier. For network security protection, the United States has proposed multiple network security system models and architectures, among which the more classic ones include the PDRR model, P2DR model, IATF framework, and gold standard framework.
The PDRR model was proposed by the US Department of Defense (DoD), which is an abbreviation for Protection, Detection, Response, and Recovery. PDRR improves the traditional single security defense idea that only focuses on protection, and emphasizes the four important links of PDRR in information security. Figure 1 shows the main content of the PDRR model.
The PDRR model takes the security protection of information as the basis, regards protection as an active process, and uses detection methods to discover security loopholes and correct them in time; at the same time, emergency response measures are used to deal with various intrusions; after the system is invaded, corresponding measures must be taken Restore the system to the normal state, so that the security of information can be fully guaranteed. The model emphasizes the ability to automatically recover from failures.
In the late 1990s, the US International Internet Security Systems Corporation (ISS) proposed a time-based security model - Adaptive Network Security Model (Adaptive Network Security Model, ANSM), which is also known as P2DR (Policy Protection Detection Response )Model. This model can be quantified and mathematically proven. It is a time-based security model, which can be expressed as: security = risk analysis + execution strategy + system implementation + vulnerability monitoring + real-time response.
As shown in Figure 2, the P2DR model is under the control and guidance of the overall security strategy, while comprehensively using protection tools (such as firewalls, operating system authentication, encryption, etc.) and other systems) evaluate the security state of the system to keep the system at the lowest risk state. Security policy (Policy), protection (Protection), detection (Detection) and response (Response) constitute a complete dynamic cycle, under the guidance of security policy to ensure the security of information systems. The P2DR model proposes a brand-new security concept, that is, security cannot be achieved by purely static protection, nor by purely technical means.
The P2DR model is based on the mathematical model of time-based security theory (Time Based Security). The basic principle of this theory is: all activities related to information security, whether it is attack behavior, protection behavior, detection behavior and response behavior, etc., consume time, so time can be used to measure the security and security capabilities of a system.
The Information Assurance Technical Framework (IATF) was formulated and released by the US National Security Agency (NSA), and its predecessor was the Network Security Framework (NSF). Since 1998, NSA began to focus on the status quo of US informatization and the needs of information assurance, and established NSF. In 1999, NSA changed the name of NSF to IATF and released IATF 2.0. Until now, with the advancement of information technology in the United States and the gradual deepening of information security awareness, IATF is still improving and revising.
IATF is a series of guidelines for ensuring the security of information and information facilities. It defines a process for building an information assurance system and its software and hardware components. According to the so-called defense-in-depth strategy, it provides a multi-level and in-depth security measure to protect user information and Information system security.
IATF divides the information assurance technology level of information systems into four technical framework focus areas: Local Computing Environment, Enclave Boundaries, Networks & Infrastructures, and Supporting Infrastructure (Supporting Infrastructures), as shown in Figure 3. Within each focus area, the IATF describes its specific security requirements and corresponding controllable technical measures. The purpose of these four focus domains proposed by IATF is to allow people to understand different aspects of network security, to comprehensively analyze the security requirements of information systems, and to consider appropriate security defense mechanisms.
Among the four focus domains, the local computing environment includes servers, clients and the applications installed on them, operating systems, etc.; regional boundaries refer to local computing devices that are connected to each other through a local area network, adopt a single security policy, and do not consider physical locations A collection of networks and infrastructure to provide regional interconnection, including Operational Area Networks (OAN), Metropolitan Area Networks (MAN), Campus Area Networks (CAN) and Local Area Networks (LANs), involving a wide range of social groups and local users; supporting foundation Facilities provide the supporting foundation for information assurance mechanisms for network, domain, and computing environments.