Using Enterprise Architecture Framework to Design Network Security

Architecture

MAHDIREZA MOHAJERANI and ALI MOEINI

Informatics Center and School of Engineering
University of Tehran
No. 286, Keshavarz Blvd, Tehran
IRAN

Abstract:-In the recent years, Information Technology (IT) has come to play an important, and often vital, role
in almost all aspects of the life and so there is a growing role and importance for the enterprise architecture
(EA) in the management of the organizations. Network security architecture, which can be referred as a
comprehensive description of all of the key elements and relationships that make up an organization network
security, is a critical business concern, due to the rapidly growing of vulnerabilities in the systems. This paper
presents an approach to use enterprise architecture models as a framework to design network security
architecture. The network security architecture of academic centers is discussed as a case study to show how a
conceptual model can be applied to a real organization.

Keywords: - Enterprise Architecture, Security Architecture, Zachman framework, Network Architecture,

Network Security

1 Introduction network attacks vary in degree from mildly

Today, there is a growing movement among both annoying to completely debilitating, and the cost of
business managers and IT managers to use the term recovery from attacks can range from hundreds to
“enterprise architecture” to refer to a comprehensive millions of dollars [3].
description of all of the key elements and This paper presents a network security
relationships that make up an organization. Much architecture using enterprise architecture model and
like a homeowner designing a home, information as a practical model, the Zachman framework. The
technology managers work with an architect to aim of this architecture is to organize the data,
provide an agreed upon architectural drawing for the process and technology around the points of view
information and processes in the enterprise. This taken by various players instead of representing
high level architectural drawing does not change them as entirely separate entities. For this, we’ll
with tactical decisions to deploy improved discuss the architecture models in network security
technology since it is simply built around a in more details in section 2. An example for
framework of business processes and the designing security architecture of academic centers
information that they need [2]. Based on this, based on Zachman framework is presented in
enterprise information architecture provides a section 3 and section 4 is the conclusion of the
framework for reducing information system paper.
complexity and enabling enterprise information
sharing. Since most enterprises have existing
information systems, the architectural drawing
provides the future state and facilitates the best
2 Architecture Models in Network
possible strategy to remodel with the least amount of Security
inconvenience to the business [1][10]. The rapidly The objective of network security architecture is
growing interconnectivity of IT systems, and the to provide the conceptual design of the network
convergence of their technology, renders these security infrastructure, related security mechanisms,
systems increasingly vulnerable to malicious and related security policies and procedures. The
attacks. Network attacks cause organizations several security architecture links the components of the
hours or days of downtime and serious breaches in security infrastructure as one cohesive unit. The goal
data confidentiality and integrity. Depending on the of this cohesive unit is to protect corporate
level of the attack and the type of information that information [3]. The security architecture should be
has been compromised, the consequences of developed by both the network design and the IT
security teams. It is typically integrated into the The problem with these models is that most software
existing enterprise network and is dependent on the definitions lump security into the same class as other
IT services that are offered through the network non-functional system requirements, such as
infrastructure. The access and security requirements availability, portability and performance. However,
of each IT service should be defined before the security does not belong within a system in the same
network is divided into modules with clearly manner as the other requirements and cannot be
identified trust levels. Each module can be treated treated in a uniform manner [7].
separately and assigned a different security model. Using enterprise architecture frameworks is another
The goal is to have layers of security so that a approach to design network security architecture.
"successful" intruder's access is constrained to a One of the frameworks that is widely used in
limited part of the network. Just as the bulkhead information system architecture is the Zachman
design in a ship can contain a leak so that the entire Framework. The Zachman Framework for
ship does not sink, the layered security design limits Information Systems Architecture (ISA), defined in
the damage a security breach has on the health of the 1987, is a logical construct to define and control the
entire network. In addition, the architecture should interfaces and integration of all components of a
define common security services to be implemented system. The framework of the Zachman model
across the network [7]. To design network enables systematic capture of system specific
security architecture one approach is to use software information from the various perspectives with
development architecture models. These models respect to system architecture [4]. Table 1 illustrates
attempt to describe a system and its architecture the Zachman model, tailored to support a network
from multiple viewpoints, each supporting specific security system. In this customization of the model,
functional and non-functional requirements thereby the system developers have an existing operational
simplifying the apparent complexity of the system. system in place.
Each view might require its own notation and The rows at the top are the most abstract and are
analysis. The implementation of the system requires oriented toward very broad goals and plans. If we
resolution of the pairwise view interaction and were building a house, this layer would describe the
verification that the architecture supports all diagrams, pictures and plans the architect would
requirements [7]. An example for this model is discuss with the owner. The next level is more
Kruchen’s 4+1 View Model. This model describes specific, but still abstract. These are the diagrams
four main views of software architecture plus a fifth that the architect would discuss with the contractor.
view that ties the other four together. The views are In a similar way, the top level of the Zachman
as follows: framework, labeled “Scope,” is focused on the
• The logical view describes the objects or concerns of senior executives. The second on the
object models within the architecture that slightly more detailed concerns of business
support behavioral requirements. managers. Lower levels focus on concerns that
• The process view describes the architecture business and IS managers work together on, and
as a logical network of communication then, finally, on details that IS managers and
processes. developers work on [1]. The columns in the
• The physical view maps software onto Zachman framework represent different areas of
hardware and network elements. interest for each perspective. The columns describe
• The development view focuses on the static the dimensions of the systems development effort.
organization of the software in the The Zachman framework has two very distinctive
development environment and deals with features that make it ideal for information modeling.
issues configuration management, The framework may be applied at any level of
development assignments, responsibilities, abstraction in the system development process, from
and product constructions. a global enterprise, to a system, subsystem, or major
• The scenario view is organized around all module level. The framework also gives the modeler
four of these views. Its definition is driven latitude in
by the system’s use case.
 Table 1. Zachman Framework
DATA FUNCTION NETWORK PEOPLE TIME MOTIVATION

List of Things List of

Planner List of List of List of Business
Important to Organizational List of Events
(Scope) Processes Locations Goals
the Enterprise Units

Business Network
Semantic Work Flow Master
Owner Process Logistics Business Plan
Model Model Schedule
Model System

Distributed Human
Logical Data Application Processing Business Rule
Designer System Interface
Model Architecture Structure Model
Architecture Architecture

Physical Data System Technology Presentation Control

Builder Rule Design
Model Design Architecture Architecture Structure

Network Security Timing Rule

Sub-Contractor Data Definition Program
Architecture Architecture Definition Specification

Functioning Data Function Network Organization Schedule Strategy

that any data representation technique can be used to perimeter is around the corporation itself. However,
model the inner workings of each cell. The system in an academic environment, it is very difficult to
model becomes more implementation specific. draw a perimeter surrounding all of the people
However, the requirements traceability between whom they need to access information resources and
layers can be maintained through backward only those people. This is mainly because of
references to upper layers of cells. This traceability different types of information resources in these
is critical in security requirements engineering, environments and also different users who want to
where tracing a global access control requirement access them. So if the security perimeter is chosen
may translate into explicit setting of access controls too big it includes untrusted people and if it is
on specific files or directories within an operating chosen too small it excludes some of the authorized
system. people.
In addition, corporations can put serious
limitations on the Internet connectivity in the name
3 The Network Security of the of security but research organizations simply cannot
Academic Centers: A Case Study function under such limitations. First, trusted users
Academic centers as one of the major users of the need unrestricted and transparent access to Internet
information and communication technology resources (including World-Wide-Web, FTP,
(especially Internet) also need security, however, Gopher, electronic mail, etc.) located outside the
because of their special structure and requirements, security perimeter. Researchers rely on fingertip
the traditional solutions and policies to limit access access to on-line library catalogs and bibliographies,
to the Internet is not effective for them. These preprints of papers, and other network resources
institutions face concerns about the security of supporting collaborative work. Second, trusted users
computing resources and information. The security need the unrestricted ability to publish and
problems in these environments are divided into two disseminate information to people outside the
categories [3][6]: Problems with research security perimeter via anonymous FTP, World-
information and problems with administrative Wide-Web, etc. This dissemination of research
information. Although the corporate and academic results, papers, etc. is critical to the research
environments face common security problems they community. Third, the security perimeter must allow
can't choose similar methods to solve them, access to protected resources from trusted users
because of their different structures. In a corporate located outside the security perimeter. An increasing
environment, the natural place to draw a security number of users work at home or while traveling.
Research collaborators may also need to enter the • The information that is not allowed to be
security perimeter from remote hosts. disseminated publicly.
If we consider these centers as an enterprise, the Based on the above categories, three types of
security architecture of their network can be function servers (second cell) may be proposed in
designed based on the Zachman framework. For the the university: Public servers, which are used to
first four rows and first three columns of the support information dissemination. Experimental
framework the cells can be filled as follow: servers, which are used for researchers and students
to develop and test their own software packages and
protocols. Trusted servers, which are used for
4.1 Planner's View administrative purposes or keeping confidential
An overall organizational policy would be information. These servers are the places where the
implemented in the Planner's View. The first cell is function occurs with respect to the data [9].
the list of things important to the academic centers. The other requirement of an academic
Research groups often need to maintain the privacy environment is to let its trusted members to access
of their works, ideas for future research, or results of the resources of the network from outside of the
research in progress. Administrative organizations security perimeter (for example from home or in the
need to prevent leakage of student grades, personal trips).
contact information, and faculty and staff personnel Another problem, that causes serious troubles for the
records. Moreover, the cost of security compromises university is the network viruses. These viruses are
is high. A research group could lose its competitive distributed through the network after users access
edge, and administrative organizations could face the special sites. The proxy servers can be used to
legal proceedings for unauthorized information control this problem. Of course these proxy servers
release. In other hand, academic and research should be transparent.
institutions are ideal environments for hackers and The network cell of the framework in this layer can
intruders and many of them are physically located in be shown in Fig 1.
these places and they are highly motivated to access
and modify grades and other information. There are
several reports of break-ins and deletion of data External User
from educational institutions [3][6].
The second cell in this row is the list of the
processes important to the enterprise. This can also Public zone
be divided into two categories: academic processes,
such as examinations, and research processes such
as conducting projects and information
dissemination.
The next cell (the network cell) is the location of Trusted
the academic center. For some universities with zone
central campus, it is much easier to develop their
network security architecture, rather than
universities with several branches. Experiment zone

4.2 Owner's View

Fig 1. Network Layer in Owner’s View
The next level down, the Owner’s View,
considers the groupings of data and means of access
available to both internal and external users. For the 4.3 Designer's View
first cell (data), we can see three categories of At the next level, the Designer’s View, we
information in a university: introduce mechanisms to protect the network. To
• The information that is officially achieve the goals described in owner's view, the
disseminated by the university (such as logical data model (first cell) of the proposed
news and events, articles and …) network security policy was designed based on
• The information that is gathered and used seven basic rules [3][11]:
by network users. i. Packets to or from the public
servers are unrestricted if they are from
 authorized ports. The authorized port is the well as to collaborators located outside the research
port that the special service is on it. Of group.
course, each public server should be Rule vi is based on the need of blocking some
protected itself. The server-level security sites in the Internet, which contains viruses.
means to enforce stronger access controls on Rule vii follows from our recognition that the
that level. above rules should be monitored somehow.
ii. Packets to or from the experimental Intrusion Detection System (IDS) can be a proper
servers are unrestricted. These servers can tool to monitor the network and check if there is any
be located outside of security perimeter. violation from our proposed rules. The network cell
iii. Packets to or from the authorized can be shown in Fig 2.
ports of trusted servers are allowed only
from or to the authorized clients inside the
security perimeter.
iv. All of the outgoing packets are
allowed to travel outside after port address
translation. The incoming packets are
allowed if they can be determined to be
responses to outbound request.
v. The packets to or from trusted users
of hosts outside the security perimeter are
allowed.
vi. All of the requests from particular
applications such as http should be passed
through proxy server.
vii. All the packets to or from out of the I BM

security perimeter should be passed through

Intrusion Detection System.
The rule i is based on our need to support
information dissemination in a research
environment. We have to separate the public servers
from our trusted hosts and protect them in server- Fig 2. Network Layer in Designer’s View
level and accept this fact that they may be
compromised, so we should have a plan to recover
them from information kept securely behind the
4.4 Builders View
security perimeter.
Finally, the Builder’s View describes how
The rule ii follows from our recognition that
technology may be used to address the information
researchers and students sometimes need to develop
processing needs identified in the previous rows. For
and test insecure software packages and protocols
the network security purposes, mainly the network
on the Internet. Of course they should be alerted that
cell is needed. Generally, two ways can be proposed
their server is not secure and their information may
to implement the designed network. First, to use
be corrupted.
hardware firewalls (such as Cisco PIX, Watchguard,
The rule iii, is based on this fact that we want to
etc) and caches, and second, to use general purpose
protect the confidential information. These servers
servers with proper software packages as cache,
are our most important resources to be protected and
proxy and firewall. In our case study in the
we put them in a special secure zone.
University of Tehran we used a server with Linux
The rule iv follows from our recognition that
operating system (Redhat 7.3 upgraded to Redhat
open network access is a necessary component of a
8.0) with a normal hardware specification (800 MHz
research environment. On the other hand we don't
CPU, 1 GB RAM). We used SQUID as the
want to allow the users to setup Internet servers
transparent proxy and cache server, and IPTABLES
without permission. The address translation prevents
as the firewall for packet filtering which the
the outside systems to access the internal resources
different zones of the network were defined in it.
except the ones, which are listed as public servers.
Also we used Network Address Translation (NAT)
Rule v grants access to protected resources to
of the IPTABLES for implementing the rules in our
users as they work from home or while traveling, as
design. Of course each server in the network had
also its own security rules and guards. For architecture. The key point of the research is to
restricting the access to special websites (mainly to design the network security architecture of these
avoid viruses) the SQUIDGUARD software was centers based on a framework so it provides the
utilized. We used SNORT as our Intrusion Detection consumer perspective of the system’s end user, the
System (IDS). The network cell can be shown in Fig perspective of the system “owner” or contracting
3. entity, and the perspective of the designer, or
systems engineer simultaneously.

References:
[1] P. Harmon, Developing an Enterprise
Architecture, Business process Trends,
http://database.ittoolbox.com/documents/document.
asp?i=2385, Nov. 2002
[2] L. L. DeLooze, Applying Security to an
Enterprise using the Zachman Framework, SANS
Publications, Sep. 2001
http://www.sans.org/rr/paper.php?id=367
[3] M.R. Mohajerani, A. Moeini, An Approach to a
New Network Security Architecture for Academic
environments, Proc. of the 21st International
Conference SAFECOMP, Italy, Sep. 2002
[4] R. Henning, H. Corporation, Use of the Zachman
Architecture for Security Engineering, Proc. of the
19th National Information Systems Security
Conference, Baltimore, MD, Oct. 21-25, 1996
[5] D. C. Hey, A Different Kind of Life Cycle: The
Zachman Framework, Essential Strategies Inc.,
www.essentialstrategies.com/documents/zachman20
00.pdf, 2000
[6] Greenwald, M., et al., Designing an Academic
Firewall, Policy, Practice and Experience with
SURF, IEEE Proceedings of 1966 Symposium of
Fig 3. Network Layer in Builder’s View Network and Distributed Systems Security, 1996
[7] Ramachandran, J., Designing Security
Architecture Solutions, John Wiley and Sons, 2002
5 Conclusion [8] J. Heaney, et. al, Information Assurance for
As an enterprise architecture framework, the Enterprise Engineering, Proc. of the 9th Conference
Zachman Information Systems Architecture on Pattern Language of Programs, Monticello,
framework for systems modeling provides a Illinois, 2002
commonly used technique that can be applied to [9] M. Rosenthal, P. Coopers, Three-Zone Model to
network security architecture modeling early in the Depict Enterprise Security & Technology
system requirements definition process. By applying Architectures, 28th Annual Computer Security
the top three levels of the Zachman hierarchy, it is Conference, Washington D.C. , Oct. 2001
possible to develop descriptive security architecture. [10] G. Santana, et. al., Modeling a Network
They provide the “as built” and used in daily Security Systems Using Multi-Agents System
operation perspective, the “as desired” operation Engineering, 4th WSEAS Int. Conf. on Information
perspective, and “as actually specified” perspective. Science, Communications and Applications (ISA
Similarly, the first three columns of the Zachman 2004), Miami, Florida, April 21-23, 2004
matrix (data, function, and network) provide the [11] Nor Badrul Anuar et. al., RedAlert: Approach
answers to what data assets the organization for Firewall Policies Update Mechanism, 4th
controls, how they are used and where they are WSEAS Int. Conf. on Information Science,
located. Academic centers as one of the major users Communications and Applications (ISA 2004),
of the information and communication technology Miami, Florida, April 21-23, 2004
can be a good case study for applying our proposed