1.0 TITLE: Communications Network and Systems Access Security Architecture.
1.1 EFFECTIVE DATE: October 14, 1999
1.2 TYPE OF ACTION: Reissue of KIRC policy.
1.3 KEY WORDS: Communications networks, security, computer networks, architecture, audit, access control, authentication, information systems.
2.0 PURPOSE: To establish guidelines and a recommended security architecture to allow entities to establish and implement security policies for the access to information systems, networks or facilities.
3.0 ORGANIZATIONS AFFECTED: All Branches, Boards, Commissions, Departments, Divisions, and Agencies of state government, hereafter referred to as entities.
4.1 K.S.A 75-4709 provides that the Secretary of Administration shall make provision for and coordinate all telecommunications services for all entities of the state pursuant to policies established by the Information Technology Executive Council.
4.2 K.S.A 21-3755
5.1 Security architecture is defined as a model or common way of thinking about security as it applies to computer systems or networks. Using the architecture, an entity can determine the level of security required by their system or LAN. They can then apply standard solutions for implementing this level of security.
5.2 Systems and LANs define one or more computers (PC, mainframe, server, etc) and associated local area connections (if networked) for which access protection is being evaluated. LAN (local area network) is a network confined to a local collection of systems typically a work group or building floor. A LAN is generally very restricted in distance.
5.3 Network or communications network or WAN is defined as one or more LANs connected via communications media for the purpose of transfer of electronic data between systems. A WAN (wide area network) typically connects LANs or individual systems of multiple entities over a shared network and across potentially large distances (for example, KANWIN covers the state of Kansas).
5.4 KANWIN is the KANsas Wide area Information Network, a wide area data network spanning the state of Kansas. This network is used by state entities, municipalities, and other local government entities. This is a multi-protocol data network, meaning that data can be transmitted in more than one form (protocol). KANWIN supports (transports) TCP/IP (open systems, Transport Control Protocol/Internet Protocol), IPX (Novell, Internet Exchange Protocol), SNA (IBM, Systems Network Protocol).
5.5 Security plan is defined as a collection of statements about the sensitivity of information on a system or LAN, the requirements for how that data must be protected, and the actions to be taken in the event the protection is violated.
5.6 Audit is defined as the collection and periodic review of network or system access information. This assumes some computer or other device records access related information in a secure place that can be reviewed at a later time.
5.7 Screening determines if communications traffic may pass through a network device based solely on destination and source information of the network packet containing the data. Screening in this context implies there is no authentication of the actual originator of the data.
5.8 Authentication is defined as the act of requiring the 'person' requesting access to a network, LAN, or system to identify themselves through one or more identification schemes. Screening only makes decisions based on source and destination addresses. Authentication makes decisions based on 'who' was at the source. Authentication can be as simple as a computer id and password or as complex as one time passwords, challenge response passwords, or physical identification (retinal, voice, image, etc).
6.0 POLICY: Information systems, networks or network facilities utilized by state entities for the sharing or delivery of information are growing at a dramatic rate. It is very likely that all state entity systems and networks will either eventually be connected to each other, or be able to share common data or network systems. For this reason, it is extremely important that a security architecture is established over access to these systems and networks. DISC PPM 1201.00, PPM 4206.00 and K.S.A. 21-3755 all address security related issues. This policy describes an architecture with varying levels of security necessary to efficiently protect state entity data from unauthorized access.
7.0 PROCEDURES: This communications network and systems access security architecture is designed around six levels of security, where each successive level provides increased protection to the data, systems or networks that are being secured.
LEVEL 0 Unrestricted access. This level represents the unrestricted environment where there are no access controls and no assumptions can be made about anyone operating at this level. Essentially, there is no security at this level.
LEVEL 1 Audit and screening of unnecessary access. At this level simple auditing and screening procedures are established. To pass Level 1 security, the security manager generally provides systems that require simple logging of the access. Since there is no user authentication (passwords) at this level, the logging is generally accomplished by logging of network addresses or some other identifier. Security at this level may also exclude some traffic that has no reason to cross the boundary.
LEVEL 2 Audit and screening of illegal access. At this level logging is still only by address or some other identifier but now specific protocols or applications are prevented from passing. For a network this might mean All inbound TELNET is blocked. For a system this could be all dial-in traffic after 6:00 p.m. Data and systems in this environment are not critical and can be reconstructed in a reasonable amount of time if destroyed.
LEVEL 3 Audit, screening and loose authentication. At this level users are required to identify themselves by a basic mechanism, such as a password. This is "loose" because the user does not have to do much to prove they are who they say they are. Audit information now contains user identification as well as addresses. Data in this environment must be protected from unauthorized access. If seen by unauthorized personnel it is unfortunate, but not a major problem. Audit trails are very important so that security managers are aware that information has been accessed by unauthorized parties.
LEVEL 4 Audit and physical access only. At this level, more sophisticated authentication schemes are employed to ensure that the user is really who they say they are. This is generally accomplished by systems that utilize one time passwords, challenge/response systems, or physical identification. Data in this environment is extremely sensitive such that if the data is viewed by unauthorized personnel severe consequences would occur.
LEVEL 5 Audit and physical access only. This level is the most secure level. Access at this level is so strict that remote access is not allowed and only the most strenuous authentication is employed. This level of security would be employed to protect resources for which absolutely no illegal access can be tolerated without very severe consequences.
7.2.1 DISC reviews all levels of the state network and all DISC controlled systems and services on an on-going basis to identify the appropriate level of security to be employed at each point. This information is published in security memorandums so that state entities will clearly understand how access will be managed and controlled.
7.2.2 Entities should review these memorandums and review their own security environment to determine which level of access is appropriate for their particular data environment.
7.2.3 It is essential that all applications that are developed by entities include a review that identifies which level of security will be established for the application. This review should assure that the application contains enforceable plans to maintain that level of security.
8.1 Heads of entities are responsible to establish procedures for their organization to comply with the requirements of this policy.
8.2 The Chief Information Technology Officer, Executive Branch, is responsible for the maintenance of this policy.
9.0 CANCELLATION: None