Network Security in the Patched Environment. Guy Helmer, Ph.D. Palisade Systems, Inc.

Similar documents
Cisco Self Defending Network

CIH

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Simple and Powerful Security for PCI DSS

Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code

Contents at a Glance

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

A Unified Threat Defense: The Need for Security Convergence

Securing Enterprise Network

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Future-ready security for small and mid-size enterprises

Security Assessment Checklist

Changing face of endpoint security

Chapter 9. Firewalls

CTS2134 Introduction to Networking. Module 08: Network Security

ASA/PIX Security Appliance

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Training UNIFIED SECURITY. Signature based packet analysis

Is Your Information Safe? Presented by: Jake Gibson IT Director, Eurofins

Unit 4: Firewalls (I)

Reviewer s guide. PureMessage for Windows/Exchange Product tour

Exam: : VPN/Security. Ver :

Security Threats & Trends Arvind Sahay, Enterprise Manager India, McAfee

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Symantec Ransomware Protection

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

AccessEnforcer Version 4.0 Features List

USG2110 Unified Security Gateways

White Paper April McAfee Protection-in-Depth. The Risk Management Lifecycle Protecting Critical Business Assets.

CSA for Mobile Client Security

Implementing Cisco Network Security (IINS) 3.0

Introducing Next Generation Symantec AntiVirus: Symantec Endpoint Protection. Bernard Laroche Endpoint security Product marketing

Stopping Advanced Persistent Threats In Cloud and DataCenters

Applied IT Security. System Security. Dr. Stephan Spitz 6 Firewalls & IDS. Applied IT Security, Dr.

Education Network Security

Cisco IOS Inline Intrusion Prevention System (IPS)

Cisco SR 520-T1 Secure Router

Network Security Platform Overview

Klaudia Bakšová System Engineer Cisco Systems. Cisco Clean Access

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Protecting productivity with Industrial Security Services

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

COMPUTER NETWORK SECURITY

CSE 565 Computer Security Fall 2018

Cisco Intrusion Prevention Solutions

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

Unit 2 Assignment 2. Software Utilities?


ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Configuring BIG-IP ASM v12.1 Application Security Manager

CIS Controls Measures and Metrics for Version 7

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

SYMANTEC ENTERPRISE SECURITY. Symantec Internet Security Threat Report September 2005 Power and Energy Industry Data Sheet

CIS Controls Measures and Metrics for Version 7

Putting Trust Into The Network Securing Your Network Through Trusted Access Control

ClearPath OS 2200 System LAN Security Overview. White paper

Deployment of security devices can result in significant financial savings from reduction or redirection of IT staff resources needed to deploy,

CND Exam Blueprint v2.0

OSSIM Fast Guide

Mcafee Network Intrusion Detection System. Project Report >>>CLICK HERE<<<

CISCO NETWORKS BORDERLESS Cisco Systems, Inc. All rights reserved. 1

Security+ SY0-501 Study Guide Table of Contents

NETWORK THREATS DEMAN

Improving Your Network Defense. Joel M Snyder Senior Partner Opus One

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats.

Seceon s Open Threat Management software

Fireware-Essentials. Number: Fireware Essentials Passing Score: 800 Time Limit: 120 min File Version: 7.

Configuring Antivirus Devices

Security with Passion. Endian UTM Virtual Appliance

Securing CS-MARS C H A P T E R

Cisco Security Manager 4.1: Integrated Security Management for Cisco Firewalls, IPS, and VPN Solutions

Threat Control and Containment in Intelligent Networks. Philippe Roggeband - Product Manager, Security, Emerging Markets

Chapter 1 B: Exploring the Network

The IINS acronym to this exam will remain but the title will change slightly, removing IOS from the title, making the new title.

CS System Security 2nd-Half Semester Review

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER


GPRS security. Helsinki University of Technology S Security of Communication Protocols

MIS Week 6. Operating System Security. Windows Antivirus

Network Access Control Whitepaper

Introduction to Network Discovery and Identity

Cisco IPS AIM and IPS NME for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

Newer Developments in Firewall Technology. The International Organization for Standardization s Open Systems Interconnect

Hazardous Endpoints Protecting Your Network From Its Own Devices

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Cisco Security Monitoring, Analysis and Response System 4.2

McAfee Network Security Platform

MIS Week 6. Operating System Security. Windows Antivirus

TestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified

Introduction to Network Discovery and Identity

Cisco Security Monitoring, Analysis, and Response System (MARS) Release 6.0

Understanding Cisco Cybersecurity Fundamentals

Trend Micro Deep Security

Cisco Systems Korea

IC32E - Pre-Instructional Survey

Campus Network Design

Huawei Cloud Fabric Data Center Security and Application Optimization Solution

Transcription:

Network Security in the Patched Environment Guy Helmer, Ph.D. Palisade Systems, Inc.

Introduction Target audience: Network Managers Topic: Transport and Application Networklayer techniques Defend vulnerabilities before, during, and after applying patches Protecting against likely future security problems Detecting new problems

Security Areas Data disclosure Trade secrets Data modification Accounting records Denial of service Database access

Introduction Vulnerabilities of patched/partially patched/unpatched systems Worms and viruses Onion approach Defense in depth

Vendor patching facilities Range from fully-manual to fully-automated Deployment may be limited by Testing requirements Maintenance windows Lack of vendor support

Patch-related Vulnerabilities Vendor lag time Prior to patch installation Undesired side effects of patches When patches failure to protect Reverse-engineered attacks based on patches (e.g., Sasser)

Patching Facilities Microsoft Windows Update / Software Update Services (SUS) Systems Management Server (SMS) Symantec ON icommand Shavlik HFNetCheckPro

Mitigating the vulnerabilities at layers 4 and 7 System inventory & Vulnerability assessment Compartmentalization Restricting applications Monitoring

Inventory & Vulnerability Assessment Hardware and software Points of ingress Internet Laptops VPNs Floppies/ZIP disks/usb keychains

Compartmentalization by Firewalls Layers 3 & 4 (IP/TCP) Classic firewall Host firewall Layer 7 (Applications) SMTP (anti-virus/spam) filter HTTP (web site) filter Peer-to-peer filter

Compartmentalization by Network Firewalls Layers 3 & 4 Router access control lists CheckPoint Firewall-1 Cisco PIX

Layer 7 Compartmentalization by Application Firewalls Email spam, virus and worm filtering SpamAssassin BrightMail HTTP Symantec Web Security

Pros Compartmentalization by Flexibility Firewalls Change configuration to protect critical systems during major situations Require authentication for network access Cost Available in many routers and switches Can build a cheap box to implement (e.g., Linux, FreeBSD, OpenBSD packet filtering firewall)

Issues Compartmentalization by Firewalls Flexibility Cost Overlapping network access Configuration Number of devices needed Performance Increased network latency Decreased bandwidth Additional points of failure

Compartmentalization by IDS/IPS Recognize/counteract attacks Prioritize patches Verify patch solution If IDS/IPS identifies successful/unsuccessful intrusions Tune firewalls/filters/ips to close vulnerabilities until patches can be applied

Compartmentalization by IDS Pros Detect attacks and respond Issues False positives Signature updates

Compartmentalization by VLANs Leverage layer 2 Ethernet and/or Layer3 IP switching capabilities Separate subnets via firewall, proxy server, or filtering router E.g., separate VLAN for laptops, linked to internal network through a firewall

Pros Compartmentalization by VLANs Usually available at little extra cost Issues Configuration complexity Overlapping groups Enforcement of VLAN membership Bandwidth use

Compartmentalization by VPNs Isolate untrusted/insecure systems or networks IPsec, SSL, L2TP Protect data in transit, plus: Use firewall, proxy server, or filtering router to isolate VPN termination point

Issues Compartmentalization by VLANs/VPNs Network engineering Placement of devices Maintenance of configuration

Restricting Applications Limit allowed applications Prohibit spyware, adware, peer-to-peer applications, other malware Lavasoft AdAware Palisade PacketHound

Restricting Applications Pros Limit points of vulnerability Issues Extra maintenance

Detecting Intrusion Detection & Prevention Systems Network Snort Network Associates IntruShield Symantec ManHunt Application Palisade PacketHound Host-based ZoneAlarm McAfee Desktop Firewall Symantec Intruder Alert

Detecting Anomaly Detection Tends to require manual analysis of graphs or reports Network usage trends by port and/or IP Cisco NetFlow MRTG, ntop Application trend analysis Palisade PacketHound

Detecting Pros Stay abreast of network activity Automatically isolate problems Cons False positives False negatives Maintenance

Summary and Conclusion System inventory Vulnerability assessment Compartmentalization Monitoring

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback