Renovating our security management: New ways to protect your infrastructure

Similar documents
NETWORK THREATS DEMAN

Hardening the Education. with NGFW. Narongveth Yutithammanurak Business Development Manager 23 Feb 2012

Education Network Security

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Executive Summery. Siddharta Saha. Downloaded from

Application Firewalls

Chapter 9. Firewalls

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

CA Security Management

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Layered Access Control-Six Defenses That Work. Joel M Snyder Senior Partner Opus One, Inc.

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

COMPUTER NETWORK SECURITY

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

CAMELOT Configuration Overview Step-by-Step

Endpoint Protection : Last line of defense?

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

ANATOMY OF AN ATTACK!

The Evolving Threat of Internet Worms

NETSURION DEFENSE AGAINST BACKOFF: How Netsurion Effectively Protected Against Threats

Cisco Self Defending Network

Home Computer and Internet User Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

A. Carcano, I. Nai Fovino, M. Masera, A. Trombetta European Commission Joint Research Centre Critis 2008, Rome, October 15, 2008

CSC Network Security

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Malware Outbreak

Symantec Client Security. Integrated protection for network and remote clients.

Cyber Criminal Methods & Prevention Techniques. By

E-Commerce/Web Security

Internet Security: Firewall

CyberP3i Course Module Series

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Agenda of today s lecture. Firewalls in General Hardware Firewalls Software Firewalls Building a Firewall

Putting Trust Into The Network Securing Your Network Through Trusted Access Control

The DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls

W is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

INSIDE. Symantec AntiVirus for Microsoft Internet Security and Acceleration (ISA) Server. Enhanced virus protection for Web and SMTP traffic

Symantec Network Access Control Starter Edition

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Unit 4: Firewalls (I)

ArcSight Activate Framework

Symantec Network Access Control Starter Edition

Cisco Associate-Level Certifications

WHITE PAPER. Session Border Controllers: Helping keep enterprise networks safe TABLE OF CONTENTS. Starting Points

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

How Cisco IT Designed a Separate Network to Test Cisco Alpha Equipment

Total Threat Protection. Whitepaper

You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Multi-Layered Security Framework for Metro-Scale Wi-Fi Networks

Intelligent and Secure Network

User Guide. This user guide explains how to use and update Max Secure Anti Virus Enterprise Client.

Security. Bob Shantz Director of Infrastructure & Cloud Services Computer Guidance Corporation. All Rights Reserved.

A policy that the user agrees to follow before being allowed to access a network.

Future-ready security for small and mid-size enterprises

CA Host-Based Intrusion Prevention System r8

SGUL VPN Connection Guide for Windows 7

Symantec Network Access Control Starter Edition

WHITE PAPER. AirGap. The Technology That Makes Isla a Powerful Web Malware Isolation System

Dataprise Managed Anti-Spam Console

Defense-in-Depth & Diversity (D3) Charles Kim Electrical and Computer Engineering Howard University

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CTS2134 Introduction to Networking. Module 08: Network Security

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

How to Configure ATP in the HTTP Proxy

Security Assessment Checklist

BUFFERZONE Advanced Endpoint Security

CHAPTER 3 EFFECTIVE ADMISSION CONTROL MECHANISM IN WIRELESS MESH NETWORKS

Reduce Your Network's Attack Surface

Certified Ethical Hacker (CEH)

Cyber Security Audit & Roadmap Business Process and

Intelligent Cybersecurity for the Real World Scott Lovett Vice President, Global Security Sales

Network Segmentation Through Policy Abstraction: How TrustSec Simplifies Segmentation and Improves Security Sept 2014

Bitdefender GravityZone. Supreme protection against active threats for the SMB market

When Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

Certified SonicWALL Security Administrator (CSSA) Instructor-led Training

Sage Data Security Services Directory

Understanding Network Access Control: What it means for your enterprise

Securing Your Business Against the Diversifying Targeted Attacks Leonard Sim

Palo Alto Networks PCNSE7 Exam

TABLE OF CONTENTS. Section Description Page

DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER

We are Network Security. Enterprise Solutions.

Computer Network Engineering

NetDefend Firewall UTM Services

Simple and Powerful Security for PCI DSS

Security Awareness Training June 2016

Hazardous Endpoints Protecting Your Network From Its Own Devices

Service Provider View of Cyber Security. July 2017

CND Exam Blueprint v2.0

Transcription:

Renovating our security management: New ways to protect your infrastructure Suguru Yamaguchi Nara Institute of Science and Technology Japan Feb. 25th, 2004 APRICOT@KL, MY 1

Overview Discuss 2 topics about Security Management 1. How can we make more manageable infrastructure in terms of security? Or, how can we reduce the security incidents? 2. How can we work effectively at incident response? Feb. 25th, 2004 APRICOT@KL, MY 2

#1: reducing security incidents Feb. 25th, 2004 APRICOT@KL, MY 3

Observations Few organizations that do nothing for security management on their Internet / Intranet infrastructure. Many organizations have their own security policy. Installation and operation of Firewall is quite common. Introducing anti-virus / anti-worm software is the way of minimum protection of your working environment Awareness program to let people know there are so many criminals, barbarians and bad guys in the Internet Still many security incidents can be observed and the number of incidents is getting increased. Feb. 25th, 2004 APRICOT@KL, MY 4

Our security management model, So far Perimeter Defense / Boarder Protection Internal network FEBA: Fighting Edge of Battle Area, perimeter / boarder Area of under control Feb. 25th, 2004 APRICOT@KL, MY 5

Assumptions in this model Clear but implicit separation of Inside (Intranet) and Outside (Internet) Every bad thing comes from the outside. The inside is 100% safe place. No one inside does not have any hostile actions against the management. Therefore, it is quite good idea to define the perimeter / boarder and to concentrate counter measures on the boarder. Cost effective way of defense Strong enough to protect the Inside Feb. 25th, 2004 APRICOT@KL, MY 6

The model is good enough for today? (1) Many security troubles in the Inside Epidemic of Virus / Worm infections Broad distribution of malicious code via E-mails Bringing back viruses via Laptop PC Executing malicious code via WWW accesses Malicious code injection by P2P tools Troubles caused by our people Regardless of intentional / non-intentional Various types of users Various types of use How can we make the inside under control? Or, do you have any ways to know what your people is doing? Feb. 25th, 2004 APRICOT@KL, MY 7

The mode is good enough for today? (2) Firewall on the perimeter is not working effectively. Not fit well to new services especially P2P applications (e.g. VoIP) Packet forwarding performance degradation at the firewall Does not get wire speed via firewall Applications need high performance are now proliferating Ex. How can we make the firewall for 10GbE The best way to protect your infrastructure is to stop your packet forwarding and relay via proxies. Aggressive use of application level gateway. RIDICULOUS! Feb. 25th, 2004 APRICOT@KL, MY 8

We need new solutions! We need new security management model Requirement 1. The model assumes that vulnerabilities are existing even inside the target infrastructure. 2. The model have to have a mechanism to regulate the expansion of security incidents, especially against infectious incidents like Worms. 3. Users can enjoy the leading edge cool applications even with the security management. 4. Performance cannot be sacrificed with the reasons of security management. Feb. 25th, 2004 APRICOT@KL, MY 9

Don t t forget it! (1) Systems for each individuals have to be managed more than now. Vulnerability is always sitting on users systems Users systems are not on the boarder but in inside. Need to manage more users system. Revisit to the question again: Do we have to give full functional, general purpose computing platform with general purpose applications for everyone in your organization? How can we manage 100% all the computing platform in our organization? Can we accept the use of Laptop PC s? Ideas Less variety of platforms Provide application (e.g. WWW) platform for routine works More management on the mobility of users, e.g. laptop PC management Feb. 25th, 2004 APRICOT@KL, MY 10

Don t t forget it! (2) Capability management is the base Who can do what? What kind of information you can look into? f ( perm( user), class( document)) Consistent and maintain their integrity Fit to actual work environment Use technologies: LDAP? RBAC? AAA?. 00 01 = 10 11 deny read write read & write Feb. 25th, 2004 APRICOT@KL, MY 11

Two options Maximizing the protection on each system. Set a boarder around each system. No boarder / perimeter strategy Maximizing the management of traffic / use of applications and separating malicious activities. Sophisticated control of boarder Once on the edge of the Intranet, but at the other time, the boarder is around your system. Feb. 25th, 2004 APRICOT@KL, MY 12

Maximizing the protection on each system Feb. 25th, 2004 APRICOT@KL, MY 13

Managed communications Each system is protected as much as possible. Employing security policy Definition of the role of each system Definition of AUP Definition of acceptable communication, access, and use Managing every communication, access and use precisely. Possible! It is quite rare for everyone to contact any machines in your environment. Normally, web proxy, mail server,. Limited number of candidate,. More manageability on communication devices Access switch, routers, Feb. 25th, 2004 APRICOT@KL, MY 14

High performance firewalls Clustered firewall Quarantine Clustered Quarantine zone L2 LB L2 SW L3 Routing (traffic marking) (10G bb) Feb. 25th, 2004 APRICOT@KL, MY 15

Functional distribution on the quarantine IDS SMTP virus check WWW contents filtering monitoring (Passing authenticated traffic) (10G bb) Feb. 25th, 2004 APRICOT@KL, MY 16

Technique for keeping it works fine! Traffic marking Less overhead of filtering and diverting the traffic Pattern matching is not so good on L3 switch Marking the traffic Simple ways to mark candidate to be passed through FW Less overhead for marking Current candidate: VPN Firewall / Demarcation (VPN) Protected Network (non-vpn) VPN relay (traffic converter: VPN non-vpn) Feb. 25th, 2004 APRICOT@KL, MY 17

However,. Still no clear shape on the new security management model We need more best practice We need more expertise. Need more time to make feedback from the operation. Our first step for the second generation of Security Management. Feb. 25th, 2004 APRICOT@KL, MY 18

#2: high performance incident response Feb. 25th, 2004 APRICOT@KL, MY 19

Observations Security management in many organization seems to be okay. However, once a security incident arise, always quite long period is needed to settle the trouble. Low response ability. Not only by technology / engineering, but also by organization itself. What s high performance incident response and how can we make it? Feb. 25th, 2004 APRICOT@KL, MY 20

Security Management Make preparation for the risk we know. Develop the routine to act against risks We know the risk through risk assessment process. We cannot prepare for everything Cost Technology Imagination Feb. 25th, 2004 APRICOT@KL, MY 21

Pit hole in security management Well prepared Act very well against risks we know Forget the fact that there are other risks we don t know Masking effect We try to prepare more Masking effect working very well Try to prepare more sophisticated way. Adding 100 pages to security management manuals!? Not work well once encounter to unknown trouble arise. Feb. 25th, 2004 APRICOT@KL, MY 22

Two capability needed Capacity to work with the manual (through preparation) Capacity to response to incidents (emergency response) Feb. 25th, 2004 APRICOT@KL, MY 23

Help for emergency response Estimate the loss or effect by the troubles Stop expanding the trouble Generate multiple ad-hoc counter measures in time Remember the trouble and its reason, and keep it in memory. Study more on troubles More professionals on the matter Feb. 25th, 2004 APRICOT@KL, MY 24

What we have to explore The way to improve these two capabilities The way to co-exist these two capability High Reliability Organizations: HRO Feb. 25th, 2004 APRICOT@KL, MY 25

The model, fit only to preparation Research Evaluation Fix requirement Maintenance Security Design Operation Implementation Test Feb. 25th, 2004 APRICOT@KL, MY 26

We need another model. Model for improving the capability of response Wider view on the problem Professional expertise and capability on the problem Clear delegation of responsibility Information management and sharing But still we don t know. Feb. 25th, 2004 APRICOT@KL, MY 27

Summary Discuss 2 topics related to security management new step for 2 nd generation of Security Management Preparation and response We don t have clear answer at this moment We need to share more expertise Best practice At various opportunity: IETF, International conferences, operators conferences,. Feb. 25th, 2004 APRICOT@KL, MY 28

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback