Network Security. Intertech Associates, Inc.

Network Security

Intertech Associates, Inc.

Agenda

z

IT Security - Past to Future

z

Security Vulnerabilities

z

Protecting the Enterprise

z

What do we need in each site?

z

Requirements for a Security Architecture

Convergence of Networks & Security Threats

Architecting Secure Networks is Critical

Dot

Com

Bubble

Burst

Building the

Perimeter

Internet

Rationalized

Architecting

Architecting

a Secure

a Secure

Future

Future

1993

1994

1996

1998

2000

2001

2002

2003

2004

2005 2006

Internet reliance

Security threats

Enterprises Are

Struggling

To Keep Up

Since 2003, enterprises have invested $19bn in security (IDC, Gartner, Infonetics) Since 2003, enterprises have invested $19bn in security (IDC, Gartner, Infonetics)

Are we safer? Are we safer?

Was the spending effective? Was the spending effective?

Is the job done? Is the job done?

Branch offices in different locations, more types of end points… Branch offices in different locations, more types of end points…

More users, more locations, more demanding applications More users, more locations, more demanding applications

Security technologies and policies required to work in harmony Security technologies and policies required to work in harmony

Enforce point proliferations Enforce point proliferations

Performance requirements Performance requirements Technology coordination Technology coordination

BUT

BUT

Security Vulnerability Vectors

External External

Intentional

Intentional Unintentional_{Unintentional}

Internal Internal

Security Vulnerability Vectors

External External

• Loss of Remote Access Passwords • Loss of mobile devices (Laptops,

PDAs) with Data

• Loss of Remote Access Passwords • Loss of mobile devices (Laptops,

PDAs) with Data

• Denial of Service • Vandalism

• Data Theft / Industrial Espionage • Malware

• Extortion & Organized Crime • Physical destruction thru IT

manipulation

• Denial of Service • Vandalism

• Data Theft / Industrial Espionage • Malware

• Extortion & Organized Crime • Physical destruction thru IT

manipulation

Intentional / Attack Unintentional / Misuse

Internal Internal

• Configuration Errors

• Data sent to wrong recipient or publicly posted

• Trojans/Viruses entering the Enterprise thru users misuse

• Configuration Errors

• Data sent to wrong recipient or publicly posted

• Trojans/Viruses entering the Enterprise thru users misuse

• Data Theft • Fraud • Resource Misuse • Planting of Trojans/Malware • Eavesdropping • Data Theft • Fraud • Resource Misuse • Planting of Trojans/Malware • Eavesdropping

Security Vulnerability –

A Business Problem

…

External External

Intentional

Intentional Unintentional_{Unintentional}

Internal Internal • Revenue Loss • Reputation Damage • Liability • Revenue Loss • Reputation Damage • Liability

• Regulatory & Internal Compliance

• Regulatory & Internal Compliance

+

• A Business Problem (Not Just a Technology Problem)

• A Business Problem (Not Just a Technology Problem)

• Executive Responsibility

Protection Vectors

Attack Prevention Attack Prevention Data Protection Data Protection Security Measurement Security Measurement Secured Access Secured Access Security Management Security Management

Protection Vectors:

Attack Prevention

Network Security Network Security Messaging Security Messaging Security • Firewall • Antivirus • URL Filtering • IPS/IDS • Firewall • Antivirus • URL Filtering • IPS/IDS

• E-Mail and Instant Messaging Gateways • Anti-Virus

• Anti-Spyware • Anti-Spam

• E-Mail and Instant Messaging Gateways • Anti-Virus • Anti-Spyware • Anti-Spam • Consolidation from Stand-Alone devices to Unified Threat Management (UTM) • Consolidation from Stand-Alone devices to Unified Threat Management (UTM) • Expanding slowly to the Internal • Expanding slowly to the Internal Application Security Application Security • Application Intelligence • Web Security • Voice Over IP • Application Intelligence • Web Security • Voice Over IP

Protection Vectors:

Data Protection

Data Loss Data Loss Data Protection & Port Control Data Protection & Port Control Data Leakage Data Leakage Digital Rights Management Digital Rights Management

• Data Encryption on Mobile Devices (e.g. Laptops, Smart Phones, PDA) and Storage

• Data Encryption on Mobile Devices (e.g. Laptops, Smart Phones, PDA) and Storage

• Control unauthorized data copying to external devices (e.g. USB)

• Control unauthorized data copying to external devices (e.g. USB)

• Enforce outbound information flow through Messaging and Network Gateways

• Enforce outbound information flow through Messaging and Network Gateways

• Control Access and Usage of Digital Data

Protection Vectors:

Secured Access

Site-To-Site Site-To-Site Remote Access Remote Access Access Portals Access Portals

• Authenticated & Encrypted Communication • Between Enterprise Sites, B2B

• Complex Routing Scenarios

• Authenticated & Encrypted Communication • Between Enterprise Sites, B2B

• Complex Routing Scenarios

• Secured Client & Clientless Access (Technologies: IPSec, SSL VPN) • Static and Mobile Devices

• Full Protection for the End-Points (UTM)

• Secured Client & Clientless Access (Technologies: IPSec, SSL VPN) • Static and Mobile Devices

• Full Protection for the End-Points (UTM)

• SSL VPN Portals for easy, unified access to company resources based on permissions

• SSL VPN Portals for easy, unified access to company resources based on permissions Network Access Control Network Access Control

• Control which devices are allowed to access the network (Physical Ports, WiFi, Mobile)

• Device compliance checks (e.g. version of A/V Software) • Quarantine

• Control which devices are allowed to access the network (Physical Ports, WiFi, Mobile)

• Device compliance checks (e.g. version of A/V Software) • Quarantine

Protection Vectors:

Security Management

Policy Policy Device Device

• Efficient Centralized Management of Security Policies • Work Flow Management (Change Control)

• Efficient Centralized Management of Security Policies • Work Flow Management (Change Control)

• Central Management for multiple types of devices across-sites • Device Provisioning

• Centralized Software and Security Updates

• Central Management for multiple types of devices across-sites • Device Provisioning

• Centralized Software and Security Updates

Incidents Incidents

• Event and Data Collection & Correlation • Monitoring

• Forensics Analysis • Automated Response

• Event and Data Collection & Correlation • Monitoring

• Forensics Analysis • Automated Response

Users

Users • User Provisioning

• User Activity Monitoring

• User Provisioning

Protection Vectors:

Security Measurement

Vulnerability Assessment Vulnerability Assessment Auditing Auditing Are we Safer?

Was the Spending Effective? Is the Job Done?

Security Information Management - Define Operational Metrics & Business Metrics

Are we Safer?

Was the Spending Effective? Is the Job Done?

Security Information Management - Define Operational Metrics & Business Metrics

• Proactive Scanning

• Network Intelligence Collection combined with Policy Information • Ethical Hacking

• Risk Reports & Analysis

• Proactive Scanning

• Network Intelligence Collection combined with Policy Information • Ethical Hacking

• Risk Reports & Analysis

• Follow Audit trail for users, systems and application resources • Evaluation of resource access rights vs. actual user activity

• Follow Audit trail for users, systems and application resources • Evaluation of resource access rights vs. actual user activity

Compliance

Compliance • Express & Track compliance with user-defined policy as well as control

framework of official regulations

• Express & Track compliance with user-defined policy as well as control framework of official regulations

…while maintaining security levels and

keeping cost under control?

Increasing complexity

Increasing complexity

Spiraling management cost

Spiraling management cost

Compromised security

Compromised security

• Hardware / software acquisition cost

• Deployment cost (centrally and in remote offices)

• Employee training cost

• Ongoing integration and maintenance cost

• More time from vulnerability discovery to patch

• More difficult to maintain unified policies • Lower visibility, less accurate auditing

Ma nage me nt co st Pr ot ec tion

A Holistic Approach Is Required

Affordable hardware and software performance Insightful monitoring, auditing, Security measurement Enterprise-wide updates – One click Central management using one console Integrate multiple capabilities into each enforcement point Pluggable Architecture allowing Best-Of-Breed solutions while maintaining consistency

An Ounce of Prevention…

z

Assessment of Facility

and Related Conditions

™

Determine what you

need and why

™

Plan, Plan and Plan

z

Design

™

Solve ONLY the

problems you have

z

Stake Holder Buy-In

™

Determine practical use

of System