NU MSIT 458 - Solving the Info Security Problem

Unformatted text preview:

Solving the Enterprise Information Security Problem – Common ApproachesKurtis E MinderMirage NetworksKurtis E. Minder –Mirage NetworksTopicsIntroduction – Who, What, etc.Ubiquitous TechnologiesDeveloping TechnologiesThe GapNetwork Access Control Present and FutureQ&A- CONFIDENTIAL -2Ubiquitous TechnologiesWhat are they? Why do they exist?What are they? Why do they exist?Business Needs Drive Security Adoption4 Ubiquitous Security technologies Anti-virus - Business driver: File sharingFirewallsBusiness driver: Interconnecting networks (i e Internet)Firewalls -Business driver: Interconnecting networks (i.e. Internet) VPNs - Business driver: Remote connectivity IDS – Threat DetectionEach product fills a need in the security eed t e secu tyspaceChallenges exist around security versussecurity versus productivityTypically products are - CONFIDENTIAL -4yp y pnot collaborativeAnti-VirusAnti-Virus provides software / desktop level risk management for workstations in the enterprise.• Uses malicious code signature database to determine whether workstation was being attacked/compromised.• Enterprise solutions evolved to provide central management and enhanced capability for workstation control. (McAfee Enterprise Policy Orchestrator.)•As larger AV vendors acquire new technologies, feature set s a ge e do s acqu e e tec o og es, eatu e setimproves (DLP, Encryption, Config Management)- CONFIDENTIAL -5FirewallsThe Firewall was adopted to protect corporate networks from would-be Internet attackers.• Firewalls, deployed in-line, typically use a set of network layer rules to determine what traffic can enter/leave the network.• Improvements to Firewall technology have been largely limited to performance. As bandwidth increased, Firewalls had to process faster. (Some FW companies have increased app visibility)•New technologies are increasing FW capability to inspect traffic e tec o og es a e c eas g capab ty to spect t a cfaster and more intelligently- CONFIDENTIAL -6VPNVPN (Virtual Private Networking) was adopted to provide secure remote access to corporate networks.• Provides remote access via IPSEC or SSL to the corporate network• Enhanced features can include workstation integrity checks and role based access control• Also is often used to provide connectivity between networks for business to business transactions.- CONFIDENTIAL -7- CONFIDENTIAL -Intrusion Detection / PreventionIDS was developed to detect attacks on the network and alert the security administrator• IPS, typically inline, added the capability to stop the attack automatically or manuallyyy• IDS/IPS originally relied entirely on signatures, but evolved to include clever behavioral, heuristic-based algorithms to detectinclude clever behavioral, heuristicbased algorithms to detect threats- CONFIDENTIAL -8Developing TechnologiesWhat drives them?What drives them?Data Loss PreventionData Loss Prevention (DLP) technology was developed as a direct result of lost corporate information from inside the tknetwork.• DLP Technology uses a multi-faceted approach to solving the Data Leak problem, including network bases sensors, workstation software, and complex policy management• The technology is largely developed to keep corporate intellectual property and finance data from being distributed.•Also used to maintain compliance initiatives around SOX, HIPAA; so used to a ta co p a ce t at es a ou d SO , ;showing due diligence toward securing patient / customer data- CONFIDENTIAL -10Disk EncryptionDisk encryption technologies were developed to protect data on stolen or compromised devices.• Lost personal customer data and mandatory disclosure has driven the disk encryption market.• The Payment Card Industry (PCI) has developed a set of standards for doing business with the credit card companies. These standards often dictate encryption when storing credit information.•Hard drive manufacturers are now developing self encrypting drives a d d e a u actu e s a e o de e op g se e c ypt g d esin addition to the industry software-based approach- CONFIDENTIAL -11Configuration ManagementConfiguration management was developed to maintain control over workstation software and patch deployment.• Config management has evolved to include technologies like patch management, remote control, help desk portal integration, and software deployment • Several different approaches to config management have evolved, including an appliance-based approach as well as agent/software approaches• Many config management vendors offer hardware tracking and asset management as well- CONFIDENTIAL -12Vulnerability Assessment / ManagementVulnerability assessment and vulnerability management have developed as automated tools to track and validate fi ti / t h t ll idconfiguration / patch management as well as provide security posture assessment for the enterprise.• There are several approaches to VM. Two primary approaches are network based and software based.• Many of the larger vendors are offering a range of assessment and vulnerability tools for managing security posture. (Mostly through acquisition)acqu s t o )- CONFIDENTIAL -13Security Event / Information ManagementSecurity event management (SEIM) grew from the need for intelligent and robust logging facilities for security tools.• Typically an appliance based approach. Hardware is critical to reporting performance.• Driven by powerful database engines, the SEIM correlation allows IT Security staff to review events across multiple products to determine a source- CONFIDENTIAL -14The GapHow many security products does it take?Attacks on peer-to-peer networks increased 357% in July 2007 over July 2006, with 32 attacks.P2P Applications can turn any computer into an always-on bandwidth glutton because they run unattended, without any user interventionwithout any user intervention.ihf 58 dMusic theft at 58 campuses targeted in latest wave of deterrence program- CONFIDENTIAL -16Rogue DevicesWireless access points and personal routers can cause mayhem on campus networksGaming consoles run operating systems just like every other computer – they are susceptible to malwaremalware.bil i ( ) illMobile Internet Devices (MIDs) will soon be monopolizing airtime on the access points.- CONFIDENTIAL -17Instant Messaging FactsThe total number of IM threats for 2007 so far is 226 thatfor 2007 so far is 226... that number is a 78% increase over the last year.Security


View Full Document

NU MSIT 458 - Solving the Info Security Problem

Documents in this Course
Snort

Snort

25 pages

Hacked

Hacked

23 pages

Hacked

Hacked

6 pages

Firewalls

Firewalls

52 pages

Load more
Download Solving the Info Security Problem
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Solving the Info Security Problem and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Solving the Info Security Problem 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?