Why we keep doing security wrong Grant Cohoe. About Me System Administrator – RSA (The security division of EMC) OpComm Director / Sysadmin / Chairman.

Slides:



Advertisements
Similar presentations
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
1© Copyright 2011 EMC Corporation. All rights reserved. The Future of the Advance Soc 3rd Annual Privacy, Access and Security Congress, Ottawa, 2012 Mike.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Firewalls Anand Sharma Austin Wellman Kingdon Barrett.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World
Firewall Raghunathan Srinivasan October 30, 2007 CSE 466/598 Computer Systems Security.
COEN 252: Computer Forensics Router Investigation.
Department Of Computer Engineering
Security Guidelines and Management
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Using Windows Firewall and Windows Defender
1 Defining Network Security Security is prevention of unwanted information transfer What are the components? –...Physical Security –…Operational Security.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Windows 7 Firewall.
CIS 450 – Network Security Chapter 3 – Information Gathering.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
CPT 123 Internet Skills Class Notes Internet Security Session A.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Enterprise Network Security Accessing the WAN – Chapter 4.
Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
Chapter 4: Implementing Firewall Technologies
Defense in Depth. 1.A well-structured defense architecture treats security of the network like an onion. When you peel away the outermost layer, many.
Module 10: Windows Firewall and Caching Fundamentals.
Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.
Role Of Network IDS in Network Perimeter Defense.
© ITT Educational Services, Inc. All rights reserved.Page 1 IS3220 Information Technology Infrastructure Security Class Agenda 1  Learning Objectives.
By Kyle Bickel.  Securing a host computer is making sure that your computer is secure when it’s connected to the internet  This be done by several protective.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
By: Keith Reiter COSC 356. Today’s Agenda Introduction Types of firewalls Firewall Access Rules Firewall Logging Who needs a firewall Summary.
Security Log Visualization with a Correlation Engine: Chris Kubecka Security-evangelist.eu All are welcome in the House of Bytes English Language Presentation.
FIREWALLS Created and Presented by: Dawn Blitch & Fredda Hutchinson.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)
Security fundamentals
Top 5 Open Source Firewall Software for Linux User
CONNECTING TO THE INTERNET
Computer Data Security & Privacy
Click to edit Master subtitle style
Introduction to Networking
Firewalls.
Welcome To : Group 1 VC Presentation
IS4550 Security Policies and Implementation
Computer Security Firewalls November 19, 2018 ©2004, Bryan J. Higgs.
Chapter 4: Protecting the Organization
Firewalls Chapter 8.
Presentation transcript:

Why we keep doing security wrong Grant Cohoe

About Me System Administrator – RSA (The security division of EMC) OpComm Director / Sysadmin / Chairman – Computer Science RIT ISTS Team OpComm (“Team Uptime”) – 3 rd place 2011, 2 nd place 2012

What we do Rely on perimeter defenses Overlook the most vulnerable Security is an achievement

PERIMETER DEFENSES “Shields are up captain!”

Perimeter Defenses Firewalls NAT Proxies IPS

Firewalls Host-based – Windows Firewall, iptables, pf – Drill holes! – No one filters outbound traffic

Firewalls Network-based – Cisco ASA/PIX, CheckPoint Gateway, etc – Drill less holes, but worse ones Example: SSH

Firewalls Great for the majority of badness Wont stop the real badness

NAT Non-routable private IP addresses No one can get to you directly? – WRAUNG! – Example: Adjacent Router

Proxies Traffic interception/filtering Not particularly useful Hostname vs IP blocking

IPS Look for malicious activity and stop it – What/who defines “malicious”? Often very specific targets

Perimeter Defenses Very Static Bypassable Good for the 99%, not for the 1

OVERLOOK THE MOST VULNERABLE “No one will ever attack this”

VoIP Phones Rely on a trusted network infrastructure Do little to no verification of configuration Desktop bugging devices

Printers Rarely segregated (dedicated printer network) Bad software No firewalls Springboard for more advanced attack

Home Gateways Terrible software

SECURITY IS NOT AN ACHIEVEMENT “One does not simply become secure”

Achievement “Make us secure”

Achievement High CapEx – Equipment, infrastructure Low resources to monitor – No SOC monkeys, investigators Even less to respond – In a crisis, you can’t move

Process Continuously monitor and respond to issues

Process Moderate CapEx – Different equipment, infrastructure Moderate resources to monitor – 24/7 staffed SOC w/ investigators Moderate resources to response – System management tools, live network mapping, etc

SECURITY ANALYTICS Cloud, big data, buzzword, buzzword

Security Analytics Real-time holistic intelligence platform Gather data from many sources Compare against profiles Replay entire sessions and content

Security Analytics Making available data accessible

Security Analytics As things happen, log them – Wireshark everything and store it – Server logs – Active Directory events If anything seems weird, analyze it

Profiles Old-and-busted approach: – Someone is trying to get into Oracle New hotness approach: – Josh is authenticated to the VPN – Jeff is authenticated to AD – Nick is trying to get into Oracle

Session Replay Server access logs tell you when something happened Wireshark lets you replay the network traffic Get the badness into a secured environment Poke at it

Security Analytics Analysis and response in minutes – Rather than days

Summary Don’t rely solely on perimeter defenses Don’t overlook anything no matter how small Security is a process, not an achievement Security analytics should be a thing

Contact Web:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.