Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.

Slides:



Advertisements
Similar presentations
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Advertisements

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Firewalls and Intrusion Detection Systems
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Cyber Security – Our Approach James Clement Network Specialist ETS: Communications & Network Services
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
EDUCAUSE Security 2006 Internet John Brown University.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
Internet Safety By Megan Wilkinson. Viruses If your computer haves a viruses on it, it will show one of them or a different one. All commuters have different.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Campus Firewalling Dearbhla O’Reilly Network Manager Dublin Institute of Technology.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Guide to Network Defense and Countermeasures Chapter 2.
ShareTech 2015 Next-Gen UTM.
Securing Microsoft® Exchange Server 2010
Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor  The definition of “endpoint” used to be simple: a.
IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.
CERN’s Computer Security Challenge
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 6 of the Executive Guide manual Technology.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
TECHNOLOGY GUIDE THREE Protecting Your Information Assets.
XP New Perspectives on The Internet, Sixth Edition— Comprehensive Tutorial 5 1 Downloading and Storing Data Using FTP and Other Services to Transfer and.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Chapter 2 Securing Network Server and User Workstations.
Module 11: Designing Security for Network Perimeters.
Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
Security fundamentals Topic 10 Securing the network perimeter.
Security fundamentals Topic 9 Securing internet messaging.
Local issues Auditing Log Review Physical protection Disaster Recovery Backup Schedules Off-site storage SECURITY.
NetTech Solutions Protecting the Computer Lesson 10.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Secure  Message interception (confidentiality)  Message interception (blocked delivery)  Message interception and subsequent replay  Message.
A Network Security -Firewall Bruce Turin.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Information Systems Design and Development Security Precautions Computing Science.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Introducing Kaspersky Anti-Virus 6.0 for Windows Workstations Introducing Kaspersky ® Anti-Virus 6.0 for Windows Workstations.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Security on Peer-to-Peer Networks.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Philip J. Beyer, Information Security Officer John P. Skaarup, Sr. Security Engineer Texas Education Agency Information Security.
TMG Client Protection 6NPS – Session 7.
Working at a Small-to-Medium Business or ISP – Chapter 8
TECHNOLOGY GUIDE THREE
Welcome To : Group 1 VC Presentation
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD

Agenda  Network Security  Remote Access  Anti-Virus Protection  Content Filtering and Blocking  Possible Future Directions

Network Security

Private Network External Firewall Internal Firewall Internet DMZ Extranet DMZ SITA X25 InternetInternet

Network Security  2 levels of firewalls for access control  2 separate DMZs to protect sensitive information  Outgoing Internet access through application relays  Intrusion detection systems on both DMZs  Vulnerability scanning on a regular basis

Intrusion Detection System  Network sensor watching for attack signatures  Responses to suspicious activity:  Connection termination  Alerts sent by  Session recorded  Other …

Intrusion Detection System

Centrally Managed Security Policies

Remote Access

Exchange Web SQL

Remote Access Home users Mission users

Remote Access  For portables and Outlook Web Access users to access the OECD network, two- factor authentication based on:  A PIN number (known by the user)  An authenticator (either hardware or software)  Also based on Windows authentication to access network resources

Anti-Virus Protection

NetworkServer Gateway & Firewall Internet Point of Entry & SMTP relay Client

Prevention And Detection  Anti-Virus products from 2 different vendors installed on:  Desktops and laptops  File Servers  Servers  SMTP Relays  Signature updates on a weekly basis  Scanning on PCs and servers on a weekly basis  User Education  Being Prepared  Basic Network Security  Standard Disaster Recovery Procedures

Content Filtering and Blocking

 Implemented after the ILOVEYOU virus  SMTP relay level filtering of all incoming and outgoing Internet messages:  Scan for viruses  Block « program » attachments and HTML scripts for 2 days  Search for « suspicious » text strings in subject  Reporting to management

Content Filtering and Blocking

W32/Navidad W32/Navidad-B

Possible Future Directions  Outsource detection and reporting of network vulnerabilities  SSL for Outlook Web Access  Use RTBL to prevent spamming  Content inspection on HTTP/FTP downloads

Comments and Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.