1 IF-MAP: Open Standards for Coordinating Security Presentation for SAAG IETF 72, July 31, 2008 Steve Hanna

Slides:



Advertisements
Similar presentations
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Advertisements

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
TCG Confidential Copyright© 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TNC EAP IETF EAP.
Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Putting Trust into the Network: Securing.
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Chapter 12 Network Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
IT:Network:Applications VIRTUAL DESKTOP INFRASTRUCTURE.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect: Open.
Department Of Computer Engineering
A Survey on Interfaces to Network Security
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
SACM Architecture Based on TNC Standards Lisa Lorenzin & Atul Shah.
Course 201 – Administration, Content Inspection and SSL VPN
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Cloud Computing Cloud Security– an overview Keke Chen.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
Network Access Control for Education
Copyright © 2008 Juniper Networks, Inc. 1 Network Access Control and Beyond By Steve Hanna, Distinguished Engineer, Juniper Co-Chair, Trusted.
Technology Overview. Agenda What’s New and Better in Windows Server 2003? Why Upgrade to Windows Server 2003 ?  From Windows NT 4.0  From Windows 2000.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Trusted Network Connect Briefing.
70-411: Administering Windows Server 2012
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński
Interface to Network Security Functions Nov 2014 Linda Dunbar Myo Zarny
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Wireless Intrusion Prevention System
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Synchronized Security Revolutionizing Advanced Threat Protection
Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Network Access Control
Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Managing Network Threat Information  Giri Raichur, Network Services.
XACML MAP Authorization Profile Richard Hill, John Tolbert May 16, 2013.
IS3220 Information Technology Infrastructure Security
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Continuous Assessment Protocols for SACM draft-hanna-sacm-assessment-protocols-00.txt November 5, 20121IETF 85 - SACM Meeting.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Some Great Open Source Intrusion Detection Systems (IDSs)
Intrusion Detection Systems Dj Gerena. What is an Intrusion Detection System Hardware and/or software Attempts to detect Intrusions Heuristics /Statistics.
Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication.
CompTIA Security+ Study Guide (SY0-401)
Cloud Security– an overview Keke Chen
Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
Mutual Attestation of IoT Devices Connect Security World September 2016 Marseille Prof. Andreas Steffen Institute for Internet Technologies and Applications.
E-Commerce.
Mutual Attestation of IoT Devices and TPM 2
Introduction to Cisco Identity Services Engine (ISE)
To Join the Teleconference
draft-fitzgeraldmckay-sacm-endpointcompliance-00
Trusted Network Connect: Open Standards for NAC
ISMS Information Security Management System
Introduction to Network Security
AT&T Firewall Battlecard
Presentation transcript:

1 IF-MAP: Open Standards for Coordinating Security Presentation for SAAG IETF 72, July 31, 2008 Steve Hanna

2 Information Security Past - Isolation Host Firewall Host Intrusion Detection & Prevention Host Anti-Virus Host Security Network Firewall Network Intrusion Detection & Prevention Virtual Private Networks Data Loss Prevention Vulnerability Scanners Network Anti-Virus Network Security Identity Management Server Security Web Services Security Server/Service Security

3 Network Firewall Network Intrusion Detection & Prevention Virtual Private Networks Data Loss Prevention Vulnerability Scanners Network Anti-Virus Network Security Information Security Present – Partial Coordination Host Firewall Host Intrusion Detection & Prevention Host Anti-Virus Host Security Identity Management Server Security Web Services Security Server/Service Security Network Access Control (NAC)

4 Network Firewall Network Intrusion Detection & Prevention Virtual Private Networks Data Loss Prevention Vulnerability Scanners Network Anti-Virus Network Security Information Security Future – Full Coordination Host Firewall Host Intrusion Detection & Prevention Host Anti-Virus Host Security Identity Management Server Security Web Services Security Server/Service Security NAC with IF-MAP

5 Basic NAC Architecture Access Requestor (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) VPN

6 Integrating Other Security Systems Access Requestor (AR) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Metadata Access Point (MAP) Sensors, Flow Controllers VPN

7 TNC Architecture Policy Decision Point Policy Enforcement Point Access Requestor Verifiers t Collector Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) IF-M IF-IMCIF-IMV Network Access Requestor Policy Enforcement Point (PEP) Network Access Authority IF-T IF-PEP TNC Server (TNCS) TNC Client (TNCC) IF-TNCCS TSS TPM Platform Trust Service (PTS) IF-PTS Metadata Access Point Sensors and Flow Controllers Metadata Access Point IF-MAP Sensor IF-MAP Flow Controller IF-MAP

8 What is IF-MAP? Standard Published by Trusted Computing Group – Standard Requests & Responses –Publish, Search, Subscribe, Poll Standard Identifiers –device, identity, ip-address, mac-address, access-request Standard Metadata –device-attribute, event, role, capability, layer2-information Standard Links (marked with metadata) –access-request-device, access-request-ip, access-request-mac, authenticated-as, authenticated-by, ip-mac Protocol Binding for SOAP Ability to define optional vendor-specific extensions

9 Example IF-MAP Graph

10 IF-MAP Benefits More Informed Sensors –Sensors can tune by role and other things –Should reduce false alarms Policy and Reports in Business Terms –User identity and role vs. IP address –Simpler, easier to manage Automated Response (if desired) –Faster response = stronger security –Less expense due to automation Customer Choice and Flexibility –No need to buy all security products from one vendor –Can reuse and integrate existing security systems

11 Security and Privacy Considerations MAP = Storehouse of Sensitive Data, Critical Nerve Center –MUST TLS with mutual auth for IF-MAP clients publisher-id and timestamp to track changes –SHOULD authorization, DOS protection, anomaly detection, physical and operational security, hardening, etc. not keep historical data

12 Discussion