Jericho Commandments, Future Trends, & Positioning.

Slides:



Advertisements
Similar presentations
Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Advertisements

Internet Protocol Security (IP Sec)
L. Alchaal & al. Page Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.
Guide to Network Defense and Countermeasures Second Edition
Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.
Real world application  Protocols  Paul Simmonds ICI Plc. & Jericho Forum Board.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
IT Audit & Identity Management Challenges in a De-perimeterisation Scenario Henry S. Teng, CISSP, CISM Enterprise Security Compliance Officer Philips International.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Internet Protocol Security (IPSec)
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Real world application  Voice over IP  John Meakin Standard Chartered Bank & Jericho Forum Board.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.
Virtual Private Network
Course 201 – Administration, Content Inspection and SSL VPN
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Steering Committee CSRIC Working Group 2A Cyber Security Best Practices October 7, 2010.
NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.
The disappearing perimeter and The need for secure collaboration Bob West Founder and CEO, Echelon One, & Jericho Forum ® Board Member Jericho Forum at.
Jericho Forum Achievements  Steve Whitlock Board of Management, Jericho Forum ®
Introduction to the Mobile Security (MD)  Chaitanya Nettem  Rawad Habib  2015.
Surviving in a hostile world  The myth of fortress applications  Tomas Olovsson CTO, Appgate Professor at Goteborg University, Sweden.
Jericho une approche alternative de la sécurité Bjorn Gronquist (CSO Capgemini) Lyon – 26 novembre 2009 XIVe Symposium de l’Architecture du 16 au 26 novembre.
Chapter 3 : Distributed Data Processing Business Data Communications, 4e.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.
Chapter 6 of the Executive Guide manual Technology.
Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper
The Jericho Forum’s Architecture for De-Perimeterised Security Presentation at CACS 2007 Auckland Prof. Clark Thomborson 10 th September 2007.
Jericho’s Architecture for De-Perimeterised Security Presentation at ISACA/IIA Wellington Prof. Clark Thomborson 27 th July 2007.
Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Setting the Foundations  The Jericho Forum “Commandments”  Nick Bleech Rolls Royce & Jericho Forum Board.
Security Requirements of NVO3 draft-hartman-nvo3-security-requirements-01 S. Hartman M. Wasserman D. Zhang 1.
Selling Strategies Microsoft Internet Security and Acceleration (ISA) Server 2004 Powerful Protection for Microsoft Applications.
Enhanced Storage Architecture
Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.
Lecture 24 Wireless Network Security
NETWORK INFRASTRUCTURE SECURITY Domain 5. Computer Security “in short, the average computer is about as secure as a wet paper bag, and it is one of the.
SonicWALL SSL-VPN Series Easy Secure Remote Access Cafferata Cristiano SE Italia.
Virtual Private Network. ATHENA Main Function of VPN  Privacy  Authenticating  Data Integrity  Antireplay.
Security fundamentals Topic 10 Securing the network perimeter.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Understand Internet Security LESSON Security Fundamentals.
COA Masterclass The introduction! Paul Simmonds Board of Management, Jericho Forum ® ex.CISO, ICI Plc.
E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.
Network Security The Parts of the Sum Stephen T. Walker Overview by Justin Childs.
K. Salah1 Security Protocols in the Internet IPSec.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Security fundamentals
Stop Those Prying Eyes Getting to Your Data
VIRTUALIZATION & CLOUD COMPUTING
The disappearing perimeter and The need for secure collaboration
Collaboration Oriented Architecture COA Position Paper An Overview
Presentation transcript:

Jericho Commandments, Future Trends, & Positioning

Fundamentals 1. The scope and level of protection must be specific and appropriate to the asset at risk  So as to add flexibility to meet new business requirements and increase speed of deployment  Central protection decreasing in effectiveness  Boundary firewalls might protect the network, but individual systems and data need their own protection 2. Security mechanisms must be simple, scalable and easy to manage  Unnecessary complexity is a threat to good security  Small things will need to interoperate with large things  Must support chunking/lumping

Surviving in a hostile world 3. Devices and applications must communicate using open, secure protocols  Assume eavesdropping, overlooking, injection  Security CIA requirements should be built in to protocols, not add-on  Encrypted encapsulation doesn’t solve everything 4. All devices must be capable of maintaining their security policy on an untrusted network  must be capable of surviving on the raw Internet  “Security policy” = CIA status

The need for trust 5. All people, processes, technology must have declared and transparent levels of trust for the transaction  Clarity of expectation  No surprises  Trust level may vary by location, transaction 6. Mutual trust assurance level must be determinable  Devices and users must be capable of appropriate levels of (mutual) authentication for accessing systems and data

The need for mutual authentication 7. Authentication must interoperate / exchange outside of your locus of control  Must be capable of trusting an organisation, which can authenticate individuals or groups – no need to create separate identities  Only need one instance of person / system / identity, but can also support multiple instances

Finally, access to data 8. Access to data should be controlled by security attributes of the data itself  Could be held within the data (DRM) or could be in separate system  Could be implemented by encryption  Some data may have “public, non-confidential” attributes 9. By default, data must be appropriately secured both in storage and in transit  Removing default is conscious act  “Appropriate” also allows some data to not need securing, must not enforce high security for everything 10. Assume context at your peril

11. Deperimeterisation is inevitable  It will happen in your corporate lifetime  Therefore you need to plan for it  Therefore you need a roadmap  And JF has generic roadmap

Trust level  Untrusted  Trust the protocol  Trust the person/process  Trust the environment  Full trust Risk Level  No Risk  Low Risk  Medium Risk  High Risk Transactional Capability  Public information – view only  Restricted information – view only through to  High value information  High value transaction

Security Protocols SecurePoint Solution (use with care)  AD Authentication Use & Recommend  SMTP/TLS  AS2  HTTPS InsecureNever Use (Retire)  NTLM Authentication Use only with additional security  SMTP  FTP  TFTP  Telnet  VoIP ClosedOpen Secure Insecure Closed/ProprietaryOpen Stop/Retire (Now!) e.g. NTLM Authentication Use only with additional security (force disuse of ‘security’ features) e.g. SMTP, FTP (use TFTP), TELNET, VoIP, … Point Solution Use with Care! e.g. AD Authentication Use and Recommend e.g. SMTP/TLS AS2 (EDI/HTTPS) HTTPS, WPA2

Buy, Hold and Sell SystemsTechnologyArchitecture Buy (Invest)Trusted Computing  Inherently Secure Protocols  De-perimeterised architectures Hold (Watch)NAC  IPSec Sell (Retire)Perimeter IDS  Proprietary protocols  Perimeter Security Boundary

Corporate Roadmap Anti-Malware Ext. Scan Int. Scan SMTP/TLS & ML Virtual Proxies / IFR DRM Fed. Identity Trusted Computing Inherently Secure Protocols Virtual Secure Services Secure Internet Working Firewalls Ext. Scan Int. Scan SMTP/TLS & ML Shrunken Intranet Virtual Proxies / IFR DRM Fed. Identity Trusted Computing Inherently Secure Protocols Virtual Secure Services Anti-Malware Firewalls Corporate Boundary Anti-Virus Anti-Spam IPSec VPN Ext. Scan Int. Scan SMTP/TLS & ML Shrunken Intranet Fed. Identity Virtual Proxies / IFR DRM Firewalls Corporate Border Anti-Virus Anti-Spam IPSec VPN Proxies/IFR Ext. Scan Int. Scan SMTP/TLS & ML Shrinking Intranet DRM (Partial) Fed. Identity (Partial) Firewalls Corporate Border Anti-Virus SMTP/ML Anti-Spam IPSec VPN Proxies/IFR Ext. Scan Int. Scan Key Components Additive by Generation 60% Adoption Key Obsoleted Technology Proxies / IFRCorporate Boundary Firewalls

Vendors Customers Desired Future State Standards and Solutions Customers Vendors Work Types Needs Principles Strategy White Papers Patterns Use Cases Guidelines Standards Solutions Workflow