Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Layered Approach to Support Extranet Security Ralph Santitoro Director of Security Solutions - Nortel SUPERCOMM 2005 Panel 2 Session - June.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "A Layered Approach to Support Extranet Security Ralph Santitoro Director of Security Solutions - Nortel SUPERCOMM 2005 Panel 2 Session - June."— Presentation transcript:

1 A Layered Approach to Support Extranet Security Ralph Santitoro Director of Security Solutions - Nortel EntNet @ SUPERCOMM 2005 Panel 2 Session - June 6, 2005 Ralph@Marcom-Services.net http://www.nortel.com/security

2 © 2005 Nortel Networks. All Rights Reserved. -2- What are you trying to protect? >Business Continuity Protecting the network, hosts and applications from threats or vulnerabilities Protecting outsourced services, e.g., Call Centers, Customer Service Business Continuity Information Security Information Privacy Layer Network, Host, and Application Defense Layer >Information Security Controlling the usage of information Auditing the movement of information

3 © 2005 Nortel Networks. All Rights Reserved. -3- What’s Keeping the CxO Up at Night? > Computer worms, viruses > Regulatory compliance > Online fraud > Early warning of cyber attacks > Data Privacy - Top 5 Security Concerns for 2005* 80% of CSOs report that cyber attacks had a bottom-line financial impact on their organizations* * Source: CSO Interchange New York December 2004 23451

4 © 2005 Nortel Networks. All Rights Reserved. -4- Regulations will Drive Security Deployments - Regulations will increase the focus on Security >Sarbanes Oxley >Health Insurance Portability and Accountability Act (HIPAA) >Gramm-Leach-Bliley (GLB) >California Database Breach Notification Act (SB1386) >Data Protection and Misuse Act (UK) >Personal Information Protection & Electronic Documents Act (Canada) >Safe Harbor Act – EU Data Protection Act (Europe, U.S.)

5 Business Continuity - Protecting the Network, Hosts and Applications - What are the Threats ?

6 © 2005 Nortel Networks. All Rights Reserved. -6- Business Continuity - Must maintain reliable services >Conduct business without outages of critical services >Maintain communications Internally and with customers, suppliers, partners

7 © 2005 Nortel Networks. All Rights Reserved. -7- What are the Threats ? - Malicious Software (Malware) : Viruses, Worms, Trojans >Typically infect computer by exploiting “vulnerabilities” and social engineering Steal passwords (e.g., cookies) Destroy documents Steal confidential data (e.g, Phishing, Scam) Impede host or network device performance Distribute SPAM >Infected computers threaten security of the network >How to stop Malware AntiVirus software Intrusion Detection software or appliances Traffic Management devices Security policies

8 © 2005 Nortel Networks. All Rights Reserved. -8- Denial of Service and DDoS attacks >Targets known “vulnerability” in devices >Can cause devices to completely stop working >Denial of Service one hacker targeting one network device or host >Distributed Denial of Service (DDoS) One or several hackers taking over multiple hosts on the Internet. These machines then target a single network device or host

9 © 2005 Nortel Networks. All Rights Reserved. -9- Extranet Challenges - Threats from Encrypted Traffic >Sensitive data, VPN traffic, secure multimedia and eCommerce rely on encryption for security Encryption hides malicious code >Threat prevention devices must: Decrypt the traffic Scan traffic for Malware Report or take action on the traffic E.g., report the threat, drop the traffic, reduce the bandwidth, etc. Re-encrypt the traffic

10 © 2005 Nortel Networks. All Rights Reserved. -10- ANATOMY OF A REAL-WORLD ATTACK A sophisticated attacker will leverage trust relationships to gain access to more valuable information assets. Base camp A target server is attacked and compromised The acquired server is used as vantage point to penetrate the corporate net Further attacks are performed as an internal user External attacker’s system 5 P’s Probe Penetrate Persist Propagate Paralyze

11 © 2005 Nortel Networks. All Rights Reserved. -11- Threat Prevention >Extranet Treats require similar protection to other internal or external threats >Similar technologies and procedures used >Intelligent traffic management is critical Configure Capture AnalyzeSignatures Violations Behavior Scan Patch Policy Log Alert Block MonitorDetect ActMitigate Monitor Detect Act Mitigate

12 © 2005 Nortel Networks. All Rights Reserved. -12- Enterprise Security Challenge - A Dynamic Situation Infrastructure Attacks Unknown Connections Wireless access points Unused active ports Unauthorized use Extranet Compromised Malicious Unintentional Unknown attacks Engineered attacks Passwords compromised Sessions intercepted X X X X X Intranet Compromised Malicious Unintentional X X X X Understand the network. Detect the vulnerabilities. Protect the assets

13 © 2005 Nortel Networks. All Rights Reserved. -13- Security Policy Layers - Why Deep Packet (L3-L7) Inspection and Intelligent Traffic Management are so important IP Access Protection Denial of Service Attack Protection Application Inspection Apply Policies Anti-Spoofing ScanSynFin DoS Attack Worms, Viruses, Trojans … Peer-to-Peer Instant Messaging VoIP Guaranteed Limited Reporting and Logging Malware Inspection Example Traffic Flows

14 © 2005 Nortel Networks. All Rights Reserved. -14- Remote End Point Compliance >Remote end point devices (PCs, mobile devices, etc.) accessing Extranet are assessed prior to network access To determine if they are compliant with security policies >Example policy compliance rules AntiVirus installed, AntiSpyware installed, Operating System security patches and Application security patches must be installed >Compliance Policies Choices Block All, Quarantine, Allow Some, Allow All End point devices accessing the network are made compliant with corporate security policies

15 © 2005 Nortel Networks. All Rights Reserved. -15- Remote End Point Security Challenges and Solutions for Extranets >Masquerading: How do I know the user hasn’t stolen a user ID & password? Use a Token-based or 2-factor authentication, e.g,. RSA SecureID card or User ID / Password + VPN ID / Password >Negligence: A user walks away from her desk leaving an open VPN session Use an auto-logoff timer to terminate VPN session after a period of inactivity >Residual Data: A patient’s medical data is cached on a PC and becomes accessible to the next user Use cache cleansing to clear browser history and cached data once VPN session is terminated. >Trust: I don’t want sensitive applications accessed from any unknown PCs Use dynamic access policies enabling varied access depending on configured parameters at login, e.g., allow Email, but no file access or deny access completely

16 © 2005 Nortel Networks. All Rights Reserved. -16- Virus IDS AntiSpyware PFW Remote Endpoint Security Compliance and Remediation for Extranets >Example Extranet end point security policy to access network: AntiVirus must be installed AntiSpyware must be installed Client-based Extranet access Quarantine / Remediation Virus IDS AntiSpyware PFW Client-less Extranet access Extranet VPN connection

17 © 2005 Nortel Networks. All Rights Reserved. -17- Summary >Extranets require multiple layers of protection to ensure business continuity and protect information privacy Secure access (VPN) with user-based Security Policies Threat Prevention at Layer 3-7 Deep Packet Inspection and Intelligent Traffic Management End Point Security Compliance and Remediation

Download ppt "A Layered Approach to Support Extranet Security Ralph Santitoro Director of Security Solutions - Nortel SUPERCOMM 2005 Panel 2 Session - June."

Similar presentations

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.

Security Training Lunch ‘n Learn. Agenda  Threat Analysis  Legal Issues  Threat Mitigation  User Security  Mobile Security  Policy Enforcement.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security Controls – What Works

Security Controls – What Works
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.

NETWORKS Lauren Hickman Patrick McCamy Morgan Pace Noah Ryder.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.

INFORMATION SECURITY UPDATE Al Arboleda Chief Information Security Officer.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Similar presentations

Ads by Google