Download presentation
Presentation is loading. Please wait.
1
Extranet for Security Professionals Essential Services Analysis Heather T. Kowalski Tong Xu Ying Hao Hui Huang Bill Halpin Oct. 31, 2000
2
Review Business Mission - Central Repository of Security Information - Central Location for Information Sharing - Secure Environment, Manageable Resource System Requirements - SECURITY OVER RELIABILITY - Exchange of Information - Responsible for Information Only While on ESP System - User Driven and Maintained System Environment - Dell Power Edge Servers - Windows NT 4.0 (SP6) - SSL - Cold Fusion Middleware - Only Minimal Options Activated System Architecture
3
ESP – Architecture Workstation Firewall Router Web Servers The Internet To: George Marty From: Steve
4
Topics of Today ESP Services overview Essential Services/Asset Analysis Essential Services/Asset Usage Scenario Essential Component Analysis
5
ESP Services Overview
6
ESP Essential Services Site Administration Virtual Security Office (VSO) Collaboration Realm (CR) Organizational Management Library Message Center
7
Users ESP User VSO & CR Owners Site Manager Organizational Manager Site Administrator
8
Site Administration Maintain Hardware Assets Implement Hardware Security Process Database Management
9
Router Cisco 7200 128.237.144.1 Web Server Windows NT 4.0 (SP6), Hot Fixes DNS RedHat 6.2 Firewall-2 Windows NT 4.0 (SP6) Hot Fixes Database DNS RedHat 6.2 NES 3.63 Cold Fusion 4.5.1 ActiveState Perl 5.5 Tripwire 2.2.1 IPchains Guardian Pro V5 IDS-2 Windows NT 4.0 (SP6) Hot Fixes RealSecure 3.2 IDS-1 Windows NT 4.0 (SP6) Hot Fixes RealSecure 3.2 Visual FoxPro Console
10
Virtual Security Office Restricted Web Page Function - Information Sharing - Information Dissemination - Communication between Security Activity Groups Security Considerations Public Site - READ access for ALL users Private Site - Access granted by VSO Owner to CERTAIN users - Administrator Rights granted by VSO Owner to SPECIFIC users
11
Virtual Security Office
12
VSO Public View
13
VSO Private View
14
Collaboration Realm Function - Provide Selected Users with Areas to Collaborate on Projects Security Considerations - Owners have total control of access - View - Comment - Vote - Admin
15
Collaboration Realm
16
Organizational Management Functions Access Control to ESP website Validate Users Enforce ESP Policy Create Further Push Down of Management Security Considerations Site Manager grants Administrative Rights to Organizational Manager Organizational Manager controls Users in Organization ONLY
17
Organizational Management
18
Library The Library Tool is used to make common reports and documentation available on-line to all ESP users. The Library is Full Text Searchable.
19
Message Center ESP Internal “Post Office” Message never Leaves the Secure Web Server Users can be Notified via an External Mail System
20
Primary Users Client WorkStation Router (FW1) Firewall-2 DNS2IDS Web Server DNS1 Database IP||TCP/UDP||SSL IDS IP||TCP/UDP||SSL
21
Primary Users Client WorkStation Router (FW1) Cisco 7200 128.237.144.1 Web Server Windows NT 4.0 (SP6), Hot Fixes DNS RedHat 6.2 Firewall-2 Windows NT 4.0 (SP6) Hot Fixes Database DNS RedHat 6.2 NES 3.63 Cold Fusion 4.5.1 ActiveState Perl 5.5 Tripwire 2.2.1 IPchains Guardian Pro V5 IDS-2 Windows NT 4.0 (SP6) Hot Fixes RealSecure 3.2 IDS-1 Windows NT 4.0 (SP6) Hot Fixes RealSecure 3.2 Visual FoxPro
22
Future Plans Regular Saturday Team Meetings Planned Meeting with Client Goals: Find Vulnerabilities Identify Compromisable Components Simulate Intrusions & Attacks Survivability Analysis
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.