Download presentation
Presentation is loading. Please wait.
1
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute ESP Technical Overview Marty Lindner September 2000
2
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 2 Agenda What is “ESP” Goals of the ESP ESP Technology Overview
3
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 3 What is the “ESP” ESP E xtranet for S ecurity P rofessional
4
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 4 What is the “ESP” From a users perspective the ESP is a web site that is used by a group of people sharing a common interest or need
5
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 5 What is the “ESP” From an IT professionals perspective the ESP is a secure web environment created by using Commercial Off The Shelf (COTS) products Good Programming Practices Strict network policies enforced by multiple firewalls and intrusion detection systems Automated intrusion detection software developed for the ESP environment
6
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 6 What is the “ESP” A set of collaboration tools used thru a common web interface Mail Tool Calendar Tool Document Collaboration Tool Document Library
7
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 7 Goals of the ESP Minimal cost to the end users Provide a mechanism for sharing FOUO/SBU information over the public internet Maintain the highest level of security
8
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 8 ESP Technology Overview
9
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 9 ESP Infrastructure Workstation Database Servers Firewall Router Web Servers The Internet To: George Marty From: Steve
10
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 10 End User Workstation Workstation Database Servers Firewall Router Web Servers The Internet To: George Marty From: Steve
11
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 11 End User Workstation One of the ESP goals is to minimize the cost to the end user The only end user requirement is a web browser that supports U.S. domestic encryption (128 bits)
12
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 12 The Internet Workstation Database Servers Firewall Router Web Servers The Internet To: George Marty From: Steve
13
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 13 The Internet The ESP technology makes one assumption about the Internet You can not trust it! To overcome this lack of trust, the ESP uses the Secure Socket Layer (SSL) protocol and X.509 certificates to provide authenticity, integrity and confidentiality www.ietf.org\rfc\rfc2246.txt
14
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 14 SSL Security Workstation Database Servers Firewall Router Web Servers The Internet SSL provides a secure path through the Internet To: George Marty From: Steve
15
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 15 Firewall Strategy Workstation Database Servers Firewall Router Web Servers The Internet Multiple inline firewalls create more complex maze for intruders to navigate To: George Marty From: Steve
16
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 16 Firewall Strategy Multiple firewalls randomly inserted into the network topology Sidewinder 5.0 www.securecomputing.com Guardian www.netguard.com Cisco Secure PIX Firewall www.cisco.com Linux IPchains www.linuxdocs.org
17
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 17 Network Monitoring Workstation Database Servers Firewall Router Web Servers The Internet Passive network monitoring tools assist and automate the intrusion detection process To: George Marty From: Steve
18
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 18 Network Monitoring Several passive network monitoring agents are used to detect signs of intrusion Real Secure 3.2 www.iss.net Snort 1.6.3 www.snort.org
19
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 19 Web Server Security Workstation Database Servers Firewall Router Web Servers The Internet The middleware enhances security by incorporating additional authentication techniques To: George Marty From: Steve
20
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 20 Web Server Security System is dedicated to web services only No additional services offered Software Hardened Windows NT 4.0 www.microsoft.com Tripwire system integrity software 2.2.1 www.tripwire.com Netscape Enterprise Server 3.63 home.netscape.com Cold Fusion Server 4.5.1 www.alliare.com
21
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 21 Database Security Workstation Database Servers Firewall Router Web Servers The Internet The database only responds to authenticated requests from the Web servers To: George Marty From: Steve
22
© 2000 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute 22 Database Security Database servers only except communications from an authenticated IPsec session www.ietf.org\rfc\rfc2401.txt
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.