Presentation is loading. Please wait.

Presentation is loading. Please wait.

May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Putting Secure Information Sharing and Access Management Into Practice John Hewie Microsoft Canada Tim.

Published byElfreda Cory Henderson Modified over 9 years ago

Similar presentations

Presentation on theme: "May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Putting Secure Information Sharing and Access Management Into Practice John Hewie Microsoft Canada Tim."— Presentation transcript:

1 May 30 th – 31 st, 2007 Chateau Laurier Ottawa

2 Putting Secure Information Sharing and Access Management Into Practice John Hewie Microsoft Canada Tim Upton Titus Labs Inc.

3 How do we share information in a secure and cost effective manner that allows for timely and effective access by the right individuals ? How do we move from “need to isolate” to “need to share securely”? Many policies exist that encumber information sharing across department / agency The Challenge

4 SIPRNET GWAN NSANET(IWS) JIWCS(IWS) Site TS/SI/TK/B Ops Net Stu-III Red Phone JWICS VTC OSINT READOUTMulti-Net(IWS) SecurePolycom The Current Solution

5 Physical separation is the norm Each network will have its own storage, network, servers and desktops This results in: High total cost of ownership For example, USCENTCOM operates several distinct networks at same classification level but with different caveats Multiple accounts per user Difficult collaboration Duplication of information Complex security management Information sharing via sneaker net or retyping information Today’s Solution - Multiple Everything

6 SISA - “Secure Information Sharing Architecture” Partnership between Microsoft, Cisco, EMC, Decru and Titus An approach for collapsing many physical networks into virtual “compartments” on one physical network Original goals for military sharing requirements but solution components applicable to anyone who has a need to share information securely. SISA is a secure collaboration framework built upon a single physical network What is SISA?

7 Demo Title Secure Information Sharing Architecture

8 Use a single source for authentication: Active Directory Enforce user specific rights and network privileges based group membership Ensure best security protection against known and unknown threats Validate security posture of each host system Automatically enforce system update remediation Consolidated monitoring of computer and network security Secure data at rest and in transit Make it affordable Leverage existing hardware, software and training investments Protect compartmented data within a single IT system Leverage guidance defined in DCID 6-3 P rotection level 3 (PL3) addresses compartmentalization at the same “ security classification” level Approach

9 Architectural Service Components Access Protection Services End-Device Lockdown and Health Network Protection/ Policy Enforcement Content Protection Services Data Protection Services WatchDog Services Network Path Isolation Application AuthN and AuthZ Document and File Encryption Application Lockdown Data at Rest Isolation and Encryption Intelligent Auditing

10 Access Protection Services for End-Devices Establish healthy end-devices, protection against malicious code attacks Group Policy, Cisco Security Agent (CSA) Access Protection Services for Networks Port authentication, path isolation, policy enforcement on network devices 802.1x, NAC, Domain isolation (IPSec), VLANs Content Protection Services Collaboration services with protection against inadvertent disclosure of files, documents and emails AD, Office, RMS, Titus Labs Data Protection Services Protection of data at rest DECRU, VSANS (Cryptainers) Watchdog Services Intelligent auditing, intrusion attempt detection, anomalous behavior reporting CS-MARS Component Descriptions

11 Demo Title Content Protection Services

12 Customer Title US Department of Veterans Affairs

13 US Veterans Affairs 250,000 users Experienced largest information security breach (26.5 millions records) Issued Request for Proposal: (low hanging fruit of the SISA architecture) “Classification of e-mail messages” “Easy to use, non-intrusive” “Interact with Windows RMS” “Deploy in 90 days”

14 Veterans Affairs Service Components Access Protection Services End-Device Lockdown and Health Network Protection/ Policy Enforcement Content Protection Services Data Protection Services WatchDog Services Network Path Isolation Application AuthN and AuthZ Document and File Encryption Application Lockdown Data at Rest Isolation and Encryption Intelligent Auditing

15 SISA Key Benefits Tiered approach that delivers multiple layers of security controls Commercial off-the-shelf infrastructure that takes advantage of current investments and skill sets Familiar user interfaces to speed training Authentication at the user, machine, and port levels Network admission control that applies policy-based admission criteria to each endpoint before allowing connection Encryption for stored and in-transit data Cryptographic segmentation of stored data for significant consolidation cost savings Access to stored data based on permissions set in Microsoft Active Directory Digital rights management of e-mail and attachments Security monitoring and reporting tools that provide pertinent, actionable information for managers

16 Where are We? CENTCOM functional prototype completed June 2006 NSA review completed January 2007 Working with SOCEUR for upcoming exercise Working on refresh of the architecture

17 Want to Know More? http://www.microsoft.com/industry/government/sisa.mspx

18

Download ppt "May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Putting Secure Information Sharing and Access Management Into Practice John Hewie Microsoft Canada Tim."

Similar presentations

Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.

Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
System Center Configuration Manager Push Software By, Teresa Behm.

System Center Configuration Manager Push Software By, Teresa Behm.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.

Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
© 2008 McAfee, Inc. “Endpoint” Security Defining the endpoints and how to protect them.

© 2008 McAfee, Inc. “Endpoint” Security Defining the endpoints and how to protect them.
Security and Policy Enforcement Mark Gibson Dave Northey

Security and Policy Enforcement Mark Gibson Dave Northey
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Information Security in Real Business

Information Security in Real Business
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.

Wireless Network Security. Access Networks Core Networks The Current Internet: Connectivity and Processing Transit Net Private Peering NAP Public Peering.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Module 2: Managing User and Computer Accounts

Module 2: Managing User and Computer Accounts

Similar presentations

Ads by Google