Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP.

Published byBritney Moody Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP."— Presentation transcript:

1 Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP Conference on Security and Protection Of Information 10 May 2001 Efficiency Security Morale Threat w/ Global Reach

2 Information Assurance Program Manager U.S. Army Europe and Seventh Army Agenda Network Setting Current Network Defenses Challenges Road Ahead Conclusions

3 Information Assurance Program Manager U.S. Army Europe and Seventh Army UK(2) Balkans(6) Setting: USAREUR NIPRnet ca. 50,000 systems in 2,000 LAN over 200 public websites 35 Gateways to... - Department of Defense networks - the Internet Wide Area Network managed and secured by 5 th Signal Command Regional Campus Area Networks serviced by six Signal Bns Local Area Networks often operated by individual military units Non-classified Internet Protocol Routed Network (NIPRnet)

4 Information Assurance Program Manager U.S. Army Europe and Seventh Army Setting: Security Implications Internet Connectivity +Essential for logistics (commercial purchases) +Desirable for soldier morale and welfare –Exposes network to exploitation, viruses, and hackers Decentralized management (LAN) +Services are tailored to individual unit needs +Commanders balance their mission and risk –Consistent compliance with security policies is hard to ensure –Network is as secure as the weakest link Threat w/ Global Reach

5 Information Assurance Program Manager U.S. Army Europe and Seventh Army Knowledgeablepeople Bite-sized Policies - keep up with dynamic environment - established by a Council of Colonels - guide network, server, and user-level actions IA Vulnerability Alerts (IAVA) - warn of weaknesses is operating systems - mandate acknowledgement and compliance with fixes IA Training Program (IATP) - Two-four weeks of network, security fundamentals - Systems Administrators, others w/ elevated rights Computer User Testing and Agreement - Must pass to have email/network account - A security awareness tool Data Network Protection 1 – Policy and Program Common Security Standards

6 Information Assurance Program Manager U.S. Army Europe and Seventh Army UK(2) Balkans(6) Data Network Protection 2 - Perimeter at the 35 Gateways... Security Routers block: - known hacker tools - unused/unauthorized services - selected geographic regions - previous sources of probes Intrusion Detection Systems: - monitored 24hrs/7days - DETECT dangerous activity Regional Computer Emergency Response Team-Europe (RCERT): - REACT to isolate / mitigate damage - teamwork with units, CID, CI Some Hacker Threat Blocked Some Minimize Exposure

7 Information Assurance Program Manager U.S. Army Europe and Seventh Army Further Reduce Exposure Gateway Critical Servers Client PC Customer Routers & Firewalls Data Network Protection 3 – Campus & Local Area Network Tools FocusedProtection Tailored Access Control Lists Strict Configuration Management - secure baselines provided by RCERT - compliance with all IA Vulnerability Alerts Firewalls and Virtual Private Networks: - RCERT assists planning and initial installation and configuration Host-based Intrusion Detection Regular Anti-virus and Vulnerability Scans Basics: Certification and accreditation; strong passwords; up-to-date anti-virus; no back-door connections; only approved software, etc.

8 Information Assurance Program Manager U.S. Army Europe and Seventh Army Network Protection Challenges Configuration Control Hard to do Units are inconsistent in meeting standards Hackers exploiting known vulnerabilities with identified fixes Application of IA Tools Limited progress below the network perimeter Most units have not yet made plans to add them Not enough experts if all units requested them now Not enough personnel resources for all IT/IA tasks; Inadequate inspections and checks on units; Anticipated network growth demands even more of decentralized security capability

9 Information Assurance Program Manager U.S. Army Europe and Seventh Army Road Ahead: Simplified Configuration Compliance Make secure baselines easier to apply Provide matrices of known vulnerabilities by operating system and application – together with sources of fixes and ways to verify Develop automated tools to assist units to securely configure new systems and check their own compliance with our standards OS App Win2kWin NTSolaris Work Station Exch Server Web Server Load Test

10 Information Assurance Program Manager U.S. Army Europe and Seventh Army 22 Network Service Centers - focus on Local Area Networks - help units apply security tools, identify vulnerabilities 6 Network Ops & Security Centers - manage Campus Area Networks - support warfighting headquarters - visibility into network security status - enforce security compliance Full-time IA specialists in most centers, bringing security together with Network Management and Info Dissemination Management Information Dissemination Management Information Assurance Network Management Road Ahead: Regional Network Operations

11 Information Assurance Program Manager U.S. Army Europe and Seventh Army Conclusions For network security – just like combat – large organizations require decentralized decisions and actions, but common vision and standards: –Network security specialists available in all areas of the organization –Security standards that are simple to meet (not to be confused with simple standards) –Checks to enforce common standards Network Security must be embedded in network operations

Download ppt "Information Assurance Program Manager U.S. Army Europe and Seventh Army Information Assurance in Large-Scale Practice International Scientific NATO PfP/PWP."

Similar presentations

Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Information Assurance Efforts at the Defense Information Systems Agency & in the DoD Richard Hale Information Assurance Engineering Defense Information.

Information Assurance Efforts at the Defense Information Systems Agency & in the DoD Richard Hale Information Assurance Engineering Defense Information.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 12 Network Security.

Chapter 12 Network Security.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.

The Way Ahead for Information Systems Security: What You Don’t Know Can Hurt You Christopher Baum Research Vice President Global Government NYSCIO Conference.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Information Security in Real Business

Information Security in Real Business
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Network security policy: best practices

Network security policy: best practices

Similar presentations

Ads by Google