Presentation is loading. Please wait.

Presentation is loading. Please wait.

“There is nothing more important than our customers” Jak zabezpečit sítě proti útokům zevnitř a přitom maximálně využít stávající infrastrukturu Michal.

Published byArchibald Owen Modified over 9 years ago

Similar presentations

Presentation on theme: "“There is nothing more important than our customers” Jak zabezpečit sítě proti útokům zevnitř a přitom maximálně využít stávající infrastrukturu Michal."— Presentation transcript:

1 “There is nothing more important than our customers” Jak zabezpečit sítě proti útokům zevnitř a přitom maximálně využít stávající infrastrukturu Michal Zlesák Area Sales Manager - Eastern EMEA michal.zlesak@enterasys.com

2 © 2006 Enterasys Networks, Inc. All rights reserved. Securing the Network starts with the Questions to Ask… Do you have a corporate IT security policy? How do you enforce your security policy? Can you identify a security breach occurring within the corporate infrastructure? How long does it take to identify an internal security breach? How long does it take to patch your entire environment on the discovery of a security breach? Do you have mobile users that connect to the corporate infrastructure, but also connect to the Internet through non- trusted and possibly non-secure locations (home, coffee shop, etc.)? Can your IT organization remove or quarantine anything on the network in a moment’s notice? What would a complete system meltdown cost your organization?

3 © 2006 Enterasys Networks, Inc. All rights reserved. The Capabilities of Secure Networks™ Access Control of users and devices on the network Establish and Enforce Policy for users and devices to protect the enterprise Detect & Locate security intrusions and anomalous behavior Centralized Command and Control Security Enabled Infrastructure distribution core data center wireless edge Advanced Security Application Proactive Prevention of attacks & compromises— everywhere, all the time Respond & Remediate identified security breaches

4 © 2006 Enterasys Networks, Inc. All rights reserved. Secure Networks – Visibility & Awareness 1.Detect & Assess End Device DMZ DATA CENTER DISTRIBUTION & CORE ACCESS VLAN User/Device Finance Voice VLAN Sales Ops Internet 1 Port 1

5 © 2006 Enterasys Networks, Inc. All rights reserved. Assessing Security Posture of connecting device 1.Device Detection ­Identify when a device attempts to connect to the network 2.Device Assessment ­Determine if the device complies with corporate security requirements ›“Device Health” e.g. OS patch revision levels, antivirus signatures definition ›Other security compliance requirements e.g. physical location, time of day 3.Device / User Authentication ­Verify the identity of the user or device connected to the network ­Identify location of end device. Detect and Assess End Device Detect and Assess End Device 1

6 © 2006 Enterasys Networks, Inc. All rights reserved. Secure Networks – Visibility & Awareness 1.Detect & Assess End Device 2.Monitor network and application flow behavior DMZ DATA CENTER DISTRIBUTION & CORE ACCESS VLAN User/Device Finance Voice VLAN Sales Ops Internet 1 Port 1 2

7 © 2006 Enterasys Networks, Inc. All rights reserved. Granular Control of Network Traffic Distribution Layer Access Layer Leveraging the full capabilities of policy architecture ­Central policy configuration and distribution ­Distributed policy enforcement points at the infrastructure access and distribution layer ­Per user / per device controls at the aggregation of non-policy enabled access layer ­Flow-based threat isolation and mitigation Core Policy Administration Policy Enforcement User/Device Access Control Protocol Filtering Undesirable Traffic Filtering Application QoS Per User Quarantine 2 Rate limiting – Prioritizing - Limiting resources

8 © 2006 Enterasys Networks, Inc. All rights reserved. Monitor Network and Application Flow Behavior Monitor Network and Application Flow Behavior Security Information & Event Management Traditional Network Performance Optimization ­Monitor network bandwidth behaviors ­Detailed application level flow collection with packet data ­All flows captured ›QFlow, NETFLOW, sflow, cflowd, Jflow 2

9 © 2006 Enterasys Networks, Inc. All rights reserved. Secure Networks – Visibility & Awareness 1.Detect & Assess End Device 2.Monitor network and application flow behavior 3.Monitor for threats in the infrastructure DMZ DATA CENTER DISTRIBUTION & CORE ACCESS VLAN User/Device Finance Voice VLAN Sales Ops Internet 3 Port 1 3 3 2

10 © 2006 Enterasys Networks, Inc. All rights reserved. Threat & Compliance Methods ­Signature Based Pattern Matching ›IDS/IPS looks for known patterns of malicious activity ›robust threat signature libraries ­Behavioral Anomaly Detection ›“suspicious or out of the ordinary” events ­Protocol Decoding ›IDS/IPS monitors for protocol anomalies and violations ­All common, Including VoIP protocols Layer 1 Layer 2 Layer 3 Layer 4 (UDP/TCP/ ICMP) IP Session Analysis Application Anomaly Analysis Signature Analysis Frame Capture Frame Filtering Basic security checks IP Options Logging IP Protocol Logging Header Verification and Analysis IDS Evasion Checking IP Fragment Reassembly & Event Logging IP Address Checks IP Header Values Retrieved/Checked/Stored TCP Analyze and Store header variables TCP Checksum verification TCP options verification and logging TCP flags verification and logging UDP Analyze and Store header variables ICMP ICMP Logging Backdoor Checks Data Collection for out of band processing Stream Reassembly Port Scan and Sweep Detection Pattern Matching in the IP Headers of IP TCP/UDP/ICMP Protocol Decoding Analysis Specific application security event analysis Generic Denial of Service testing Complex Signature analysis Case sensitive/insensitive searching with support for wildcarding of and character types 3

11 © 2006 Enterasys Networks, Inc. All rights reserved. Day Zero Attacks Forensics Protocol Analysis & Anomaly NIDS, HIDS IPS Anomaly Detection NetFlow J-Flow SFlow cFlowd QFlow Packeteer Flow Data Record Behavior Based Monitoring Pattern Matching NIDS, HIDS IPS Signature Based Monitoring Forensics Day Zero Attacks CORRELATION COMPLIANCE POLICY, FLOW Monitor for Threats in Infrastructure Monitor for Threats in Infrastructure 3

12 © 2006 Enterasys Networks, Inc. All rights reserved. Behavioral Flow Context Analysis Detailed Network Performance information ­Applications, Latency, Traffic flows Detailed view of attack before, during, and after the incident from a network flow perspective. ­Example: ›Backdoor ­SIM detects backdoor event ­Tells classification engine to monitor -Attacker is -Target is -Port is new -And found after -And Flow is Offenses are annotated with evidence ­Flow Context analysis has detected that attack successfully installed backdoor on target Flows Tagged and Correlated to Offenses 3

13 © 2006 Enterasys Networks, Inc. All rights reserved. Secure Networks – Visibility & Awareness 1.Detect & Assess End Device 2.Monitor network and application flow behavior 3.Monitor for threats in the infrastructure 4.Manage Security Information DMZ DATA CENTER DISTRIBUTION & CORE ACCESS VLAN User/Device Finance Voice VLAN Sales Ops Internet 3 Port 1 3 3 4

14 © 2006 Enterasys Networks, Inc. All rights reserved. Manage Security Information Manage Security Information Security Information & Event Manager (SIEM) ­Provides a shared view of the infrastructure ­Extensive 3 rd party Device Support ­Correlates seemingly disparate network and security events ­Links network behavior with security posture for compliance ­Satisfies IT’s convergence objective 4

15 © 2006 Enterasys Networks, Inc. All rights reserved. Reporting – For Operations & Compliance The value of reporting is that it enhances your businesses compliance posture Executive Level Reports ­High Level Enterprise wide or departmental Summary Reports Operational Reports ­Detailed Enterprise wide or departmental reports Wizard Driven ­Easy to use ­Build, edit, schedule and distribute reports Variety of Outputs and Graph Types ­XML, HTML, PDF, CSV ­Bar, Delta, baselines, Pie, Line, Stacked Bar……. Manage Security Information Manage Security Information 4

16 © 2006 Enterasys Networks, Inc. All rights reserved. Network Defense System Host IDS/IPS Network IDS/IPS Network Behavioral Anomaly Detection Events from 3 rd Party Firewall, VoIP Gateway, IDS/IPS, SIM, Vulnerability Assessment, Syslog, Application, Database, etc. J-Flow S-Flow Netflow Threatening subnet range, blacknet IP addresses, spyware sites, etc. Surveillance and Front Line Prevention Analytics Response Operations Center Dashboard (Human Response) Automated Security Manager (Automated Response) (SIEM - Security Information & Event Manager) Automated Security Reports Security Event Data External Threat Data Flow Data Policies Applied to Network Equipment EFP SEG

17 © 2006 Enterasys Networks, Inc. All rights reserved. Secure Networks – The Power of Visibility and Control 1.User Assessed and Authenticated through NAC 2.User attempts directed attack at critical server 3.IDS/IPS detects and drops lethal packets 4.IDS/ IPS forwards detected event to ASM 5.ASM Locates threat 6.ASM turns off access to port 7.NAC blacklists User from authenticating DMZ DATA CENTER DISTRIBUTION & CORE ACCESS VLAN PORT VLAN 1 Phone VLAN VLAN 2 Internet Port 1 1 2 3 4 5 6 7

18 © 2006 Enterasys Networks, Inc. All rights reserved. Secure Networks Advantages FUNCTIONADVANTAGE Policy-based networkingBeyond VLANs to user/application role for policy establishment and enforcement Identity & access managementAuthentication via MAC, WEB, 802.1x, multi-user access control Location-based networkingNode/Alias location services Threat detection & preventionIntegrated IDS/IPS, Anomaly Detection, and Network Access Control (NAC) Centralized command & controlGranularity beyond ports & VLANs to individual flows, devices and users Proactive preventionAgent and agent-less approaches to vulnerability assessment with quarantine and assisted remediation of the individual user Secure Networks understand how they relate to the business – who and what is connected, where they are, what they are doing, assures they can do what they need to do, and prevents them from doing harm

19 “There is nothing more important than our customers” Thank You

Download ppt "“There is nothing more important than our customers” Jak zabezpečit sítě proti útokům zevnitř a přitom maximálně využít stávající infrastrukturu Michal."

Similar presentations

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Chapter 12 Network Security.

Chapter 12 Network Security.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 6: Cisco IOS Threat Defense Features.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

Similar presentations

Ads by Google