Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jericho Commandments, Future Trends, & Positioning.

Similar presentations


Presentation on theme: "Jericho Commandments, Future Trends, & Positioning."— Presentation transcript:

1 Jericho Commandments, Future Trends, & Positioning

2 Fundamentals 1. The scope and level of protection must be specific and appropriate to the asset at risk  So as to add flexibility to meet new business requirements and increase speed of deployment  Central protection decreasing in effectiveness  Boundary firewalls might protect the network, but individual systems and data need their own protection 2. Security mechanisms must be simple, scalable and easy to manage  Unnecessary complexity is a threat to good security  Small things will need to interoperate with large things  Must support chunking/lumping

3 Surviving in a hostile world 3. Devices and applications must communicate using open, secure protocols  Assume eavesdropping, overlooking, injection  Security CIA requirements should be built in to protocols, not add-on  Encrypted encapsulation doesn’t solve everything 4. All devices must be capable of maintaining their security policy on an untrusted network  must be capable of surviving on the raw Internet  “Security policy” = CIA status

4 The need for trust 5. All people, processes, technology must have declared and transparent levels of trust for the transaction  Clarity of expectation  No surprises  Trust level may vary by location, transaction 6. Mutual trust assurance level must be determinable  Devices and users must be capable of appropriate levels of (mutual) authentication for accessing systems and data

5 The need for mutual authentication 7. Authentication must interoperate / exchange outside of your locus of control  Must be capable of trusting an organisation, which can authenticate individuals or groups – no need to create separate identities  Only need one instance of person / system / identity, but can also support multiple instances

6 Finally, access to data 8. Access to data should be controlled by security attributes of the data itself  Could be held within the data (DRM) or could be in separate system  Could be implemented by encryption  Some data may have “public, non-confidential” attributes 9. By default, data must be appropriately secured both in storage and in transit  Removing default is conscious act  “Appropriate” also allows some data to not need securing, must not enforce high security for everything 10. Assume context at your peril

7 11. Deperimeterisation is inevitable  It will happen in your corporate lifetime  Therefore you need to plan for it  Therefore you need a roadmap  And JF has generic roadmap

8 Trust level  Untrusted  Trust the protocol  Trust the person/process  Trust the environment  Full trust Risk Level  No Risk  Low Risk  Medium Risk  High Risk Transactional Capability  Public information – view only  Restricted information – view only through to  High value information  High value transaction

9 Security Protocols SecurePoint Solution (use with care)  AD Authentication Use & Recommend  SMTP/TLS  AS2  HTTPS InsecureNever Use (Retire)  NTLM Authentication Use only with additional security  SMTP  FTP  TFTP  Telnet  VoIP ClosedOpen Secure Insecure Closed/ProprietaryOpen Stop/Retire (Now!) e.g. NTLM Authentication Use only with additional security (force disuse of ‘security’ features) e.g. SMTP, FTP (use TFTP), TELNET, VoIP, … Point Solution Use with Care! e.g. AD Authentication Use and Recommend e.g. SMTP/TLS AS2 (EDI/HTTPS) HTTPS, WPA2

10 Buy, Hold and Sell SystemsTechnologyArchitecture Buy (Invest)Trusted Computing  Inherently Secure Protocols  De-perimeterised architectures Hold (Watch)NAC  IPSec Sell (Retire)Perimeter IDS  Proprietary protocols  Perimeter Security Boundary

11 Corporate Roadmap Anti-Malware Ext. Scan Int. Scan SMTP/TLS & ML Virtual Proxies / IFR DRM Fed. Identity Trusted Computing Inherently Secure Protocols Virtual Secure Services Secure Internet Working Firewalls Ext. Scan Int. Scan SMTP/TLS & ML Shrunken Intranet Virtual Proxies / IFR DRM Fed. Identity Trusted Computing Inherently Secure Protocols Virtual Secure Services Anti-Malware Firewalls Corporate Boundary Anti-Virus Anti-Spam IPSec VPN Ext. Scan Int. Scan SMTP/TLS & ML Shrunken Intranet Fed. Identity Virtual Proxies / IFR DRM Firewalls Corporate Border Anti-Virus Anti-Spam IPSec VPN Proxies/IFR Ext. Scan Int. Scan SMTP/TLS & ML Shrinking Intranet DRM (Partial) Fed. Identity (Partial) Firewalls Corporate Border Anti-Virus SMTP/ML Anti-Spam IPSec VPN Proxies/IFR Ext. Scan Int. Scan Key Components Additive by Generation 60% Adoption20052006200720082009 Key Obsoleted Technology Proxies / IFRCorporate Boundary Firewalls

12 Vendors Customers Desired Future State Standards and Solutions Customers Vendors Work Types Needs Principles Strategy White Papers Patterns Use Cases Guidelines Standards Solutions Workflow


Download ppt "Jericho Commandments, Future Trends, & Positioning."

Similar presentations


Ads by Google