Download Network Perimeter Defense

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
Document related concepts

Deep packet inspection wikipedia , lookup

Unix security wikipedia , lookup

Wireless security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Mobile security wikipedia , lookup

Network tap wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Computer security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Distributed firewall wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Network Perimeter
Defense
Josef Pojsl, [email protected]
Martin Macháček, [email protected]
Trusted Network Solutions, Inc.
tns
Traditional techniques
• IP filtering gateways
• Proxy gateways
• Combinations (defense in depth)
Internal Network
Internet
tns
Perimeter expansion
Increased bandwidth
• Remote offices
• Telecommuters
• Roaming users
• Partners
Technology
• Cryptography
• VPNs
Internal Network
Internet
Internal Network
tns
Role of communication
• Growing dependence
on IT systems
• Paperwork replaced
with electronic data
As a consequence
• Greater potential of
attacks and
vulnerabilities
• Data integrity attacks
• Harder detection
• Automation
• Complexity
Technology
• Cryptography
• Content scaning
• Intrusion detection
• Vulnerability
scanning
tns
Complexity
Internal Network
Internal Network
Firewalls
Intrusion Vulnerability
detection scanner
Content
scanner
Internal Network
VPNs
Internal servers
Internet
Public servers
tns
Risk Assessment
Risk factors
• Worth
• Attraction
• Threat
• Vulnerability
• Probability
Countermeasures
• Prevention
• Detection
• Reaction
High-risk environments: risk factors are
relatively high
tns
Security processes
Every day
• New processes are
being transformed
into electronic forms
• New vulnerabilities
and patches emerge
• Event logs must be
analyzed
• Appropriate actions
must be taken
• Etc.
As a consequence
• Security is a
process
• Services serve
better than products
• Expert teams
specialized in
security are needed
• Some processes
may be (internally)
outsourced
tns
Fighting complexity
Minimalism
Modularity
• Rarely used in
software design
• Unusual parameter
combinations
• Number of
interactions
• Modules are more
easily verifiable
• Well-defined
interfaces between
modules
• Minimal design
• Customization
tns
Event logging
• Full, fine-grained event logs are vital
for detection
• Easy to process, human readable
• Log analysis: statistics, expert
systems, manual
Audit Logs
tns
Open architecture
• Not necessarily open-source
• Source code serves for
–Verification
–Documentation
• No “security through obscurity”
• No “breakthroughs”
• Compliance with open standards
tns
Conclusion
Design principles to follow when building
network security defense in high-risk
environments
Processes,
not solutions
Thorough
audit trails
and log
analysis
Minimalism
Modularity
Open
architecture
Expert
teams
Outsourcing
tns
Related documents
PPT Presentation - Digital Media Conference
PPT Presentation - Digital Media Conference
The Natural Step
The Natural Step
AP Biology – Evolution – Unit 7 Study Guide Contrast microevolution
AP Biology – Evolution – Unit 7 Study Guide Contrast microevolution
Cosmetic Center - Dermatology Associates of the Tri
Cosmetic Center - Dermatology Associates of the Tri
REQUEST FOR DNA TEST FOR TNS
REQUEST FOR DNA TEST FOR TNS
Tns (H-300): sc-28542 - Santa Cruz Biotechnology
Tns (H-300): sc-28542 - Santa Cruz Biotechnology
2. Beating the Brain Game
2. Beating the Brain Game
description benefits directions key ingredients tns illuminating eye
description benefits directions key ingredients tns illuminating eye
Teacher - Militant Grammarian
Teacher - Militant Grammarian
Creating a Common Understanding of Sustainability
Creating a Common Understanding of Sustainability
Plasma densities from spacecraft potential
Plasma densities from spacecraft potential
Giga-Mining
Giga-Mining