Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Authentication wikipedia , lookup
Access control wikipedia , lookup
Computer security wikipedia , lookup
Mobile security wikipedia , lookup
Security-focused operating system wikipedia , lookup
Deep packet inspection wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Network tap wikipedia , lookup
Wireless security wikipedia , lookup
Unix security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Information Security Overview of Technologies & Solutions Information Security Introduction The Enterprise Network Defense in Depth What to protect against? Technologies & Solutions Perimeter Technologies Internal Technologies Consulting Audit, Implementation & Support Introduction The security of your network is evaluated daily, the question is… “Are you the one doing it?” Introduction Good Information Security provides; Data confidentiality Data integrity Ensure that no data is disclosed intentionally or unintentionally Ensure that data is not modified by unauthorized personel, that no unauthorized changes are made by authorized personel, and that data remains consistent, both internally and externally Data availability Provide reliable and timely access to data and resources The Enterprise Network Branch Office Corporate HQ IP Communication LAN Telecommutor Wireless Access Public Internet Security Enforcement ISP Router Secure Gateway Firewall SOHO Internal Servers Corporate Data Secure Gateway DMZ Services Defense in Depth How? Secure the perimeter Secure the internal network Account for the human factor Using a layered approach: Increases an attacker’s risk of detection Reduces an attacker’s chance of success Defense in Depth Data Application Host Internal Network Perimeter Physical Security Policies, Procedures, & Awareness ACL, encryption Application hardening, antivirus OS hardening, update management, authentication Network segments, IPSec, NIDS Firewalls, VPN quarantine,… Guards, locks, tracking devices User education against social engineering Network Security Network Security – focus on perimeter and Internal Network solutions Internal Network Perimeter Network segments (VLANs), IPSec, NIDS, Network Access Protection, … Firewalls, VPN, NIDS, AntiSpam, … Why do we need Network Security? First look at what you need to protect Data (company resources) Services (applications or their individually accessible parts and the people using them) Protect against what? Malware (Viruses, Spyware,…) Spam (“Steals” resources and productivity) Hackers (Network penetration, defacements, DoS Attacks,…) Internal Users (Unauthorized access,…) … Common Threat Classification Network Host Threats against the network Spoofed packets, etc. Threats against the host Buffer overflows, illicit paths, etc. Threats against the application SQL injection, XSS, input tampering, etc. Application Examples of Network Threats Threat Information gathering Examples Port scanning Using trace routing to detect network topologies Using broadcast requests to enumerate subnet hosts Eavesdropping Using packet sniffers to steal passwords Denial of service (DoS) SYN floods ICMP echo request floods Malformed packets Spoofing Packets with spoofed source addresses Typical Pattern of an Attack Enter the network through SQL Injection etc. Install or use port proxy software to open inbound connections Remotely control the host to mount further attacks from inside until a domain controller is accessible Gain control of the desired resources Erase traces of attack and remove installed software How to protect yourself? Technologies & Solutions Secure the perimeter Secure the internal network Perimeter Technologies Firewall (Packet Filter, Stateful, Proxy) Intrusion Detection System (IDS, IPS) Virtual Private Network (IPsec, SSL) Anti-Spam (Mail relay, AV) Anti-Spyware (URL filtering, AV) Anti-Virus Firewall – Static Packet Filter Every router is a static packet filter (including your ISP router) First incoming and last outgoing layer of your network security Faster at screening traffic than stateful or proxy firewalls But no knowledge of “state” thus less secure than most common firewalls Firewall – Stateful Most common type of Firewall today Keeps track of “state”, blocks traffic that is not in its table of established connections Slower at screening traffic than packet filter, but more secure Firewall - Proxy Most advanced, least common type of Firewall (is also a stateful firewall) Higher degree of security because internal and external hosts never communicate directly Examines the entire packet to ensure compliance with the protocol that is indicated by the destination port number Firewall – Basic theory of operation Intermediate Network (DMZ) Connection allowed External Network (Internet) Internal Network (LAN) Connection refused Firewall Divides your internal network from an external network (usually Internet) If the incoming connection is an “answer” to an outgoing connection, the connection is allowed, if not, the connection is dropped. (Stateful) Most firewalls have DMZ functionality, allowing you to further divide your network in order to supply some “Internet faced services” to your users. Firewall Solutions Juniper (Formerly NetScreen) Check Point Firewalls – Juniper Integrated Firewall/IPSec VPN NetScreen 500/200/50/25/XT/GT/HSC Solution includes Stateful Inspection (Perimeter defense) Deep Inspection (Application-Level Protection) Built-In Antivirus (Protects remote locations) Web filtering (Prevent inappropiate web usage) Secure Remote Acces (IPsec VPN – Secure Client) Firewalls – Check Point Firewall FireWall-1 Solution includes Comprehensive application protection Industry-leading management High performance Other Technologies So if we buy a Firewall we are safe?! Why NOT? Weaknesses in TCP/IP suite IP Address Spoofing Covert Channels IP Fragments Attacks TCP Flags SYN Flood Connection Hijacking … Intrusion Detection System Gateway Intrusion Detection System A network intrusion detection system which acts as a network gateway Designed to stop malicious traffic and generate alerts on suspicious traffic An “ideal” gateway IDS is able to stop all known exploits GIDS vs NIDS (Placement) GIDS Acts as network gateway Stops suspect packets Prevents successful intrusions False positives are VERY bad NIDS Only observes network traffic Logs suspect packets and generates alerts Cannot stop an intruder False positives are not as big of an issue IDS – Basic theory of operation DMZ IDS Internet LAN IDS Firewall IDS Much like a bridging firewall, IDS makes forward/drop decisions… -This packet is always good so pass it into my network. -This packet is always bad so drop it and tell me about it. -This packet is sometimes bad so tell me about it, but don't drop it. IDS Solutions Juniper Check Point IDS – Juniper IDS – IPS NetScreen-IDP 10/100/500/1000 Solution includes Eight different detection methods are used to protect the network from network, application and hybrid attacks Understands state to pinpoint exactly where an attack can be perpetrated and only look there Ability to define a response action in the rulebase for detected attacks Sub-second Stateful-failover between Juniper Networks devices without losing sessions Enables closed loop investigation, linking directly from the log to the rule that triggered it and the session's packet capture IDS – Check Point IDS - IPS IntruShield Solution includes Unprecedented flexibility of IDS deployment, including inline, tap, and span modes to suit any network security architecture Thorough analysis of traffic at multi-gigabit rates that builds and maintains traffic state information and performs comprehensive protocol analysis. Intelligent detection of known, unknown, and DoS attacks using a combination of signature, anomaly and DoS detection techniques. Proactive capability to stop in-progress attacks coupled with a rich set of alerting and response actions. Powerful capability to set multiple, highly granular, custom intrusion policies within a single sensor. VPN A Virtual Private Network is a service that offers a secure, reliable connection over a shared public infrastructure such as the Internet. Two main types; Remote Access Site-to-site Two main technologies; IPsec (and L2TP) SSL VPN – Remote Access Secure Remote Access for mobile users and/or home office. Using a secure software client or hardware device for IPsec, or a webbrowser for SSL based VPN If you able to connect to the Internet, you are able to connect to the corporate network VPN – Site-to-Site Valid replacement for leased lines and Frame Relay connections to connect different sites. Using specialized VPN devices or built-in into a firewall If both your sites have Internet connectivity, they can be connected using VPN VPN – Basic theory of operation Site-to-Site VPN VPN Tunnel Remote Access A VPN tunnel is setup using a secure client or SSL capable webbrowser, all data send through the tunnel is encrypted, the packets can still be captured, but if they are they are encrypted. VPN - IPsec Usually employs custom software at each of the endpoints – the device and the client Normally utilizes OSI Layer 3 Protocols (AH – ESP) Authentication Header provides two-way device authentication (implemented in hard- or software) Encapsulation Security Payload protocol provides data encryption (3DES, AES) VPN – SSL Employs Webbrowser at the client side and a device at the corporate side SSL is an network Layer Protocol SSL uses Certificates to prove the identities of both endpoints All trafic is encrypted using a shared key and a negotiated encryption algorithm (3DES, AES) VPN Solutions Juniper Check Point VPN – Juniper IPsec VPN Solution includes Secure client enables adherens to security policy SSL VPN Built-in to firewall range of products NetScreen-RA 500, NetScreen-SA 1000/3000/5000 Solution includes Secure access for remote/mobile employees, with no client software required Secure LAN, intranet, and extranet access for employees, business partners, and customers Hardware-based SSL acceleration Hardware-based HTTP compression Dynamic access privilege management, with three access methods VPN – Check Point IPsec VPN Solution includes Simple VPN deployment Highest level of security Easy-to-use centralized management Unparalleled performance High availability SSL VPN VPN-1, VPN-1 Edge, VPN-1 VSX SSL Network Extender Solution includes Network-level connectivity over SSL VPN Support for all IP-based applications Combined IPSec and SSL VPN solution Integrated with Check Point VPN-1 Anti-Spam (Spam Firewall) Acts as a mailrelay server – accepts incoming mail, scans the content and forwards the mail to the back-end mailserver. Usually in combination with an Antivirus scanning engine to deliver spam- and virus-free e-mail. Prevents direct access to your e-mail server Anti-Spam (Spam Firewall) Web Mail Anti-Spam Firewall DMZ Internet LAN E-Mail Server Anti-Spam – Basic theory of operation E-mail is delivered to the Spam Firewall E-mail is checked against IP Block Lists, Antivirus scanning is performed, user rules are applied, spam fingerprint, intention analysis, Bayesian analysis and rule-based scoring checks are performed Clean E-Mail is relayed to internal mailserver Anti-Spam Solutions Barracuda Trend Micro Anti-Spam – Barracuda Anti-Spam Firewall Outbound Mode 200/300/400/600/800 200/300/400/600/800 Solution Includes Spam Filter Content Based Filtering Bayesian Algorithms Denial of Service Protection Anti-Spoofing Anti-Phising Virus Filter Dual-Layer Virus Blocking Decompression of Archives File Type Blocking Anti-Spam – Trend Micro Anti-Spam Spam Prevention Solution (SPS 2.0) Solution includes Advanced Filtering, Analysis, and Updating Capabilities Comprehensive Reporting and Auditing Dynamic, Flexible Heuristic Technology Ease of Administration and Configuration High Performance and Scalability Seamless Integration with Antivirus and Content Security Offerings Anti-Spyware (Gateway) Gateway device to stop spyware installations, block spyware sites and scan for spyware signatures Some solutions can detect spyware on user desktops and target them for cleaning Usually combined with Antivirus solutions Anti-Spyware – Basic theory of operation LAN Internet Firewall Spyware & AV Proxies Clients If a user requests access to a website, the device checks if the site is listed in the known spyware sites list, if not the request is proxied. The content of the requested site then is scanned for spyware (and viruses) if the content is Spyware and virus free it is delivered to the client, if not it is dropped. Anti-Spyware Solutions BlueCoat Barracuda Anti-Spyware – BlueCoat Anti-Spyware Spyware Interceptor ProxySG + ProxyAV Solution includes Easy, affordable, and effective spyware prevention Automatically updates spyware profiles, policies, and prevention techniques. Backed by world-leading experts in web proxy performance and security at Blue Coat Labs™ Anti-Spyware – Barracuda Anti-Spyware Spyware Firewall 210/310/410 Solution includes Stops spyware downloads (including drive-by downloads) Stops virus downloads Blocks access to spyware websites Detects spyware access to the Internet Facilitates spyware removal Website Category blocking Content Inspection Flexible Policy Enforcement Antivirus (Gateway) Provides Internet gateway protection against viruses (http, ftp, smtp traffic) If combined with internal antivirus solution provides dual layer protection (different vendors) Usually a combination of AntiSpyware, Anti-Virus and Anti-Spam on the gateway Anti-Virus (Gateway) – Basic theory of operation LAN Internet Firewall Spyware & AV Proxies Clients Requested webcontent is scanned with antivirs engine on the proxy server Clean content is delivered to the clients. Anti-Virus (Gateway) – Solutions Trend Micro BlueCoat Anti-Virus – Trend Micro Anti-Virus Interscan Web Security Suite Solution includes Comprehensive Web Security Leading Virus Protection Anti-phishing Anti-spyware URL Filtering Module Scalable and Flexible Centralized Management and Coordination Anti-Virus - BlueCoat Anti-Virus ProxySG with Web Virus Scanning Solution includes Visual Policy Manager Policy processing engine Custom splash pages Content stripping ProxyAV integration ICAP server integration Auto sense settings Internal Technologies LAN security using “perimeter” devices Network Access Protection Network segmentation (VLANs) Strong Authentication Malware protection WLAN security LAN Security using perimeter devices Ingress and egress filtering on every router Internal firewalls to segregate resources Proxies to enhance performance and security IDS sensors to function as “canaries in a coal mine” and monitor the internal network Network Access Protection Provides endpoint security for access to your LAN. Make sure every device complies to your corporate access policy before LAN access is allowed Prevents “rogue” devices from accessing your network Network Access Protection – Basic theory of operation Client device request access to the network (cable is plugged in) A policy compliance check is performed by a device/server to see if the client has the necessary access rights (802.1X) and the required Anti-Virus en Operating System updates. If the client complies to policy access to the network is allowed If the client does not comply, the client is placed in a quarantine network section and updated to comply to the corporate policy Network Access Protection - Solutions Check Point Network Access Protection – Check Point Network Access Protection Total Access Protection Solution includes VPN Remote Access Policy Enforcement Web Remote Access Policy Enforcement Internal Policy Enforcement with 802.1Xcompatible Gateways Rogue Access Prevention with 802.1xcompatible Gateways Internal Policy Enforcement with InterSpect Standalone Enforcement Network Segmentation (VLANs) Divide (Virtual LANs) your physical network in several logical entities to prevent unauthorized access to certain parts of you LAN VLAN membership based on identity (802.1x) Increase security and tracebility in your local network VLANs – Basic theory of operation VLAN 1 VLAN 2 802.1X & VLAN capable switch VLAN 3 VLAN capable switch divides your LAN into segments only, access rules define whom can access which other segement of your network. Membership to a VLAN can be based on identity of the device that requests Access (802.1x) Network Segmentation – Solutions HP ProCurve Nortel Network Segmentation – ProCurve Network Segmentation Identity driven management Dynamic VLANs Solution includes Access Control – Based on users’ business needs. Access Rights – Not only based on the individuals and their group associations, but also day, time and location. Policy Enforcement – On a per-user, persession basis. Network Segmentation – Nortel Network Segmentation Dynamic VLAN assignment Solution includes Strong Authentication Traditional static password are insecure, if you can “guess” someones password you have access. Strong Authentication requires you to both have something (Token – fingerprint, ect) and know something (pin code – password) Information on Token is encrypted for added security Can be used for computer logon, singlesign-on, secure remote access Strong Authentication – Solutions SafeWord Vasco ActivCard Strong Authentication – Safeword Strong Authentication Solution includes Strong Authentication – Vasco Strong Authentication Solution includes Strong Authentication – ActivCard Strong Authentication Solution includes Malware protection Corporate Managed Antivirus and Anti-Spyware solutions Malware Protection – Solutions Trend Micro WLAN security Secure Access to you corporate LAN Defend against “rogue” Access Points Identity based Wireless Access Usage of strong encryption and key exchange protocols WLAN Security Pre-802.11i security (WPA) as a replacement to the insecure WEP model Includes TKIP (Temporal Key Integrity Protocol) and 802.1x (identity) protocols Security Consulting Services Audit, design, implementation and support of your secure networking infrastructure Customized training based on implemented solutions or at customer request Coaching of IT division when selecting and implementing security solutions