1 / 26

Active Firewall

Active Firewall. Use Port 23457. OK. Active FTP with Firewall. Passive FTP. Use Port 65432. FTP. FTP. FTP over SSL (FTPS). FTP over SSL (FTPS). FTP over SSL (FTPS). FTP over SSH Tunnel. FTP over SSH Tunnel. Secure FTP (SFTP). Secure FTP (SFTP).

ajaxe
Download Presentation

Active Firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Firewall Use Port 23457 OK

  2. Active FTP with Firewall

  3. Passive FTP Use Port 65432

  4. FTP

  5. FTP

  6. FTP over SSL (FTPS)

  7. FTP over SSL (FTPS)

  8. FTP over SSL (FTPS)

  9. FTP over SSH Tunnel

  10. FTP over SSH Tunnel

  11. Secure FTP (SFTP)

  12. Secure FTP (SFTP)

  13. FTP to SFTP Conversion (Vendor Solution)

  14. FTP to SFTP Conversion (Vendor Solution) • Common uses • Leveraging FTP already in place, but transitioning it to your SFTP knowledgeable partners

  15. PGP (Data at Rest)

  16. PGP (Data at Rest)

  17. FTP – All The Options

  18. Provisioning Identities Provisioning store LDAP DAP Who has access? What tools are going to be used? Centralized or decentralized Administration?

  19. Federation and Identities Kantara Initiative (formerly Liberty Alliance) http://kantarainitiative.org Uses SAML via SOAP message to deliver user credentials to internal and external partners

  20. Key Management issues Problem: Most large enterprise cannot manage Key infrastructure for FTPs or SFTP environments Thousands of machines and people exchanging data with no controls on Key infrastructure Every LINUX/Unix Machine has a OpenSSH server out of the box

  21. Universal Key Managers Problem: Most large enterprise cannot manage Key infrastructure for FTPs or SFTP environments Thousands of machines and people exchanging data with no controls on Key infrastructure

  22. How to mitigate Cloud Risk • Cloud Security Polices • Example is RHOST allowed on your virtual LINUX and UNIX servers • Do you conduct reviews of Cloud System security? • Have you run background checks on the parties that administer your applications? • Do you audit traffic?

  23. What to Audit Most Cant possibly capture all traffic Identify what is important to your organization Look for unusual patterns of traffic Have a way of reporting a incident in a timely fashion

  24. Encrypted or not you need to know Do you know what is leaving your shop? Yes you can Monitor encrypted traffic Can you prove the chain of custody of your Audit data? What do you do if you discover a breach?

  25. Cloud Security Summary Virtualization can repeat exposures Just because your provider says its secure don’t believe them - Audit Data and Transactions on The Mainframe – Mostly secure – Once data is in transit not so much Now how to Manage User Identity and how distributed cloud systems are provisioned Universal Key Management and how are users being Authenticated? Can you audit your environment so you can control of your data What is going out your door encrypted?

  26. Thank you! Lewis Bolla 914.741.1117 LBolla@ssh.com Dave Rivard 781-247-2107 DRIVARD@SSH.COM

More Related