170 likes | 349 Views
Total BS Security: Business-based Systems Security. Jim Litchko jlitchko@erols.com (703) 528-0334 ext. 310. Presentation. An Approach Business and Holistic Attitudes Ours and Theirs Solutions Case Studies Opinions Mine Questions Anytime. Internet or other. Clients.
E N D
Total BS Security: Business-based Systems Security Jim Litchko jlitchko@erols.com (703) 528-0334 ext. 310
Presentation • An Approach • Business and Holistic • Attitudes • Ours and Theirs • Solutions • Case Studies • Opinions • Mine • Questions • Anytime
Internet or other Clients Partners Typical Evolving Network Corporate System
“Secure Brick” Theory Operations Security Manager Profit Loss Demand Supply
Approach . . . talk about their business • What is your business? • Services and products • How do you operate? • Processes for selling and providing • Who does what? • Responsibilities and information flow • How do you measure success? • Customer satisfaction, profit, market share, etc. • What is your system’s architecture? • Components, connections, capabilities, and cultures
Internet or other Clients Partners Business/ Security Requirements Transaction System Promotional Web Server Availability Confidentiality Integrity Authentication Integrity 82% required no additional security products Availability Browser Impatient Service System ? Productivity Confidentiality Visibility
Attitudes and Perceptions: • Sailor-on-liberty Philosophy • I want it fast, free and friendly • Security only costs money • True, but . . . . • The most secure solution has • best GUI • largest market share • relationship and trust • Transparent to the user • Accept when . . .
Attitudes and Perceptions: • Sailor-Proof • If it is to hard they will find away around it • KISS Principle • Education is the best bang for the buck • Increases ownership for solving security problems • SNMP is the standard • Not a smoking gun . . . . a bleeding wound is needed. • What is the aspirin for security: • firewalls, VPN, PKI, IDS, . . . . . .? • Technology will solve all of our problems! • Email monitoring problem solution was policy.
Which Authentication is best? • Password? • Time-based? • Challenge and Response? • Event-based? • Biometrics? • Public Key? • VPN? • IDS?
Problem • Subscription Information Service Provider • Web site distribution • Computer illiterate users • Sharing passwords • $40,000 loss per month • What is the solution?
Security and Business Math Profit: Loss: Net: Before $ 50B $ 4.5B $ 46.5B After $ 50B $ 1.0B $ 49.0B Better Idea? $ $ $
Promotional Web Server Firewall Firewall Internet or WAN Read Only Clients Firms Transaction System Support Operations
Promotional Web Server Firewall Internet or WAN Read Only IP Encryption Clients Firms Transaction System IP Encryption Support Operations
Promotional Web Server IP Encryption Firewall Internet or WAN Read Only IP Encryption Clients Firms Transaction System SSL Encryption Support Operations
Promotional Web Server IP Encryption Firewall Internet or WAN Read Only IP Encryption Clients “In God we trust. Everyone else we monitor.” SSL Encryption Intrusion Detection Systems and Assurance Testing
Promotional Web Server IP Encryption Firewall Internet or WAN Read Only IP Encryption Clients Firms What business is this? Transaction System Surf Backups SSL Encryption Backups Web Filter Backups Support Operations
Summary • Based security on business first • Practical solutions, not just technical • Security is a business risk