220 likes | 321 Views
A Communications Security Approach for Uncertain Times. Salo Fajer Senior Systems Engineer. Security Incidents are Increasing. The number of reported Virus incidents has grown from 21,000 in 2000 to 130,000 in 2003
E N D
A Communications Security Approach for Uncertain Times Salo Fajer Senior Systems Engineer
Security Incidents are Increasing • The number of reported Virus incidents has grown from 21,000 in 2000 to 130,000 in 2003 • The worldwide cost of Worms & Viruses is now estimated at $180 Billion per year • The Corporate IT Forum (UK) calculates that each security incident cost £122,000 (~ $230,00) Total Vulnerabilities Reported to CERT Coordination Center 1995 - 2003 Source: Carnegie Mellon University • Reported Security Events have increased dramatically year over year • Unreported events are many times more than this number
The Security Management Challenge • Speed and effectiveness of internet viruses has improved dramatically in just 2 years • It is expected that massive Denial of Service will be possible in just minutes in 2005 and beyond
Escalating Concerns AreDemanding More of The Network Security INTELLIGENCE 21st Century Networking The 5C’s Consolidation Compliance Continuity Context Control Cost Traditional Networking Focus Capacity Connectivity
The Challenge Value Propositions Are Converging Threats Are Converging Viruses Worms Denial of Service Intellectual Property Theft Regulated Compliance Reputation Compliance Consolidation Control Context Continuity Capacity Connectivity Cost Make Security Pervasive Business Appliances Household Appliances Internet & Intranet Sub-Contractors Customers Visitors Suppliers Partners Storage Over IP Video Over IP Voice Over IP End systems Appliances Software Network Technology Is Converging Users Are Converging
The Security Incident Problem Space The goal of Secure Networks is to minimize the “problem space” Fast Detection Prevention Problem Space • Minimize Problem Space via • Granular control • Automated Response • Risk mitigation • End to end visibility Speed of Propagation / Speed of Response Response Slow Known Unknown Type of Attack
CORE POLICY Hacker VPN Secure Networks Built in system-wide security NetSight RSM Manager GLOBAL DISTRIBUTION POLICY NetSight Policy Mgr RoamAbout R2 IDENTITY DRIVEN Dragon Server DYNAMIC RESPONSE XSR1800 BRANCH OFFICE RoamAbout R2 REMOTE OFFICE NIDS CORE X-Pedition ER16 Matrix N7 XSR 3100 NIDS NIDS Matrix N7 Matrix N7 Matrix E1 HIDS
“Outside Threats” can Attack only on a Single Known Port “Inside Threats” can Attack onEvery Port in the Entire Network Internet “Inside Threats” Security Paradigm Shift Corporate Network Servers WAN Router Enterprise Switches
VPN Vulnerability of Present Day Networks VPN Firewall IDS Anti-Virus/Personal Firewall • CODE RED • SO BIG .F • NIMBDA • BLASTER • SLAMMER Branch/Remote Office INTERNET SOHO/ Mobile Office CORE DMZ Data Center
Secure DNA: Enterasys Product Offerings End-to-end product portfolio uniquely focused on building secure enterprise data networks VPN Firewall IDS Anti-Virus/Personal Firewall LAN EDGE LAN CORE NETWORK MANAGEMENT Dragon Server NetSight Atlas Policy Manager Inventory Manager Security Manager Console Matrix N-Series & E-Series NIDS X-Pedition Matrix N-Series & E-Series REMOTE & BRANCH LOCATIONS Standalone Matrix E-Series C & V-Series Matrix N-Series & E-Series LAN DATA CENTER X-Pedition Standalone Matrix E-Series C & V-Series VPN Matrix N-Series & E-Series WAN Stackable Matrix C & V-Series Branch XSR Stackable Matrix C & V-Series RoamAbout Wireless RoamAbout Wireless Regional XSR Servers NIDS
VPN Value of Enterasys Secure Networks VPN Firewall IDS Anti-Virus/Personal Firewall • CODE RED • SO BIG .F • NIMBDA • BLASTER • SLAMMER Branch/Remote Office INTERNET SOHO/ Mobile Office CORE DMZ Data Center
Challenges with Traditional Access Control ACLs are complex to configure, are tied to “interfaces”, and are typically “permit/deny” only* Servers “Blue” VLAN Core “Green” VLAN Distribution “Red” VLAN Edge Extended Edge VLANs are complex to configure and troubleshoot, and provide no protection within VLAN * Separate configuration is required for authentication, QoS, rate limiting, etc.
Enterasys’ Policy-based Network Overview Servers The foundation of Enterasys’ Secure Networks™ Core Distribution Policy Edge Dramatically reduces the time/resources required to implement infrastructure security (versus ACLs and VLANs) at the network edge Bill
Secure Networks™ Solutions • Acceptable Use Policy • A security policy solution for acceptable use of network resources • Secure Application Provisioning • A Role-based security policy solution for business application usage • Secure Guest Access • A security driven visitor networking solution • Single Sign-On • A consolidated user credential solution for network and application access • Dynamic Intrusion Response • An automated security response solution for identified threats to the enterprise network
Network Infrastructure A Process for Dynamic Intrusion Response • Introducing Dynamic Intrusion Response Quarantine Policy Creation – Central administration of a quarantine security policy role and distribution to the enterprise network infrastructure. NetSight Atlas™ Policy Manager Business Service Martix™ Access Device Location and Enforcement – The exact physical source of the security event is located, and the pre-defined response is enforced to the source network port. User Client System Intrusion Detection – A Security event that penetrates the network infrastructure is immediately identified. Response – The specific response for the security breach is enforced at the exact source (Disable port, enforce Quarantine policy, etc.) Dragon™ Intrusion Detection NetSight Atlas™ Console With Automated Security Manager Event Notification – The security breach event is passed to the Automated Security Manager application where pre-defined actions are configured.
Enterasys’ Flow Setup Throttling Servers Matrix N-Series is the Only Enterprise Switch based on a Flow-based Design Core Distribution Edge Matrix N-Series Flow Setup Throttling (FST) provides an alarm and then disables a port as a result of a spike in new flows caused by network threats
Solution: Dynamic Intrusion Response • Enterasys’ Dynamic Intrusion Response provides UNC with: • Sensors throughout the network to identify and alert UNC of any suspicious activity or intrusion • Centralized management to quickly apply security policies across the entire campus network with a single click • Role-based policy management to prevent unauthorized use of network resources by students, faculty and staff • A network that provides the highest level of security---without negatively impacting productivity • University of North Carolina, Chapel Hill Challenge: • Ensure high network availability and information assurance—campus wide—in the face of emerging known and unknown security threats • UNC needs to provide continuity to support a complex user community of students, faculty and staff. It also required the control and context to identify any suspect user, application or device, and quickly isolate the problem before it affects the rest of the network Secure Network Requirements: • UNC’s network must be able to handle the outbreak of various viruses and worms (e.g., Blaster and Slammer) through centralized management and real-time intrusion defense to minimize downtime, protect assets and ensure users have access to the appropriate resources Enterasys Solution: • When the Blaster worm hit, Dynamic Intrusion Response alerted UNC of the attack and enabled them to quickly apply Layer 4 filters to the edge, containing the threat before it spread – realized through Matrix N-Series switches – Dragon intrusion defense system – NetSight Atlas management Value Impact:
Total Visibility Secure Network Attributes Deployable Today Across Entire Product Line • - People- Security Events • - Network • Identity & Context Intelligence • - Who, What, When, Where, Why? • Distributed Policy Enforcement - Users, Devices, Departments, Protocols, Applications • Centralized, Granular Control • - Deploy and Enforce Security Policy Throughout Enterprise • Open Interoperability • - Standards based • Single Action System-LevelManagement • - Simple Management of Complex Tasks • Dynamic Response and Protection • - Automated Assessment, Detection, Response and Prevention • - Entire network infrastructure • - Complements existing security measures