1 / 59

Network Security 101

Network Security 101. TippingPoint Team Stuart Hatto Spring 2014. What is an IPS???. From the source of all knowledge…. OR more simply put…. IPS. Traffic minus known threats continue. All traffic goes in. Lets greet a HP TippingPoint IPS.

lesley-finley
Download Presentation

Network Security 101

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security 101 TippingPoint Team Stuart Hatto Spring 2014

  2. What is an IPS???

  3. From the source of all knowledge…

  4. OR more simply put… IPS Traffic minus known threats continue All traffic goes in

  5. Lets greet a HP TippingPoint IPS

  6. IPS sensors are plugged into the network via Ethernet ports An Ethernet Port

  7. To put an IPS inline (to force the inspection to occur), you need 2 ports that work together as a pair. An Ethernet port pair (A and B)

  8. These port pairs work together to form what we call an inspection segment An Ethernet port pair (A and B) = An Inspection Segment

  9. Meet our friend.. The “famous” RJ-45 connector..

  10. A simple view of “forcing inspection” through an IPS..(BEFORE IPS) Device A Any Device with an Ethernet port Device B Any Device with an Ethernet port

  11. A simple view of “forcing inspection” through an IPS.. (WITH IPS) Device A Any Device with an Ethernet port Device B Any Device with an Ethernet port

  12. The TP10 appliance has 2 x copper inspection segments More on the “copper” designation in just a minute 2 1

  13. It has bigger brothers..

  14. The S110 and S330 (they look the same.. Like a pizza box) 4 segments

  15. A view of a 660N / 1400NSee anything different???

  16. A view of a 660N / 1400NSee anything different??? Those are fibre ports

  17. This is what a fibre transceiver looks like

  18. This is what one end of an LC fibre cable looks like

  19. A quick note on fibre types… This is important!!! Multi Mode fibre (MMF) – For Short distances. Typically within the same room, a few hundred metres max. Sometimes referred to as “Short Range” fibre. Single Mode fibre (MMF)– For Long distances. Typically across town/campus. Sometimes referred to as “Long Range” fibre. Also important, short range and long range fibre needs matching SR and LR transceivers!

  20. the NX Platform • Market Leading 2U Port-Density • with Swappable Modules • 6x 1GbE 10/100/1000 (Copper) • 6x 1GbE SFP (Copper or fibre) • 4x 10GbE SFP+ • 1x 40GbE QSFP+ That’s a 10Gig I/O Module for the NX Platform

  21. TippingPoint 7500NX 20.000 20Gbps TippingPoint 7100NX 15Gbps TippingPoint 2600NX, 5200NX, 6200NX 3Gbps, 5Gbps, 10Gbps Inspection Throughput[Mbps] TippingPoint 660N, 1400N 750Mbps, 1,5Gbps TippingPoint 110, 330 100Mbps , 300Mbps 20 TippingPoint 10 20Mbps 2 4 10 24 IPS Segments [Port-Pairs]

  22. OK. It‘s nice that we have plenty of screamin‘ fast hardware appliances... But, where do customers put these bad boys?

  23. HP TippingPoint appliances can be deployed anywhere… • Just “wedge” an IPS segment into any place you want to inspect/enforce network security policy. WLAN Core CampusLAN Edge Internet Tele-workers, partners, and customers

  24. Like.. Between your Internet connection and your LAN (Local Area Network) • Deploy inside the firewall (most common) • Deploy outside the firewall (a fading trend) • Deploy both inside and outside the firewall ( a “firewall sandwich” – Also a fading trend) WLAN Core CampusLAN Edge IPS-Security Zone 2 Internet Tele-workers, partners, and customers IPS-Security Zone 1

  25. And/Or.. Deploy closer to the Core of the network • Between the WLAN (wireless local area network) and the Core • Between the WAN (wide area network) and the Core • On Trunk links between switches (to isolate User networks and/or Server networks from the Core • On “top-of-rack” switches within • your virtualized Datacenter Virtual machines (VMs) Remote offices and branches Data center WAN WLAN Core CampusLAN Edge Internet Tele-workers, partners, and customers

  26. Top Deployment Scenarios 1 Perimeter Internet DMZ LAN IPS IPS IPS IPS IPS IPS 2 Production / Mission Critical LAN/MAN/WAN Remote LAN 3 Compliance PCI LAN SOX

  27. OK. It‘s nice that we have plenty of screamin‘ fast hardware appliances... But, how do we manage all of these devices?

  28. SMS – Security Management System HP Security Management System (JC528A) • HP DL320 based server • 1U device • 1x146Gb hard drive HP Security Management System XL (JC679A) • HP DL380 based server • 2U device • 6x600Gb hard drive • Fault Tolerant (RAID 1+0) vSMS (JC561A) • VMware ESX/ESXiv4.0 or greater Requires vCenter • Requirements: • 146GB avail disk space • 2 virtual CPU • 6GB available memory • 2 virtual network adapters vSMS Manage Multiple Units … IPS IPS ESX(i)

  29. TippingPoint NGIPS Platform Automated, Scalable Threat Protection SMS – Security Management System All traffic Minus known vulnerabilities NGIPS Sensors IPS Platform Designed for future security demands and services • Effective • Leading security research • Fastest coverage • Broadest coverage • Reliable • In-line reliability • In-line performance (throughput/latency) • Filter accuracy • Simple • Quick to deploy • Automated threat blocking • Easy to manage

  30. Settings are defined and distributed to the appliances HP TippingPointSecurity Profile Cyber-Attacks Availability - Protocol Anomalies- Denial-Of-Service- (Distributed) Denial-Of-Service... - Reconnaissance - Trojan- Backdoor- Virus- Worm- Spyware- Phishing- Buffer Overflow- Heap Heap Overflow- SQL-Injection- Cross-Site-Scripting- Cross Site Rquest Forgery- Malicious Documents... Bandwidth Mgmt. - App. Rate Limiter Corporate-Policy - Security Policy- Access Validation- Tunneling- Rogue Applications- Peer-to-Peer - Streaming Media...

  31. Just another view…

  32. Blah.. Blah.. Blah... How much does this stuff cost and who‘s gonna buy it so I can make lots of £$€ 

  33. And don’t forget Support, Training and RepDV! Mandatory List price* Nice To Know 1Gbps Ethernet Copper 40Gbps Ethernet fibre 1Gbps Ethernet fibre 10Gbps Ethernet fibre *EMEA pricing, February 2014

  34. (NG) IPS Drivers and Use Cases

  35. NGIPS Drivers • APT- Data Breach- Brand and Reputation Damage • (D)DoS- Bots- Ransomware • Operations- Confidentiality, Integrity, Availability- Recovery Costs- Penalties (Compliance) Asset THREAT VULNERABILITY Personal Information Intellectual Property Customer Data Financial Data etc. Unpatched Systems- Known SW Vulnerabilities Zero-Day-Exploits- Unknown SW Vulnerabilities

  36. Research – the real secret sauce

  37. Effectiveness Matters • SANS, CERT, NIST, OSVDB, software, and reputation vendors • ~3000 researchers • 2000+ customers sharing data • 7000+ managed networks globally Ecosystem partner Actionable security intelligence ~3,000+ independent researchers DVLabs Research & QA • Automatically integrated into HP products • HP finds more vulnerabilities than the rest of the market combined • Top security vulnerability research organization for the past three years • - Frost & Sullivan HP Security Research 2,000+ customers participating ESS Thought leadership Note: All figures are rounded. The base year is 2012. Source: Frost & Sullivan

  38. Effectiveness Matters • Over 8,600 filters of network protection right out of the box • Over 3,000 security researchers focused on emerging threats • Proven accuracy with no false positives • Optimize network performance and protect business critical applications ~3,000+ independent researchers DVLabs Research & QA 2,000+ customers participating “0 false positives since being enabled 15 months ago.” – Sr. Network Security Engineer from Financial Services Note: All figures are rounded. The base year is 2012. Source: Frost & Sullivan

  39. Industry Leading Security Intelligence Public Vulnerability Research Market: Business Application Vulnerabilities by Reporting Source, Global, 2012

  40. Definition - Zero-Day Exploit Proactive IPS Protection t1 t2 t3 t4 Software Vendorreleases Patch Exploit-Code is „In-The-Wild“ Vulnerability Is found Patch Rollout

  41. Exploit of Vulnerable Application HP TippingPoint Vulnerability Filter Vulnerability False Positives HP TippingPoint Vulnerability Filter Standard IPS Exploit Filter for Exploit A Exploit B (missed by Exploit Filter A) Exploit A

  42. Our Zero-day Coverage Compared to Competition Compiled from publicly verifiable data at http://www.microsoft.com/technet/security/current.aspx

  43. http://www.zerodayinitiative.com/advisories/upcoming/ • See how many 0-days there are that ONLY WE KNOW ABOUT for software from: • Microsoft • Adobe • Apple • Oracle • Cisco • HP (Yes. We too have our flaws.) • IBM • EMC • Novell • Citrix • Mozilla (Firefox)

  44. Bot and Fraud Detection: Cyber Reputation Reputation HP Next Gen IPS Countermeasures • DVLabs Reputation Database • Millions of entries • Reputation Score 0-100 • IPv4 & IPv6 Address • DNS Name • Meta data Detects mail traffic containing phishing attack techniques Content Awareness RepDV blocks mail traffic from known sources of phishing emails Context Awareness Corp. LAN Internet TippingPoint NGIPS • Botnet Trojan downloads • Malware, spyware & worm downloads • Access to botnetCnC sites • Access to phishing sites • Spam and phishing emails • DDoS attacks from botnet hosts • Web App attacks from botnet hosts Block Outbound Traffic Block Inbound Traffic

  45. Bot and Fraud Detection: Cyber Reputation • Notes – TippingPoint • Designed as inline IPSHA, Minimal False-Positives • Easy to Install and ManageLow TCO, Fast ROI • Recommended SettingsSince 2001 • More than an IPSNFGW features, Rate Limiter • Purpose-Build HardwareWith very mature Deep Inspection Engine • Build-In High-AvailabilityThe IPS *must* be transparent for valid traffic • Zero-Day-Exploit Protection is the *greatest possible* benefit an IPS can offer Reputation Source: IT-Harvest Next Generation IPS and Reputation Services

  46. But it doesn’t stop there…

  47. HP Network Security TippingPoint Product Family Protects the data and applications that matter • Next-Gen Firewall • SMS Next Gen IPS DVLabs research and feeds • Next-Generation IPS • Inspects network traffic and blocks against known vulnerabilities • 99.99999% of network uptime track record • Digital Vaccine Labs • Industry-leading security research • Delivers zero-day coverage IntegratedPolicy • Next-Generation Firewall • Marries NGIPS with enterprise firewall • Granular application visibility and control • Security Management System • Centralized management console across NGIPS and NGFW • Single console to deploy devices and policies Next Gen FW

  48. Definitions Firewall- Firewalls provide access control between two networks of varying trust levels. They control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set.

  49. Of course not! Legacy firewalls (not talking NGFW here) only take IP addresses and TCP/UDP ports into account when making policy decisions. Like the mailman.. Legacy firewalls are oblivious to the CONTENTS of the packets on which they are making their decisions (only checks 4 layers deep) Intrusion Prevention Systems look DEEPER into the packet payloads to make its policy decisions (checks all 7 layers). Uhhh… Isn’t that the same thing that IPS does?

  50. Holistic Customer First Approach • Support Training Services • Services • Site deployment review • Onsite installation • Configuration, tuning and best practices • Training • In-person, web-based and in your office • 2-day and 5-day classes • Across NGIPS & NGFW • More information: tippingpoint.training@hp.com • Customer Support • Premium, Premium Plus and Platinum offerings • Above 35 NPS score over the last 5 quarters • Consistently ranked at or above industry benchmark in 5 of 8 categories

More Related