170 likes | 194 Views
Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis. Match the technologies used with the security need Spend time and resources covering the most likely and most expensive risks. Firewalls. What is a firewall? A technology for the selective allowance of network traffic.
E N D
Joe Budzyn Jeff Goeke-Smith Jeff Utter
Risk Analysis • Match the technologies used with the security need • Spend time and resources covering the most likely and most expensive risks
Firewalls • What is a firewall? • A technology for the selective allowance of network traffic. • Types of firewalls • Stateful or Stateless • Software or Hardware • Border or Intranet
Firewalls • Rule Set Methodology • Mostly Open • Mostly Closed • Zones • Untrust • Trust • DMZ
IDS / IPS • Network Device that identifies and optionally stops hostile network traffic • Signature based detection • Signatures can match on packet content • Signatures can match on behavior • Deployed at network choke points • Generally in conjunction with a firewall • Border of an office, a workgroup, a building, or a campus
Encryption • Encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. • Public Key / Private Key • Pre-shared Key • Example Uses • Disk Encryption, File Encryption • Secure Email (i.e. PGP)
VPN • Network tunnel over a more general network • Implies channel encryption, authentication, authorization • May be used to avoid firewalls and IPS/IDS systems on the path of the tunnel • Deployed next to firewalls for remote access or administrative access.
Secure Remote Access • Remote Desktop Client • SSH • Network Tunnels • Two Factor Authentication • Key Based Authentication
Tripwire • Tripwire watches for changes to files for monitored systems. • Enterprise Tripwire runs with a server and clients. • Remote monitoring of changes, with alerts. • Ability to approve or roll back some changes. • Useful in the detection of intentional and unintentional changes.
Network Flow Analysis • Look for ‘odd’ behavior rather than ‘odd’ content. • Traffic sent to an analysis engine via a mirror, or summarized by the routers • Multiple products exist with differing emphasis • Arbor Networks • Q1 labs
Anti-Malware • Malware is any piece of malicious code or a program that embeds itself onto a computer without the user’s knowledge. • Examples • Virus • Spam • Trojan • Root kit • Spyware • Adware • Key Logger
Anti-Malware • What to do about it? • DON’T OPEN ATTACHMENTS THAT YOU ARE NOT EXPECTING. • ESPECIALLY IF YOU DON’T TRUST THE SOURCE • Keep an up to date Anti-Malware application (or suite) installed and running. • Many different vendors and some free apps do this.
Security Practices - Servers • Patch Management • All systems are vulnerable, patching makes them less so • Log Analysis • Learn what is normal, then watch for the abnormal • Secure Configuration • Pick a standard and follow it
Security Practices - Users • All users on the network are integral to overall security • User Education Campaigns • User Policy Tools • Group Policy, reviewing logs
Denial of Service Protection • Types of DoS • UDP flood, SYN flood, ICMP flood, backscatter, distributed, packet of death, BGP route injection • Type of protection • Routing infrastructure • Firewalls • Special adaptive devices
Advanced Network Tricks • Honey Pots – a weakened computer meant to attract attackers • Tar Pits – a series of fake computers meant to slow attackers down • Dark Nets – a network of fake computers meant to determine what attackers are doing
Managing Your Identities • Common complaint: I have too many passwords to remember! • This may lead to sticky notes under keyboards • Password Wallet or Password Safe • Public key / private key encryption • Password generation algorithms