220 likes | 327 Views
9.35 The Armored Network. “I know of no undetected penetrations of the AT&T network”. Attributed to Bill Cheswick by Amoroso and Sharp. Presenters. Dave Wordhouse VP Network Technologies dwordhouse@cuanswers.com Jim Lawrence Internal Network Manager jlawrence@cuanswers.com Tony Walliczek
E N D
9.35 The Armored Network “I know of no undetected penetrations of the AT&T network”. Attributed to Bill Cheswick by Amoroso and Sharp
Presenters • Dave Wordhouse • VP Network Technologies • dwordhouse@cuanswers.com • Jim Lawrence • Internal Network Manager • jlawrence@cuanswers.com • Tony Walliczek • Internal Network Coordinator • twalliczek@cuanswers.com • Jim Vickers • Internal Network Coordinator • jvickers@cuanswers.com • Fred Damstra • Internal Network Coordinator • fdamstra@cuanswers.com
Agenda • Five Basic Levels of Information System Defense • Applied Network Security at CU*Answers • Components of the IT Administrator’s Toolbox • Security Audit Checklist • Additional Resources
Five Basic Levels of Information System Defense • Perimeter Level • Where your network interacts with “untrusted” networks • Network Level • “Trusted” network devices/systems interact • Servers, clients, switches, hubs, printers • Host Level • Each individual device/system on your “trusted” network • Operating System, physical access • Application Level • Programs running on the device/system • Mail server, web server, database • Data Level • Data accessed by programs • File permissions, encryption
Network Security at CU*Answers • http://www.cuanswers.com/client_pm_bp_securprec.php • http://www.wesconet.com • Offers professional assistance with: • Independent Auditing • Network Defense • Training • Data Archival • High Availability
The IT Administrator’s Toolbox • Blueprint (Security Policy) • Physical security • Firewall(s) • Layered anti-virus protection • Intrusion detection/prevention systems • Hardened servers and hosts • Vulnerability scanners to test/adjust your security • Encryption to protect your data • Data archive strategy • Security audit checklist
The Security Blueprint (Security Policy) • Security Policy should include: • Acceptable use policy • Security incident handling procedures • Incident escalation procedures • Remote access policy • Firewall management policy • Disaster recovery policy • Must be communicated to and understood by all staff • Review and audit often.
Physical Security • Physical access to your network devices and media • Wiring closets • Server rooms • Unattended workstations • Open wall jacks (data) • Redundancy, high availability • Multiple power supplies • Multiple power sources • Protection against natural disasters • Power
Firewall(s) • Firewall at the perimeter. • Appliance • (Sonicwall, etc.) • Software based • (Checkpoint, etc.) • Firewall on the host(s). • Centrally managed. • Trend Micro Officescan • Don’t just set it and forget it. • Periodic firewall policy review. • Threats change, so must your protection. • Log administration. • Know what’s being logged and what’s not being logged. • Penetration testing. - Nessus, Qualys, etc.
Anti-virus Protection • Centralized deployment. • Central download, deployment, logging, alerting. • Quarantine infected workstation. • At the gateway and on the hosts. • Layered approach. • Spyware protection. • Most commercial packages protect against Spyware • Trend Micro Officescan • Educate users about attached and downloading files. • Last layer of protection is the user at the keyboard/mouse.
Intrusion Detection and/or Prevention • Intrusion Detection vs Intrusion Prevention. • Pros and Cons of each. • Now bundled as a feature of new generation firewalls. • Sonicwall • Host based vs Network based. • Combination of both is preferred. • Log administration. • It’s not just what’s getting logged but also what’s not getting logged.
Hardened Servers and Hosts • New hardware checklist. • www.microsoft.com/security for best practices. • Keep systems patched. • Operating Systems and Applications. • Patch management software available. • Shavlik Pro • Microsoft SUS, WUS • Implement proper ACLs. • Remove any unnecessary services. • Install anti-virus and host-based IDS. • Microsoft Baseline Security Analyzer. • Other tools available from Microsoft. • Monitor System, Application, Event logs.
Vulnerability Scanners • Scan your network for vulnerabilities that could be exploited by an attacker. • Port scanner vs Application scanner. • Three types of analysis: • Signature Intrusion Analysis • Looks for specific attacks against known weak points of a system. • Statistical Intrusion Analysis • Based on observations of deviations from normal system usage patterns. • Integrity Analysis • Reveals whether a file or object has been modified
Data Encryption • Protect your data while in transit and on the media. • Encryption Technologies can solve these problems: • Prevent unauthorized access. • Guarantee data integrity. • Authenticate users. • Provide non-repudiation of actors involved by using digital signatures. • Secure Socket Layer (SSL) Encryption.
Data Archive Strategy • The best backup strategy starts with the Restore! • Determine what data needs to be archived. • Create a plan. • Base backup. • Incremental backup • Differential backup • Frequency and speed of data restore. • Consider your network environment. • Operating systems (Windows, Unix, etc.) • Firewalls (bandwidth, etc.) • Switches, hubs. • CU*Answers uses Syncsort Backup Express. • Carefully consider the backup media. • NAS (Network Attached Storage) devices offer speed at a cost. • Tapes come in hundreds of types/speeds/storage capacities. • Stored off-site in a secure location.
The promise of High Availability • HA offers Application Resiliency. • Critical Applications can remain active even when the primary hardware they rely on goes down. • Applications can remain active through maintenance cycles and backups. • HA offers the promise of minimal down time. • Staff can remain working on HA equipment almost transparently. • Customers can keep using services instead of receiving unavailable messages. • Some disaster situations are eliminated completely. • HA does require more administration. • Configuration. • Testing. • Training.
CU*Answers’ High Availability Solution • i-Tera Echo2 • Uses Remote Journaling to transmit data changes between the production and backup node at the operating system level over TCP/IP. • Simplified roll-over process for testing and real emergencies. • Roll-over process takes less than 30 minutes.
Security Audit Checklist • Some questions you may be asked: • Are passwords difficult to crack? • Are there access control lists (ACLs) in place on network devices to control who has access to shared data? • Are there audit logs to record who accesses data? • Are the audit logs reviewed? • Are the security settings for operating systems in accordance with accepted industry security practices? • Have all unnecessary applications and computer services been eliminated for each system? • Are these operating systems and commercial applications patched to current levels? • How is backup media stored? • Who has access to it? • Is it up-to-date? • Is there a disaster recovery plan? • Have the participants and stakeholders ever rehearsed the disaster recovery plan?
Additional Resources • CU*Answers has two CISSP (Certified Information Systems Security Professional) on staff. • Randy Brinks (rbrinks@wesconet.com) • Joe Couture (jcouture@wesconet.com) • CERT (www.cert.org) • Home computer security document • Home computer security checklist handout • SANS (www.sans.org) • Microsoft Product Security Notification • http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/notify.asp • (http://www.microsoft.com/security/) • BugTraq (www.securityfocus.com)
Additional Resources • Other SECURE-U courses • 9.15 – “Security Essentials“ • Essential security and privacy issues • 9.35 – “The Armored Network” • Network security at CU*Answers • 9.55 – “The Human Side of Security” • Social Engineering and other exploits • 9.65 – “Disaster Recovery and Business Continuity” • The CU*Answers plan
Questions and Answers • ???