1 / 22

9.35 The Armored Network

9.35 The Armored Network. “I know of no undetected penetrations of the AT&T network”. Attributed to Bill Cheswick by Amoroso and Sharp. Presenters. Dave Wordhouse VP Network Technologies dwordhouse@cuanswers.com Jim Lawrence Internal Network Manager jlawrence@cuanswers.com Tony Walliczek

roxanne-jovan
Download Presentation

9.35 The Armored Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 9.35 The Armored Network “I know of no undetected penetrations of the AT&T network”. Attributed to Bill Cheswick by Amoroso and Sharp

  2. Presenters • Dave Wordhouse • VP Network Technologies • dwordhouse@cuanswers.com • Jim Lawrence • Internal Network Manager • jlawrence@cuanswers.com • Tony Walliczek • Internal Network Coordinator • twalliczek@cuanswers.com • Jim Vickers • Internal Network Coordinator • jvickers@cuanswers.com • Fred Damstra • Internal Network Coordinator • fdamstra@cuanswers.com

  3. Agenda • Five Basic Levels of Information System Defense • Applied Network Security at CU*Answers • Components of the IT Administrator’s Toolbox • Security Audit Checklist • Additional Resources

  4. Five Basic Levels of Information System Defense

  5. Five Basic Levels of Information System Defense • Perimeter Level • Where your network interacts with “untrusted” networks • Network Level • “Trusted” network devices/systems interact • Servers, clients, switches, hubs, printers • Host Level • Each individual device/system on your “trusted” network • Operating System, physical access • Application Level • Programs running on the device/system • Mail server, web server, database • Data Level • Data accessed by programs • File permissions, encryption

  6. Network Security at CU*Answers • http://www.cuanswers.com/client_pm_bp_securprec.php • http://www.wesconet.com • Offers professional assistance with: • Independent Auditing • Network Defense • Training • Data Archival • High Availability

  7. The IT Administrator’s Toolbox • Blueprint (Security Policy) • Physical security • Firewall(s) • Layered anti-virus protection • Intrusion detection/prevention systems • Hardened servers and hosts • Vulnerability scanners to test/adjust your security • Encryption to protect your data • Data archive strategy • Security audit checklist

  8. The Security Blueprint (Security Policy) • Security Policy should include: • Acceptable use policy • Security incident handling procedures • Incident escalation procedures • Remote access policy • Firewall management policy • Disaster recovery policy • Must be communicated to and understood by all staff • Review and audit often.

  9. Physical Security • Physical access to your network devices and media • Wiring closets • Server rooms • Unattended workstations • Open wall jacks (data) • Redundancy, high availability • Multiple power supplies • Multiple power sources • Protection against natural disasters • Power

  10. Firewall(s) • Firewall at the perimeter. • Appliance • (Sonicwall, etc.) • Software based • (Checkpoint, etc.) • Firewall on the host(s). • Centrally managed. • Trend Micro Officescan • Don’t just set it and forget it. • Periodic firewall policy review. • Threats change, so must your protection. • Log administration. • Know what’s being logged and what’s not being logged. • Penetration testing. - Nessus, Qualys, etc.

  11. Anti-virus Protection • Centralized deployment. • Central download, deployment, logging, alerting. • Quarantine infected workstation. • At the gateway and on the hosts. • Layered approach. • Spyware protection. • Most commercial packages protect against Spyware • Trend Micro Officescan • Educate users about attached and downloading files. • Last layer of protection is the user at the keyboard/mouse.

  12. Intrusion Detection and/or Prevention • Intrusion Detection vs Intrusion Prevention. • Pros and Cons of each. • Now bundled as a feature of new generation firewalls. • Sonicwall • Host based vs Network based. • Combination of both is preferred. • Log administration. • It’s not just what’s getting logged but also what’s not getting logged.

  13. Hardened Servers and Hosts • New hardware checklist. • www.microsoft.com/security for best practices. • Keep systems patched. • Operating Systems and Applications. • Patch management software available. • Shavlik Pro • Microsoft SUS, WUS • Implement proper ACLs. • Remove any unnecessary services. • Install anti-virus and host-based IDS. • Microsoft Baseline Security Analyzer. • Other tools available from Microsoft. • Monitor System, Application, Event logs.

  14. Vulnerability Scanners • Scan your network for vulnerabilities that could be exploited by an attacker. • Port scanner vs Application scanner. • Three types of analysis: • Signature Intrusion Analysis • Looks for specific attacks against known weak points of a system. • Statistical Intrusion Analysis • Based on observations of deviations from normal system usage patterns. • Integrity Analysis • Reveals whether a file or object has been modified

  15. Data Encryption • Protect your data while in transit and on the media. • Encryption Technologies can solve these problems: • Prevent unauthorized access. • Guarantee data integrity. • Authenticate users. • Provide non-repudiation of actors involved by using digital signatures. • Secure Socket Layer (SSL) Encryption.

  16. Data Archive Strategy • The best backup strategy starts with the Restore! • Determine what data needs to be archived. • Create a plan. • Base backup. • Incremental backup • Differential backup • Frequency and speed of data restore. • Consider your network environment. • Operating systems (Windows, Unix, etc.) • Firewalls (bandwidth, etc.) • Switches, hubs. • CU*Answers uses Syncsort Backup Express. • Carefully consider the backup media. • NAS (Network Attached Storage) devices offer speed at a cost. • Tapes come in hundreds of types/speeds/storage capacities. • Stored off-site in a secure location.

  17. The promise of High Availability • HA offers Application Resiliency. • Critical Applications can remain active even when the primary hardware they rely on goes down. • Applications can remain active through maintenance cycles and backups. • HA offers the promise of minimal down time. • Staff can remain working on HA equipment almost transparently. • Customers can keep using services instead of receiving unavailable messages. • Some disaster situations are eliminated completely. • HA does require more administration. • Configuration. • Testing. • Training.

  18. CU*Answers’ High Availability Solution • i-Tera Echo2 • Uses Remote Journaling to transmit data changes between the production and backup node at the operating system level over TCP/IP. • Simplified roll-over process for testing and real emergencies. • Roll-over process takes less than 30 minutes.

  19. Security Audit Checklist • Some questions you may be asked: • Are passwords difficult to crack? • Are there access control lists (ACLs) in place on network devices to control who has access to shared data? • Are there audit logs to record who accesses data? • Are the audit logs reviewed? • Are the security settings for operating systems in accordance with accepted industry security practices? • Have all unnecessary applications and computer services been eliminated for each system? • Are these operating systems and commercial applications patched to current levels? • How is backup media stored? • Who has access to it? • Is it up-to-date? • Is there a disaster recovery plan? • Have the participants and stakeholders ever rehearsed the disaster recovery plan?

  20. Additional Resources • CU*Answers has two CISSP (Certified Information Systems Security Professional) on staff. • Randy Brinks (rbrinks@wesconet.com) • Joe Couture (jcouture@wesconet.com) • CERT (www.cert.org) • Home computer security document • Home computer security checklist handout • SANS (www.sans.org) • Microsoft Product Security Notification • http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/notify.asp • (http://www.microsoft.com/security/) • BugTraq (www.securityfocus.com)

  21. Additional Resources • Other SECURE-U courses • 9.15 – “Security Essentials“ • Essential security and privacy issues • 9.35 – “The Armored Network” • Network security at CU*Answers • 9.55 – “The Human Side of Security” • Social Engineering and other exploits • 9.65 – “Disaster Recovery and Business Continuity” • The CU*Answers plan

  22. Questions and Answers • ???

More Related