1 / 17

A Layered Approach to Support Extranet Security

A Layered Approach to Support Extranet Security. Ralph Santitoro Director of Security Solutions - Nortel EntNet @ SUPERCOMM 2005 Panel 2 Session - June 6, 2005 Ralph@Marcom-Services.net http://www.nortel.com/security. What are you trying to protect?. Business Continuity

Download Presentation

A Layered Approach to Support Extranet Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Layered Approach to Support Extranet Security Ralph Santitoro Director of Security Solutions - Nortel EntNet @ SUPERCOMM 2005 Panel 2 Session - June 6, 2005 Ralph@Marcom-Services.net http://www.nortel.com/security

  2. What are you trying to protect? • Business Continuity • Protecting the network, hosts and applications from threats or vulnerabilities • Protecting outsourced services, e.g., Call Centers, Customer Service • Information Security • Controlling the usage of information • Auditing the movement of information Information Security Information Privacy Layer Network, Host, and Application Defense Layer Business Continuity

  3. 1 2 3 4 5 80% of CSOs report that cyber attacks had a bottom-line financial impact on their organizations* What’s Keeping the CxO Up at Night? - Top 5 Security Concerns for 2005* • Computer worms, viruses • Regulatory compliance • Online fraud • Early warning of cyber attacks • Data Privacy * Source: CSO Interchange New York December 2004

  4. Regulations will Drive Security Deployments - Regulations will increase the focus on Security • Sarbanes Oxley • Health Insurance Portability and Accountability Act (HIPAA) • Gramm-Leach-Bliley (GLB) • California Database Breach Notification Act (SB1386) • Data Protection and Misuse Act (UK) • Personal Information Protection & Electronic Documents Act (Canada) • Safe Harbor Act – EU Data Protection Act (Europe, U.S.)

  5. Business Continuity- Protecting the Network, Hosts and Applications- What are the Threats ?

  6. Business Continuity- Must maintain reliable services • Conduct business without outages of critical services • Maintain communications • Internally and with customers, suppliers, partners

  7. What are the Threats ?- Malicious Software (Malware) : Viruses, Worms, Trojans • Typically infect computer by exploiting “vulnerabilities” and social engineering • Steal passwords (e.g., cookies) • Destroy documents • Steal confidential data (e.g, Phishing, Scam) • Impede host or network device performance • Distribute SPAM • Infected computers threaten security of the network • How to stop Malware • AntiVirus software • Intrusion Detection software or appliances • Traffic Management devices • Security policies

  8. Denial of Service and DDoS attacks • Targets known “vulnerability” in devices • Can cause devices to completely stop working • Denial of Service • one hacker targeting one network device or host • Distributed Denial of Service (DDoS) • One or several hackers taking over multiple hosts on the Internet. • These machines then target a single network device or host

  9. Extranet Challenges- Threats from Encrypted Traffic • Sensitive data, VPN traffic, secure multimedia and eCommerce rely on encryption for security • Encryption hides malicious code • Threat prevention devices must: • Decrypt the traffic • Scan traffic for Malware • Report or take action on the traffic • E.g., report the threat, drop the traffic, reduce the bandwidth, etc. • Re-encrypt the traffic

  10. Base camp A target server is attacked and compromised The acquired server is used as vantage pointto penetrate the corporate net Further attacks are performed as an internal user ANATOMY OF A REAL-WORLD ATTACK A sophisticated attacker will leverage trust relationships to gain access to more valuable information assets. • 5 P’s • Probe • Penetrate • Persist • Propagate • Paralyze External attacker’s system

  11. Extranet Treats require similar protection to other internal or external threats Similar technologies and procedures used Intelligent traffic management is critical Threat Prevention Analyze Signatures Violations Capture Scan Behavior Monitor Detect Mitigate Mitigate Act Patch Log Act Configure Alert Detect Policy Monitor Block

  12. Infrastructure Attacks • Unknown attacks • Engineered attacks • Passwords compromised • Sessions intercepted • Extranet • Compromised • Malicious • Unintentional • Intranet • Compromised • Malicious • Unintentional • Unknown Connections • Wireless access points • Unused active ports • Unauthorized use X X X X X X X X X Understand the network. Detect the vulnerabilities. Protect the assets Enterprise Security Challenge- A Dynamic Situation

  13. Security Policy Layers- Why Deep Packet (L3-L7) Inspection and Intelligent Traffic Management are so important IP Access Protection Denial of Service Attack Protection Malware Inspection Application Inspection Apply Policies Example Traffic Flows Anti-Spoofing ScanSynFin DoS Attack Worms, Viruses, Trojans … Peer-to-Peer Instant Messaging Limited VoIP Guaranteed Reporting and Logging

  14. End point devices accessing the network are made compliant with corporate security policies Remote End Point Compliance • Remote end point devices (PCs, mobile devices, etc.) accessing Extranet are assessed prior to network access • To determine if they are compliant with security policies • Example policy compliance rules • AntiVirus installed, AntiSpyware installed, Operating System security patches and Application security patches must be installed • Compliance Policies Choices • Block All, Quarantine, Allow Some, Allow All

  15. Remote End Point Security Challenges and Solutions for Extranets • Masquerading: How do I know the user hasn’t stolen a user ID & password? • Use a Token-based or 2-factor authentication, e.g,. RSA SecureID card or User ID / Password + VPN ID / Password • Negligence: A user walks away from her desk leaving an open VPN session • Use an auto-logoff timer to terminate VPN session after a period of inactivity • Residual Data: A patient’s medical data is cached on a PC and becomes accessible to the next user • Use cache cleansing to clear browser history and cached data once VPN session is terminated. • Trust: I don’t want sensitive applications accessed from any unknown PCs • Use dynamic access policies enabling varied access depending on configured parameters at login, e.g., allow Email, but no file access or deny access completely

  16. Virus Virus AntiSpyware AntiSpyware PFW PFW IDS IDS Remote Endpoint Security Compliance and Remediation for Extranets • Example Extranet end point security policy to access network: • AntiVirus must be installed • AntiSpyware must be installed     Quarantine / Remediation Extranet VPN connection Client-based Extranet access Client-less Extranet access

  17. Summary • Extranets require multiple layers of protection to ensure business continuity and protect information privacy • Secure access (VPN) with user-based Security Policies • Threat Prevention at Layer 3-7 • Deep Packet Inspection and Intelligent Traffic Management • End Point Security Compliance and Remediation

More Related