Client Security in a Deperimeterized World - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Client Security in a Deperimeterized World

Description:

Client Security in a Deperimeterized World. September 21st, 2006. Jericho Forum Open Meeting ... Anti-Virus/Anti-Malware. Firewall. Patch automation ... – PowerPoint PPT presentation

Number of Views:62
Avg rating:3.0/5.0
Slides: 9
Provided by: chandle2
Category:

less

Transcript and Presenter's Notes

Title: Client Security in a Deperimeterized World


1
Client Security in a Deperimeterized World
  • September 21st, 2006
  • Jericho Forum Open Meeting
  • Seattle, Washington, USA

2
Agenda
  • What is a client? Everything
  • Requirements What we need to do
  • Capabilities What we can do
  • Gaps What we cant do (yet)
  • Progress What were doing about it

3
What is a client?Everything
  • Data leaks into every corner of every little
    place we keep electrons
  • Personally-owned computers
  • Shared Workstations
  • Services (Google Office/Gmail)
  • iPods
  • Workstations
  • Laptops
  • Mobile Phones
  • PDAs
  • Kiosks
  • Flash Drives

4
RequirementsWhat we need to do
  • Extend the Enterprise
  • Beyond the office walls
  • Beyond company-owned devices
  • Access Applications and Information
  • Email
  • Documents/Presentations/Spreadsheets
  • Internal Web sites
  • Instant Messaging
  • Telephony
  • Protect Information at-rest
  • Full-Disk Encryption
  • Rights Management
  • Files Email encryption (Public Key
    Cryptography)
  • Protect Hosts
  • Anti-Virus/Anti-Malware
  • Firewall
  • Patch automation management

5
CapabilitiesWhat we can do
  • Extend the Enterprise
  • Beyond the office walls
  • Laptops (Traditional clients)
  • IPSEC SSL VPN
  • Beyond Company-owned devices
  • SSL VPNs
  • Smartphones and Thin clients
  • Transient (display-only) access
  • Access Applications and Information
  • Web Access to Email
  • Portal-izing/Proxying applications
  • Protect Information at-rest
  • Full-Disk Encryption
  • Email File Encryption (Public Key Cryptography)
  • Protect the Host
  • Anti-Virus, Anti-Spyware
  • Personal Firewalls

6
GapsWhat we cant do (yet)
  • Extend the Enterprise
  • Focus on the data, make the device irrelevant
  • Support Microsoft-y protocols
  • Too many ports, too little control, too much bad
    history
  • Even Microsoft admits this problem is still
    unsolved
  • Easy Strong Authentication
  • Especially on Mobile Devices
  • Protect Information at Rest
  • Rights Management
  • Provide rights management for arbitrary file
    types
  • Support ad-hoc protection (This will come as the
    tools mature)
  • Protect the Host
  • Host protection often still requires users to
    lose control
  • Ensure patching and configuration management

7
ProgressWhat were doing about it
  • Extend the Enterprise
  • Data-Centric Protection
  • Focus on defending the data, make the device
    network location irrelevant
  • Transient/Display-only access
  • Thin Client Portal
  • Application proxying, screen scraping
  • SSL VPN
  • Limited access, non-Domain member access
  • Protect Information at Rest
  • Rights Management
  • Control what authorized users do with information
  • Trusted Computing
  • Already exists in phones but is frequently
    cracked
  • Prospects for the PC are probably worse
  • Protect the Host
  • Trusted Computing
  • Time will tell, but its not doing well thus far

8
Thank You
  • Questions and Discussion
  • Contact Chandler Howell
Write a Comment
User Comments (0)
About PowerShow.com