9.35 The Armored Network - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

9.35 The Armored Network

Description:

Trend Micro Officescan. Don't just set it and forget it. Periodic firewall ... Trend Micro Officescan. Educate users about attached and downloading files. ... – PowerPoint PPT presentation

Number of Views:81
Avg rating:3.0/5.0
Slides: 23
Provided by: davidwo5
Category:
Tags: armored | micro | network | trend

less

Transcript and Presenter's Notes

Title: 9.35 The Armored Network


1
9.35 The Armored Network
  • I know of no undetected penetrations of the ATT
    network.
  • Attributed to Bill Cheswick by Amoroso and Sharp

2
Presenters
  • Dave Wordhouse
  • VP Network Technologies
  • dwordhouse_at_cuanswers.com
  • Jim Lawrence
  • Internal Network Manager
  • jlawrence_at_cuanswers.com
  • Tony Walliczek
  • Internal Network Coordinator
  • twalliczek_at_cuanswers.com
  • Jim Vickers
  • Internal Network Coordinator
  • jvickers_at_cuanswers.com
  • Fred Damstra
  • Internal Network Coordinator
  • fdamstra_at_cuanswers.com

3
Agenda
  • Five Basic Levels of Information System Defense
  • Applied Network Security at CUAnswers
  • Components of the IT Administrators Toolbox
  • Security Audit Checklist
  • Additional Resources

4
Five Basic Levels of Information System Defense
5
Five Basic Levels of Information System Defense
  • Perimeter Level
  • Where your network interacts with untrusted
    networks
  • Network Level
  • Trusted network devices/systems interact
  • Servers, clients, switches, hubs, printers
  • Host Level
  • Each individual device/system on your trusted
    network
  • Operating System, physical access
  • Application Level
  • Programs running on the device/system
  • Mail server, web server, database
  • Data Level
  • Data accessed by programs
  • File permissions, encryption

6
Network Security at CUAnswers
  • http//www.cuanswers.com/client_pm_bp_securprec.ph
    p
  • http//www.wesconet.com
  • Offers professional assistance with
  • Independent Auditing
  • Network Defense
  • Training
  • Data Archival
  • High Availability

7
The IT Administrators Toolbox
  • Blueprint (Security Policy)
  • Physical security
  • Firewall(s)
  • Layered anti-virus protection
  • Intrusion detection/prevention systems
  • Hardened servers and hosts
  • Vulnerability scanners to test/adjust your
    security
  • Encryption to protect your data
  • Data archive strategy
  • Security audit checklist

8
The Security Blueprint (Security Policy)
  • Security Policy should include
  • Acceptable use policy
  • Security incident handling procedures
  • Incident escalation procedures
  • Remote access policy
  • Firewall management policy
  • Disaster recovery policy
  • Must be communicated to and understood by all
    staff
  • Review and audit often.

9
Physical Security
  • Physical access to your network devices and media
  • Wiring closets
  • Server rooms
  • Unattended workstations
  • Open wall jacks (data)
  • Redundancy, high availability
  • Multiple power supplies
  • Multiple power sources
  • Protection against natural disasters
  • Power

10
Firewall(s)
  • Firewall at the perimeter.
  • Appliance
  • (Sonicwall, etc.)
  • Software based
  • (Checkpoint, etc.)
  • Firewall on the host(s).
  • Centrally managed.
  • Trend Micro Officescan
  • Dont just set it and forget it.
  • Periodic firewall policy review.
  • Threats change, so must your protection.
  • Log administration.
  • Know whats being logged and whats not being
    logged.
  • Penetration testing.
  • - Nessus, Qualys, etc.

11
Anti-virus Protection
  • Centralized deployment.
  • Central download, deployment, logging, alerting.
  • Quarantine infected workstation.
  • At the gateway and on the hosts.
  • Layered approach.
  • Spyware protection.
  • Most commercial packages protect against Spyware
  • Trend Micro Officescan
  • Educate users about attached and downloading
    files.
  • Last layer of protection is the user at the
    keyboard/mouse.

12
Intrusion Detection and/or Prevention
  • Intrusion Detection vs Intrusion Prevention.
  • Pros and Cons of each.
  • Now bundled as a feature of new generation
    firewalls.
  • Sonicwall
  • Host based vs Network based.
  • Combination of both is preferred.
  • Log administration.
  • Its not just whats getting logged but also
    whats not getting logged.

13
Hardened Servers and Hosts
  • New hardware checklist.
  • www.microsoft.com/security for best practices.
  • Keep systems patched.
  • Operating Systems and Applications.
  • Patch management software available.
  • Shavlik Pro
  • Microsoft SUS, WUS
  • Implement proper ACLs.
  • Remove any unnecessary services.
  • Install anti-virus and host-based IDS.
  • Microsoft Baseline Security Analyzer.
  • Other tools available from Microsoft.
  • Monitor System, Application, Event logs.

14
Vulnerability Scanners
  • Scan your network for vulnerabilities that could
    be exploited by an attacker.
  • Port scanner vs Application scanner.
  • Three types of analysis
  • Signature Intrusion Analysis
  • Looks for specific attacks against known weak
    points of a system.
  • Statistical Intrusion Analysis
  • Based on observations of deviations from normal
    system usage patterns.
  • Integrity Analysis
  • Reveals whether a file or object has been
    modified

15
Data Encryption
  • Protect your data while in transit and on the
    media.
  • Encryption Technologies can solve these problems
  • Prevent unauthorized access.
  • Guarantee data integrity.
  • Authenticate users.
  • Provide non-repudiation of actors involved by
    using digital signatures.
  • Secure Socket Layer (SSL) Encryption.

16
Data Archive Strategy
  • The best backup strategy starts with the Restore!
  • Determine what data needs to be archived.
  • Create a plan.
  • Base backup.
  • Incremental backup
  • Differential backup
  • Frequency and speed of data restore.
  • Consider your network environment.
  • Operating systems (Windows, Unix, etc.)
  • Firewalls (bandwidth, etc.)
  • Switches, hubs.
  • CUAnswers uses Syncsort Backup Express.
  • Carefully consider the backup media.
  • NAS (Network Attached Storage) devices offer
    speed at a cost.
  • Tapes come in hundreds of types/speeds/storage
    capacities.

17
The promise of High Availability
  • HA offers Application Resiliency.
  • Critical Applications can remain active even when
    the primary hardware they rely on goes down.
  • Applications can remain active through
    maintenance cycles and backups.
  • HA offers the promise of minimal down time.
  • Staff can remain working on HA equipment almost
    transparently.
  • Customers can keep using services instead of
    receiving unavailable messages.
  • Some disaster situations are eliminated
    completely.
  • HA does require more administration.
  • Configuration.
  • Testing.
  • Training.

18
CUAnswers High Availability Solution
  • i-Tera Echo2
  • Uses Remote Journaling to transmit data changes
    between the production and backup node at the
    operating system level over TCP/IP.
  • Simplified roll-over process for testing and real
    emergencies.
  • Roll-over process takes less than 30 minutes.

19
Security Audit Checklist
  • Some questions you may be asked
  • Are passwords difficult to crack?
  • Are there access control lists (ACLs) in place on
    network devices to control who has access to
    shared data?
  • Are there audit logs to record who accesses data?
  • Are the audit logs reviewed?
  • Are the security settings for operating systems
    in accordance with accepted industry security
    practices?
  • Have all unnecessary applications and computer
    services been eliminated for each system?
  • Are these operating systems and commercial
    applications patched to current levels?
  • How is backup media stored?
  • Who has access to it?
  • Is it up-to-date?
  • Is there a disaster recovery plan?
  • Have the participants and stakeholders ever
    rehearsed the disaster recovery plan?

20
Additional Resources
  • CUAnswers has two CISSP (Certified Information
    Systems Security Professional) on staff.
  • Randy Brinks (rbrinks_at_wesconet.com)
  • Joe Couture (jcouture_at_wesconet.com)
  • CERT (www.cert.org)
  • Home computer security document
  • Home computer security checklist handout
  • SANS (www.sans.org)
  • Microsoft Product Security Notification
  • http//www.microsoft.com/technet/treeview/?url/te
    chnet/security/bulletin/notify.asp
  • (http//www.microsoft.com/security/)
  • BugTraq (www.securityfocus.com)

21
Additional Resources
  • Other SECURE-U courses
  • 9.15 Security Essentials
  • Essential security and privacy issues
  • 9.35 The Armored Network
  • Network security at CUAnswers
  • 9.55 The Human Side of Security
  • Social Engineering and other exploits
  • 9.65 Disaster Recovery and Business
    Continuity
  • The CUAnswers plan

22
Questions and Answers
  • ???
Write a Comment
User Comments (0)
About PowerShow.com