IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA

7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA

1/41

NEXT GENERATION NETWORK

INSECURITY

Anupam Tiwar i CCCSP,CEH


2/41

Ek din bik jayega,

Matee ke molJag me reh jayengepyare tere bol


3/41

Ek din bik jayega,

Matee ke molJag me reh jayengepyare tere bol AUR..


4/41

ye bh i delete kar de!!!!!

A Good fr iendwill be at your funeral.

The Bes t fr iendwill miss it because he will be too busy

breaking into your houseand t ry ing to clean your b rowser h is to ry and al l t races!!!!!!


5/41

NEXT GENERATION NETWORKINSECURITY

Mostly OverEstimated / UnderEstimated


6/41

CUTTING THROUGH THE

HYPE : WHAT IS TRUE NEXTGENERATION SECURITY ?

.t he number of t rans is to rs on

IC doub les approx every 18 mo nths! !!


7/41


8/41

Why is Securing the ITEnvironment getting

DIFFICULT by day?


9/41

LETS GET BACK BY FEW YEARS!!!!When securing the IT environment was easier than it is today.


10/41

Basic information such asusers locations,

the applicationsthey were running and thetypes of devicesthey were using wereknown variables.

LETS GET BACK BY FEW YEARS!!!!


11/41

In addition, thisinformation

was fairly static, so securitypolicies scaled reasonably well



12/41

Applications ran on dedicated serversinthe data center



13/41

The IT organization controlledaccessto those applications andestablished boundaries toenforcesecurity policies



14/41

for the most partthe network experienced

predictable traffic patterns



15/41

HAPPY CISO!!!!!!

TOUCHING MOMENT


16/41


17/41


18/41

Changing the way the network is Arch i tected


19/41

Appl icat ions/Datamay move betweenserversor

evendata cen tersorcountr ies


20/41

Mult ip le diversemobi ledevicesconnectto the corpo rate

netwo rk f rom var iouslocat ions


21/41

At the same time, users are

extending the corporate network

by going to the cloud for

collaborative applications likeDropbox or Google

IT no longer knows which

devices may connect to the

network or their location.

Data isnt just safely resting in the

data center; it is traversing

the countries.


22/41

BOTNETS

40% of the computers

are Botted

A botnet is a collection of internet-

connected programs

communicating with other

similar programs in order toperform tasks.


23/41

S ll thi


24/41

So all thisalong withthese two

CurrentGiants make

a great

AttackSurface


25/41

CRIMEWAREas aSERVICE


26/41

PRISMi s a mass elec t ron i c survei ll ance data min ing program known to havebeen op erated by the Uni ted States Nat ional Secur i ty Ag ency (NSA) since 2007


27/41

The Centra l Moni tor ing System is amass elec t ron ic

survei l lanceprogram instal led by C-DOT, an Ind ian

Government owned agency .

The CMS gives Ind ia's securi ty agenc ies and income tax

off ic ialscentral ized access to Ind ia's

telecommunications netwo rkand th e abi l i ty to

l isten inon & record mobi leland l ine and satell it ecal ls and ) , and readp r ivate ema il s, SMS and MMS and t rack the geog raph ical

locat ion of ind iv iduals , al l in real t ime.


28/41


29/41


30/41


31/41


32/41

Identify and control

Applications onany Port

Application developers no longer adhere

to standard port, protocol, or application

mapping.

Applications such as instant messaging,

peer-to-peer file sharing or Voice over IPare capable of operating on non-standard

ports or can hop ports.

Additionally, users are increasingly

savvy enough to force applications to run

over non-standard ports.

In order to enforce application specific

policies where ports are increasingly

irrelevant, the next gen future firewall

must assume that any application can

run on any port.

future firewall must classify traffic,

by application, on all portsall the time.

Firewall mustMost organizations have security


33/41

Firewall must

identify and control

circumventors

Most organizations have security

Policies and controls designed to enforce

security policies.

Proxies, remote access, and encrypted

tunnel applications are specifically usedto circumvent security controls like

firewalls, URL filtering, IPS, and secure

web gateways.

The future firewall requires specific techniques

to deal with all of these applications, regardless

of port, protocol, encryption, or other evasive tactic.

One more consideration: these applications are

regularly updated to make them harder to detect

and control. So it is important the future firewallcan identify these circumvention applications,

and will also ensure that your firewalls application

intelligence is updated and maintained on an

ongoing basis.


34/41

Decrypt

outbound SSL

Today, more than 30% of network traffic

is SSL-encrypted

Given the increasing adoption of

HTTPS for many popular applicationsthat end-users employ (e.g., Gmail,

Facebook), and users ability to force

SSL on many websites, network

security teams have a large and

growing blind spot without decrypting,

classifying, controlling, and scanningSSL-encrypted traffic.

Certainly, the future firewall must be

flexible enough that certain types of

SSL-encrypted traffic can be left

alone (e.g., web traffic from financial

services or health

care organizations) while other types

(e.g., SSL on nonstandard ports, HTTPS

from unclassified websites can be

decrypted via policy.

Scan f viruse


35/41

Scan forviruses

and malware in

allowedcollaborativeapplications

Enterprises continue to adopt

collaborative applications hosted outside

their physical locations.

Microsoft SharePoint, Google Docs,

Box.net orMicrosoft Office 365, or an

extranet application hosted by a contractor or

business partner,

These applications are considered to be a

high-risk threat vector

Furthermore, applications like Microsoft

SharePoint rely on supporting

technologies that are regular targets for

exploits including Microsoft SQL Server or

IIS.


36/41

Deal with

unknown traffic

by policy

There will always be unknown traffic

and it will always represent significant

risks to any organization.

Forcustom developed applications, there should

be a way to develop a custom identifierso that

traffic is counted as known.

The future firewall should attempt to

classify all traffic.

Positive (default deny) vs Negative

(default allow)


37/41

Identify and control

applications sharing

the same connection

Gmail which has the ability to spawn a Google Talk

session from within the Gmail session. Gmail andGoogle Talk are fundamentally different

applications, and your future firewall should

recognize that, and enable the appropriate policy

response for each.

Applications share sessions.

WHAT DO WE DO TODAY?


38/41

TAKE CONTROLLED RISK

WHAT DO WE DO TODAY?

NO TWO ORG orUSERS CAN HAVE SAME

MODEL OF SECURITY IMPLEMENTATION

THE NEED IS CUSTOMISED MODELFOR EVERYONE

KEEP YOUR EYES OPEN

Know EAL of your product


39/41

Stringent

Security

Policies

Monitoringtools

Analysistools

Firewalls/UTMs

Cryptography


40/41


41/41

Contact me at : [email protected]

I blog at http://anupriti.blogspot.com
mailto:[email protected]:[email protected]

IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA

Documents

Transcript of IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA