Jason A. Wessel AVP Security Services Network Security: A Defense-in-Depth Approach.
-
Upload
lisa-barker -
Category
Documents
-
view
215 -
download
0
Transcript of Jason A. Wessel AVP Security Services Network Security: A Defense-in-Depth Approach.
Jason A. WesselAVP Security Services
Network Security:
A Defense-in-Depth Approach
Agenda• Origin of Defense-in-Depth• Defense-in-Depth: Information Security
– Strategies, – Security Models / Frameworks
• Attackers & the evolving threats on Information Security
• Network Defenses • Additional Defenses• Question & Answer
Origin of Defense-in-Depth
“A military strategy sometimes called elastic defense. Defense in depth seeks to delay rather than prevent the advance of an attacker, buying time and causing additional causalities by yielding space.”
http://en.wikipedia.org/wiki/Defense_in_depth
Defense-in-Depth: Information Security
“…the practice of layering defenses to provide added protection. Defense in depth increases security by raising the cost of an attack. This system places multiple barriers between an attacker and your business critical information resources: the deeper an attacker tries to go, the harder it gets.”
Brooke Paul, Jul 01, Security Workshop at Network Computing
Defense-in-Depth StrategyInformation Assurance Strategy
Ensuring confidentiality, integrity, and availability of data
People-Hire talented people, train and reward them
Technology -Evaluate, Implement, Test and Assess
Operations-Maintain vigilance, respond to intrusions, and be prepared to restore critical services
IAS Thomas E. Anderson Briefing Slides
Perimeter
Internal
Hosts
Applications
Data
Defense-in-Depth
Security Model
Defense-in-Depth
• Framework for Information Security– “Security is a process, not a product”
Bruce Schneier
• Ongoing process– Can’t be implemented over a weekend
• Assume control points will fail– Architecture to protect from failures
The Attackers• The Script Kiddies
– Does not target specific information or companies– Small number of exploits and search for victims to utilize exploits
against• The Skilled Hacker
– Targets specific information and companies– Performs comprehensive research on victims using multiple
exploits and social engineering techniques– Typically out for personal gain (money, glory, etc.)
• The Insider– Trusted employee, who knows where business critical information
is located– Typically out to harm business reputation, commit fraud, or financial
gain
Attack Landscape is Evolving • Viruses, Worms, Trojans, Root Kits• Shift from “Glory-Motivated-Vandals” to
“Financially-Politically-&-Fraud-Motivated-Cyber-Crime”
• “Designer Worms” and “Designer Trojans”
• Shift from Worms to Bot-Networks
From IBM Internet Security Systems
Attack Evolution Example
• Welchia Worm– Infected devices– Sprayed 20K UDP packets per second– Impacted services and network performance
based on increased traffic volume
• Zotob/Esbot– Owned devices, restricted range, local traffic – Assess first, fire only when vulnerable
From IBM Internet Security Systems
Network Defenses• Network Segmentation• Access Points • Routers and Switches• Firewalls• Content Filtering• IDS / IPS• Remote Access• Event Management• Vulnerability Management
Network Segmentation
• Create a logical security view of a network infrastructure
• Identify critical resources and information assets
• Apply security and business risk classifications
• Building block for the other network defenses
Network Segmentation
Network Access / Entry Points
• Entry points into the network infrastructure
• Classify the access points• Develop a security risk profile for each
access point • Each access point presents a threat for
unauthorized and malicious access to the network infrastructure.
Network Access Points
Routers and Switches
• Typically responsible for transporting data to all areas of the network
• Sometimes overlooked as being able to provide a defense layer
• Capable of providing an efficient and effective security role in a Defense-in-Depth strategy
Simple Router & Switch Network
Firewalls• First defenses thought of when working on a
Defense-in-Depth strategy• Provide granular access controls for a network
infrastructure• Firewall Types:
– Packet filtering– Proxy based– Stateful Inspection
• Continuing to increase their role by performing application layer defenses on the network
Firewalls
Content Filtering• Protection of application and data content
being delivered across the network• Content filtering looks for:
– Virus– File attachments– SPAM– Erroneous Web Surfing– Proprietary / Intellectual Property
• Commonly used network protocols:– SMTP, HTTP, FTP, and instant messaging
Content Filtering
IDS / IPS• Detect malicious network traffic and
unauthorized computer usage• Detection Strategies
– Signature-based – Anomaly-based– Heuristic-based– Behavioral-based
• View of traffic from a single point• Similar technologies are applied at the host and
network layers
IDS/IPS
Remote Access
• Identify all remote access points into the network infrastructure.
• Driven by the need to promote business productivity
• Expanding the perimeter
• Requires strict access controls and continuous activity monitor
Remote Access
Security Event Management
• The collection and correlation events on all devices attached to the network infrastructure.
• Provides insight into events which would go unnoticed at other individual defense layers
• Provide automated alerts of suspicious activity
Security Event Management
Vulnerability Management
• Continuous process of assessing and evaluating the network infrastructure
• Multiple views / perspectives
• Integration with Patch Management and ticketing systems
• Configuration & maintenance validation
Vulnerability Management
Additional Defenses: Connecting the Hosts & Network
• Security Policies
• Network Admission Control (NAC)
• Authentication Services
• Data Encryption
• Patch Management
• Application Layer Gateway
Network Security: A Defense-in-Depth Approach
Jason A. WesselAVP Security Services
CADRE – Information [email protected]
888-TO-CADRE