IT Security Roadmap

Document Sample
IT Security Roadmap Powered By Docstoc
					Network Security Roadmap

      February 15, 2011
                  The IT Security landscape
Malware                         Stopit

                      Spyware     Global Threats           botnets
      DMCA Notifications
                                               FERPA              Laws & Regulation

   keystroke logger                                               Law Enforcement
                                                rootkit           Support

      WISP                                        botnet        Encryption
 2/15/11                                                                              2
       Many Dimensions of IT Security
                                                              MIT Policy
                                                             IS&T Policy
                                                         Change Management

      Data Law/Regs Compliance
       DMCA / HEOA Compliance
            Identity Management                                                                     IT Security & Risk
          Accounts Management         Management
                                                                                       Strategy     Management
      Configuration Management                                                                      Roadmap
     Authorizations Management

                                                                                                           Web sites
                                                                                                           Knowledge Base
 Enterprise Backup Services      Recovery &
                                                                                            Awareness      Security-FYI newsletter
              Virtualization     Restoration
                                                                                                           Education & Training

                 Border Firewalls / IDS / IPS                                             User Experience standards
                                                Detection &             Preparation
                         WIN Doman / ePO         Reaction               & Prevention      •WIN Domain
                              Event Logging                                               •Virtual Desktops
                   Network Traffic Analysis                                               •Data Protection
                         Incident Response                                                •Privacy Protection

2/15/11                                                                                                                              3
            Current Challenges
• IT Security approach today is reactive, one-off,
  labor intensive and lacking useful data
• Most incident detection re: MIT computers
  comes from 3rd parties
• We have sparse data on MITnet’s uses
• Computers are not adequately protected from
  attack – from both inside and outside
• Compromises reduce productivity, put sensitive
  data and IP at risk, and lead to legal, financial and
  reputational harm

2/15/11                                               4
                                     Traditional View
       The Public Internet is wonderful, we should do everything possible to ENABLE
       computers on MITnet to access anything and everything on the Public Internet, and
       vice versa, and to think of MIT and MITnet as if they were simply a subset of the
       Public Internet, particularly from a policy point of view.

                                 The Public Internet



  Service, Server or Data Resource

  Personal or Work Computer
2/15/11                                                                                    5
• MIT does not comply with all provisions of MA
  Data Breach Law/Regulations, particularly in
  incident detection/response and forensics
• MIT complies with HEOA, but DMCA Notification
  volumes are soaring, so the measures used may
  not be enough, and we may need additional
  technological measures
• Isolating/protecting PCI computers (as well as
  other devices requiring VERY high protection)
  remains difficult.
2/15/11                                            6
            Guiding Principles
• Provide for standards in a decentralized
• Academic freedom, privacy and choice
• Technically sound, providing high reliability
• Improve visibility of network needs and issues
• Granularity – no more “one size fits all”
• Protect intellectual property
• Comply with laws and regulations
• Safer computing experience
• Fiscally prudent
2/15/11                                            7
                                     Future View
       By providing a more managed connection at the border between MITnet and the Public
       Internet, we increase the visibility of – and our understanding of – the threats and risks
       that are present, and then how to protect MIT computers and work areas on a very
       granular level.

                 The Public Internet

                                                           B                       Protected
                                                                                 Admin Servers

  Service, Server or Data Resource
  Personal or Work Computer                                                        Work Areas


  Protected Computers
2/15/11                                                                                                   8
                                      What is the plan?
        Border                                                                    Managed
                                              Network Access
      Protection                                                               User Experience

    Intrusion Detection                      Authenticated Wireless            DLC managed domains
   Intrusion Prevention                      & Wired Network Access           IS&T managed domains
      Border Firewalls                          Logging Policies               Desktop Virtualization

The Cisco SCE 8000 Series Service         Adoption of the 802.1x standard     Continue support of an MIT-
Control Engine delivers high-             for access to MITnet wireless,      wide WIN domain for Windows
capacity application and session-         with default connections set to     computer; explore Casper for
based classification and control of       be secure, but offering choices     managing Macintosh computers
application-level IP traffic per          for those who need them.            in a similar way.
                                          Splunk collects, indexes and
The Cisco ASA 5500 Series                 harnesses data generated by our     Move ahead with pilot projects
Adaptive Security Appliances              applications, servers to            for desktop virtualization in
deliver highly effective intrusion        troubleshoot problems and           early-adopter, high-risk areas of
prevention capabilities using             investigate security to avoid       the Institute.
hardware-accelerated IPS                  service degradation or outages.
modules.                                  Correlate and analyze complex
                                          events spanning multiple systems.

2/15/11                                                                                                     9
                                                                     CALENDAR YEAR 2011

                         Jan - Mar                            Apr - Jun                            Jul - Sep                          Oct - Dec
Border Protection

                     Purchase & install border    Implement detection & protection                Increase breadth of protection, targeting high-
                      protection equipment          for select network segments                                   risk services

                                           Install intelligent log   Integrate alerts and    Integrate alert detection and end-             Integrate
                                               management              log management                 user notification                   remediation
                                                           Initial tuning                                       Increase rollout
                                                             Phase 1                                                Phase 2

                                                                Plan and communicate default secure          Deploy default secure wireless
                                                                       wireless configuration               configuration and guest wireless

                                 Continue Windows Domain deployments                        Pilot virtual desktop with high-risk groups

                                                                                                                      Technology Legend
                                                                                                               Cisco ASA 5585
                                                                                                                                Secured wireless
                                                                                                               Cisco SCE 8000
                    2/15/11                                                                                                       WIN domain            10
                                                                                                              Splunk, RT, Moira
                                                                                                                                 Virtual desktop

Shared By: