Docstoc

Network Security Management Network Security

Document Sample
Network Security Management Network Security Powered By Docstoc
					            Network Security Management


New Delhi                  M C Srivastava
                                 Manager (System)
                                   mcsrivastava@iffco.nic.in




                Network Security
• Network Security is a
  system

• A process that requires
  technology, people and
  policies

• A process that requires
  input from entire
  organization
“A collection of network-connected devices, technologies, and
best practices that work in complementary ways to provide
security to information assets”




                                                                1
                   Why Security ??
• Increased networked
  environment and online based
  applications

• Evolution of technology
  focused on ease of use and
  business transactions

• Increasing complexity of
  computer infrastructure and
  management

• New ways of exploitation of
  vulnerabilities.




                    Ultimate Goals

   • To protect organization business critical data
     from      unauthorized      access, disclosure,
     tampering, destruction and assurance of
     availability of data when required




   • Security rests on Confidentiality, Integrity and
     Availability




                                                        2
                                         Threats


                                                           Malicious Code
                                                           Worms, Viruses, Trojans

                                                           Week password, Hackers
                                                           Information Theft, DOS,
                                                           Phishing, application
                                                           vulnerability, keyloggers

                                                           Time Waster
                                                           Adware, Spam Email, Popup’s




                Evolving Threat Landscape
Pre-2005                          2005                                EMERGING

Evolving Threat Landscape
• Worms                           • Spyware                           • Unknown
• DoS/DDoS                        • Web Client Attacks                • Rapid
• Server Exploits                 • VOIP-based vulnerabilities        • Encrypted attacks
                                  • Sophisticated DoS attacks         • VoIP attacks
                                  • P2P                               • Distributed Botnet attacks
                                  • Early Infrastructure              • Advanced Botnet
                                  vulnerability                         DoS/DDOS attacks
                                                                      • Spyware-based Root kits
                                                                      • Evolving Infrastructure attacks



Impact to Business                •                                   •
                                  • Data loss                         • Infrastructure threats – core routers
• Network unavailable for         • Regulatory non-compliance
  business                                                              to bring down the network
                                  • Fraud                             •Phising
• Loss of Market/customer trust   • Extortion                         •Network unavailable for business
• Mass mailers launched DoS       • Internal threats
                                                                      • Loss of Market/customer trust
• Sasser, “I love You”            • SQL Slammer, Trojan               • Regulatory non-compliance
                                  •Network unavailable for business   • Fraud
                                  • Loss of Market/customer trust     • Extortion
                                                                      • Internal threats




                                                                                                                3
 Understanding Your Vulnerabilities
• Internet & e-mail Gateways, Server & desktop




     Solutions - Defense in Depth

                            Perimeter Defense

                            Gateway Defense

                            Server Defense

                            Host Defense

                            Application Defense

                            Data and Resources




                                                  4
   Enterprise Security - Technologies
• Firewalls and VLAN
• Intrusion detection and
  preventions
• Antivirus Software
• Internet content filter Software
• Antispam for E-mail
• Authentication, Authorization
  and accounting (AAA)
• Two factor authentication
• End Point Security
• Best Practices and awareness
• Physical access control




                               Firewall
    Protects your internal network from the external world by
    blocking ports ( 65500-approx) except desired ports.

    Enforces an access control policy between two networks

    Does Network address translation (NAT) of IP address

    Disallow unauthorized traffic in/out of your network

    Define rules depending on required services/protocol




                                                                5
            What firewall’s can’t do
 Hackers can enter into network through opened ports

 Limited application level intelligence

 Unable to provide protection against application based
 attacks


 Doesn’t provide security from viruses, worms, spywares

 Limited awareness of attack patterns

 Doesn’t protect against new threats




              Real World examples
                    Welchia

The Worm:

  Uses ICMP (ping) type 8 (echo request) to find targets

  Uses TCP/135 to exploit Microsoft windows vulnerability



Practical Example:

  Connect a new Windows XP laptop to Internet, 20seconds later
  network gets very busy,10seconds later, laptop reboots
  (infected)




                                                                 6
       Intrusion Prevention System

Actively Inspect network traffic
and stops internal as well as
external network threats

Prevents malicious traffic from
reaching the target system

Proactively defends network
against attack

Enables you to enforce RFC
compliance




         Traffic Inspection Methods


Protocol validation

Misuse detection

DoS detection

Scan detection

Correlation




                                      7
                IPS Deployment

• Inline Mode
  – Sensor engine inline between the network traffic path
  – Capable of protecting from network attacks with
    immediate Terminate Action.
  – Operates as an “intelligent wire” between network
    components.


• Promiscuous Mode
     - Connected Parallel with outside and inside networks
     - Achieved thro port mirroring on switch
     - Reactive action




     Secure Connectivity Solutions

 Remote-access VPN's— Employees at Home or
 remote/mobile user can securely connect to corporate
 resources using economical Internet connectivity.


 IP Communications— IP Communications securely delivers
 enterprise-class solutions for IP telephony, unified
 messaging, IP videoconferencing and audio conferencing.


  Security management and monitoring—A management
 system for monitoring, analysis and reporting the incidents
 and take necessary action to eliminate the risks.




                                                               8
                    Power of 3A’s (AAA)




AAA is fundamental component of information security technology that can be used
to determine

       Authentication, Authorization and Accounting (AAA)

       Who can access organization's resources

       what function they can perform

       What user has done/performed on organization resources

       Useful for Network engineers, developers and DBA working in a team and
       from multiple locations.




              Two Factor authentication
Any two of below is strong authentication

   Something you know – Knowledge based - Password

   Something you have –Ownership -Hardware token (OTP) of RSA, Entrust

   Something specific – Characteristics- Biometrics – e.g. Iris




                                                                                   9
                    Why Two Factor ?

   Static password don’t provide adequate security and can
   be cracked very easily.

   Two factor prevents Identity thefts/copied of password

   Can not be leaked out due to Social engineering

   Cost effective solution for added security

   Protect business critical data, information and servers
   from unauthorized access




    Where Two Factor Authentication required




Two Factor authentication used for mission-critical, highly sensitive systems,
data and applications access through:

       VPN’s & WLAN’s
      Intranets & extranets
       Web servers
      E-mail
       Other network resources




                                                                                 10
    Typical setup-IFFCO’s MPLS based VPN




    IT services & Infrastructure
Enterprise based IT applications.

MPLS based WAN upto Area Offices.

About 130 links with fall back arrangement from other
services provider for critical offices/plants.

500 ( Approx) offices in smaller city are connected thru
Broadband internet.

IP Telephony with voice and video.

Data Centre at Saket, New Delhi & DR at Kalol
(Gujarat).

IP based Video Conferencing Studio at Delhi and Plants




                                                           11
   IT services & Infrastructure
 Many workflow applications with no paper
 production and movement.

 High penetration of PC with 1:1 ratio at its
 Head Office and all Marketing Offices.

 Wi-Fi enabled building for laptop/mobile
 users
 Centralised Antivirus Systems




   IT services & Infrastructure
21 Mbps Internet link for hosting of web
server, email,browsing etc from different
ISPs with backup arrangement
Centralised Internet to users across the
country
Security devices such as Firewalls, IPS,
Internet filtering
Regular Security Audit and Gap analysis for
ISO 20000.




                                                12
              Major Application software (web based)
1. Human Resource Management System (HRMS)

2. Management Information System (MIS)

3. Marketing Management System

4. Financial Management System

5. Materials Management System

6. e-Procurement- PKI Digital certificate based

7. Plant Maintenance Management System

8. Product Despatch System

9. Work Flow (paperless) applications for various jobs –Lotus Notes

10. Shares Accounting System, Library Management System

11. Organization email for faster communication and decision –Lotus Domino




                Network Monitoring Tool
                            (Solarwinds Orion)




                                                                             13
                   Corporate information

•   Structured Information Stored In Databases
    – HR Records, Financial Information, Customer Records.
•   Unstructured Information Stored In Email & File Servers
    – Source Code, Design Documents, Personal Information
    – Bussiness iformation




       File Server           Messaging Server      Database Server




                     Risk in Enterprise
                     Messaging System
•   Messaging and Email – The Next Mission Critical Application
    – Most of A Company’s Intellectual Property Is Contained In Email
    – 75% of All Corporate Litigation Involves Some Kind Of Email
      Discovery
    – 70% of All Corporate Email Is Spam




     File Server          Messaging Server       Database Server




                                                                        14
           Mail security- Keep bad things out

     •        Antispam, Viruses, Worms, virus outbreak filters, network reputation
              services


Malicious Code
                 Traffic Shaping &

                                      Fraud Prevention
                   Spam Filtering
                   Spam Filtering




   Phishing
                                                         Anti-
                                                         Anti-Virus




                                       Mail
                                     Security
    Spam                             Solution

                  File Server                                         Messaging Server     Database Server




                                                         Database Security
              Detect leakage of confidential information
              Encrypt confidential information.
              Protection of data from damage/loss


                                      SELECT Credit_Card, FROM Customers




                                                                               Extrusion
                                                         Data Leakage           Policies


                                                                                Fraud
                                                                    Database
                                                         Fraud Detection       Policies
                                                                    Security
                                                                                Audit
                                                         SQL Audit Trail     Policies
                  File Server                                       Messaging Server       Database Server




                                                                                                             15
                  Problem Contd..

Difficult to control w/out curtailing benefits


Wireless, Guests, Outsourcing, Mobility, USB,
IM, Rogues


Traditional security products aren’t
efficient


99% have AV–68% get viruses


New agent for every threat, poor
management, no integration




How it works – Stopping worm Attacks




                                                 16
                       Solution..

  Personal Firewall
  HIPS
  Advanced outbound threat protection (application
  control)
  I/O Device control
  Automated policy enforcement and centralized
  management




                Security Roadmap
                    for 2009
Upgradation of IPS
Implementation of Log analysis Software for security/
attacks from internal & external network.
Implementation of Two factors authentication for VPN users
working from Home /remote locations.
Enhancing outbound security policy on Firewall
Implementation of recommendations of security audits.
Security Upgradation of Disaster Recovery site at Kalol.
Implementation ( IInd phase) of Internet browsing policy




                                                             17
    Some useful security guidelines
Have strong password & better have two factor authentication

Have the latest service packs for the OS of your PC/servers

Never run any executables or scripts file via e-mail

Have the latest updates for browser and e-mail software

Use a Antivirus software and regularly scan your PC

Browse Internet carefully and keep firewall of PC ON.

Format Old PC before donating/auction

Disable all login accounts of employee who left/retired.

Put password on wireless devices at residence, office etc.




        Thank you




                                                               18

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:0
posted:2/15/2012
language:
pages:18