Network Security Management Network Security

Document Sample
Network Security Management Network Security Powered By Docstoc
					            Network Security Management

New Delhi                  M C Srivastava
                                 Manager (System)

                Network Security
• Network Security is a

• A process that requires
  technology, people and

• A process that requires
  input from entire
“A collection of network-connected devices, technologies, and
best practices that work in complementary ways to provide
security to information assets”

                   Why Security ??
• Increased networked
  environment and online based

• Evolution of technology
  focused on ease of use and
  business transactions

• Increasing complexity of
  computer infrastructure and

• New ways of exploitation of

                    Ultimate Goals

   • To protect organization business critical data
     from      unauthorized      access, disclosure,
     tampering, destruction and assurance of
     availability of data when required

   • Security rests on Confidentiality, Integrity and


                                                           Malicious Code
                                                           Worms, Viruses, Trojans

                                                           Week password, Hackers
                                                           Information Theft, DOS,
                                                           Phishing, application
                                                           vulnerability, keyloggers

                                                           Time Waster
                                                           Adware, Spam Email, Popup’s

                Evolving Threat Landscape
Pre-2005                          2005                                EMERGING

Evolving Threat Landscape
• Worms                           • Spyware                           • Unknown
• DoS/DDoS                        • Web Client Attacks                • Rapid
• Server Exploits                 • VOIP-based vulnerabilities        • Encrypted attacks
                                  • Sophisticated DoS attacks         • VoIP attacks
                                  • P2P                               • Distributed Botnet attacks
                                  • Early Infrastructure              • Advanced Botnet
                                  vulnerability                         DoS/DDOS attacks
                                                                      • Spyware-based Root kits
                                                                      • Evolving Infrastructure attacks

Impact to Business                •                                   •
                                  • Data loss                         • Infrastructure threats – core routers
• Network unavailable for         • Regulatory non-compliance
  business                                                              to bring down the network
                                  • Fraud                             •Phising
• Loss of Market/customer trust   • Extortion                         •Network unavailable for business
• Mass mailers launched DoS       • Internal threats
                                                                      • Loss of Market/customer trust
• Sasser, “I love You”            • SQL Slammer, Trojan               • Regulatory non-compliance
                                  •Network unavailable for business   • Fraud
                                  • Loss of Market/customer trust     • Extortion
                                                                      • Internal threats

 Understanding Your Vulnerabilities
• Internet & e-mail Gateways, Server & desktop

     Solutions - Defense in Depth

                            Perimeter Defense

                            Gateway Defense

                            Server Defense

                            Host Defense

                            Application Defense

                            Data and Resources

   Enterprise Security - Technologies
• Firewalls and VLAN
• Intrusion detection and
• Antivirus Software
• Internet content filter Software
• Antispam for E-mail
• Authentication, Authorization
  and accounting (AAA)
• Two factor authentication
• End Point Security
• Best Practices and awareness
• Physical access control

    Protects your internal network from the external world by
    blocking ports ( 65500-approx) except desired ports.

    Enforces an access control policy between two networks

    Does Network address translation (NAT) of IP address

    Disallow unauthorized traffic in/out of your network

    Define rules depending on required services/protocol

            What firewall’s can’t do
 Hackers can enter into network through opened ports

 Limited application level intelligence

 Unable to provide protection against application based

 Doesn’t provide security from viruses, worms, spywares

 Limited awareness of attack patterns

 Doesn’t protect against new threats

              Real World examples

The Worm:

  Uses ICMP (ping) type 8 (echo request) to find targets

  Uses TCP/135 to exploit Microsoft windows vulnerability

Practical Example:

  Connect a new Windows XP laptop to Internet, 20seconds later
  network gets very busy,10seconds later, laptop reboots

       Intrusion Prevention System

Actively Inspect network traffic
and stops internal as well as
external network threats

Prevents malicious traffic from
reaching the target system

Proactively defends network
against attack

Enables you to enforce RFC

         Traffic Inspection Methods

Protocol validation

Misuse detection

DoS detection

Scan detection


                IPS Deployment

• Inline Mode
  – Sensor engine inline between the network traffic path
  – Capable of protecting from network attacks with
    immediate Terminate Action.
  – Operates as an “intelligent wire” between network

• Promiscuous Mode
     - Connected Parallel with outside and inside networks
     - Achieved thro port mirroring on switch
     - Reactive action

     Secure Connectivity Solutions

 Remote-access VPN's— Employees at Home or
 remote/mobile user can securely connect to corporate
 resources using economical Internet connectivity.

 IP Communications— IP Communications securely delivers
 enterprise-class solutions for IP telephony, unified
 messaging, IP videoconferencing and audio conferencing.

  Security management and monitoring—A management
 system for monitoring, analysis and reporting the incidents
 and take necessary action to eliminate the risks.

                    Power of 3A’s (AAA)

AAA is fundamental component of information security technology that can be used
to determine

       Authentication, Authorization and Accounting (AAA)

       Who can access organization's resources

       what function they can perform

       What user has done/performed on organization resources

       Useful for Network engineers, developers and DBA working in a team and
       from multiple locations.

              Two Factor authentication
Any two of below is strong authentication

   Something you know – Knowledge based - Password

   Something you have –Ownership -Hardware token (OTP) of RSA, Entrust

   Something specific – Characteristics- Biometrics – e.g. Iris

                    Why Two Factor ?

   Static password don’t provide adequate security and can
   be cracked very easily.

   Two factor prevents Identity thefts/copied of password

   Can not be leaked out due to Social engineering

   Cost effective solution for added security

   Protect business critical data, information and servers
   from unauthorized access

    Where Two Factor Authentication required

Two Factor authentication used for mission-critical, highly sensitive systems,
data and applications access through:

       VPN’s & WLAN’s
      Intranets & extranets
       Web servers
       Other network resources

    Typical setup-IFFCO’s MPLS based VPN

    IT services & Infrastructure
Enterprise based IT applications.

MPLS based WAN upto Area Offices.

About 130 links with fall back arrangement from other
services provider for critical offices/plants.

500 ( Approx) offices in smaller city are connected thru
Broadband internet.

IP Telephony with voice and video.

Data Centre at Saket, New Delhi & DR at Kalol

IP based Video Conferencing Studio at Delhi and Plants

   IT services & Infrastructure
 Many workflow applications with no paper
 production and movement.

 High penetration of PC with 1:1 ratio at its
 Head Office and all Marketing Offices.

 Wi-Fi enabled building for laptop/mobile
 Centralised Antivirus Systems

   IT services & Infrastructure
21 Mbps Internet link for hosting of web
server, email,browsing etc from different
ISPs with backup arrangement
Centralised Internet to users across the
Security devices such as Firewalls, IPS,
Internet filtering
Regular Security Audit and Gap analysis for
ISO 20000.

              Major Application software (web based)
1. Human Resource Management System (HRMS)

2. Management Information System (MIS)

3. Marketing Management System

4. Financial Management System

5. Materials Management System

6. e-Procurement- PKI Digital certificate based

7. Plant Maintenance Management System

8. Product Despatch System

9. Work Flow (paperless) applications for various jobs –Lotus Notes

10. Shares Accounting System, Library Management System

11. Organization email for faster communication and decision –Lotus Domino

                Network Monitoring Tool
                            (Solarwinds Orion)

                   Corporate information

•   Structured Information Stored In Databases
    – HR Records, Financial Information, Customer Records.
•   Unstructured Information Stored In Email & File Servers
    – Source Code, Design Documents, Personal Information
    – Bussiness iformation

       File Server           Messaging Server      Database Server

                     Risk in Enterprise
                     Messaging System
•   Messaging and Email – The Next Mission Critical Application
    – Most of A Company’s Intellectual Property Is Contained In Email
    – 75% of All Corporate Litigation Involves Some Kind Of Email
    – 70% of All Corporate Email Is Spam

     File Server          Messaging Server       Database Server

           Mail security- Keep bad things out

     •        Antispam, Viruses, Worms, virus outbreak filters, network reputation

Malicious Code
                 Traffic Shaping &

                                      Fraud Prevention
                   Spam Filtering
                   Spam Filtering


    Spam                             Solution

                  File Server                                         Messaging Server     Database Server

                                                         Database Security
              Detect leakage of confidential information
              Encrypt confidential information.
              Protection of data from damage/loss

                                      SELECT Credit_Card, FROM Customers

                                                         Data Leakage           Policies

                                                         Fraud Detection       Policies
                                                         SQL Audit Trail     Policies
                  File Server                                       Messaging Server       Database Server

                  Problem Contd..

Difficult to control w/out curtailing benefits

Wireless, Guests, Outsourcing, Mobility, USB,
IM, Rogues

Traditional security products aren’t

99% have AV–68% get viruses

New agent for every threat, poor
management, no integration

How it works – Stopping worm Attacks


  Personal Firewall
  Advanced outbound threat protection (application
  I/O Device control
  Automated policy enforcement and centralized

                Security Roadmap
                    for 2009
Upgradation of IPS
Implementation of Log analysis Software for security/
attacks from internal & external network.
Implementation of Two factors authentication for VPN users
working from Home /remote locations.
Enhancing outbound security policy on Firewall
Implementation of recommendations of security audits.
Security Upgradation of Disaster Recovery site at Kalol.
Implementation ( IInd phase) of Internet browsing policy

    Some useful security guidelines
Have strong password & better have two factor authentication

Have the latest service packs for the OS of your PC/servers

Never run any executables or scripts file via e-mail

Have the latest updates for browser and e-mail software

Use a Antivirus software and regularly scan your PC

Browse Internet carefully and keep firewall of PC ON.

Format Old PC before donating/auction

Disable all login accounts of employee who left/retired.

Put password on wireless devices at residence, office etc.

        Thank you


Shared By: