1 / 12

Risk Management for Opaque Networks

Risk Management for Opaque Networks. “ Hitting the Moving Target ” De Ann Pope. Enterprises are no longer self-contained!. “From the edge of a corporate network to the user desktop, you can no longer control the flow of information .”. Map of the Internet December 1998 – Wired Magazine.

rsolis
Télécharger la présentation

Risk Management for Opaque Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Management for Opaque Networks “Hitting the Moving Target” De Ann Pope

  2. Enterprises are no longer self-contained! “From the edge of a corporate network to the user desktop, you can no longer control the flow of information .” Map of the Internet December 1998 – Wired Magazine

  3. History of the Network

  4. Client/Server Applications History of the Network Applications on closed networks Networks + gateway for occasional email & web-browsing Networks using the Internet for site-to-site communications, email, web-browsing, collaboration, etc.

  5. Threats Tracking Cookies Trojans Spyware Adware KeyLoggers Malware Parasites Browser Hijacker

  6. Do you know your true network perimeter? The Problem • You can’t secure what you can’t manage • You can’t manage what you can’t define

  7. Do you have systems, networks or applications: that connect to external networks? RISK provide Internet access for users? RISK collaborate with external users? RISK 4. control all flow of data to and from your users? RISK Evaluating the Risk

  8. An approach that reduces overall risk with attainable goals Change the way we design and implement information security infrastructure Combine best of breed techniques & technologies that provide dynamic security solutions Need to Change

  9. Define Security Domains and policies that apply when passing information through each domain. Managing Risk Internet INTERNET COMPANY X COMPANY X COMPANY X FINANCE SITE Interconnection

  10. Focus resources at the perimeter of the network Use sound methods for access/authentication/non-repudiation & audit Restrict access to suspect sites Monitor port activity Use VPNs & other methods for protecting communications Remember that email messages are digital postcards Store user data on shared resources not on workstations or co-located lans (use layers of abstraction) Use multi-trackware detection and removal utilities to protect clients as much as possible. Use proxy devices to control communications Managing Risk

  11. Managing ‘interconnections’ is the crux to effectively managing the perimeter of a network, providing an effective risk mitigation strategy for opaque networks. Closing Point To manage the risk, create clearly defined policies and train users to follow them!!

  12. Thank You.De Ann PopeTechnical Director

More Related