1 / 17

Joe Budzyn Jeff Goeke-Smith Jeff Utter

Joe Budzyn Jeff Goeke-Smith Jeff Utter. Risk Analysis. Match the technologies used with the security need Spend time and resources covering the most likely and most expensive risks. Firewalls. What is a firewall? A technology for the selective allowance of network traffic.

vail
Télécharger la présentation

Joe Budzyn Jeff Goeke-Smith Jeff Utter

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Joe Budzyn Jeff Goeke-Smith Jeff Utter

  2. Risk Analysis • Match the technologies used with the security need • Spend time and resources covering the most likely and most expensive risks

  3. Firewalls • What is a firewall? • A technology for the selective allowance of network traffic. • Types of firewalls • Stateful or Stateless • Software or Hardware • Border or Intranet

  4. Firewalls • Rule Set Methodology • Mostly Open • Mostly Closed • Zones • Untrust • Trust • DMZ

  5. IDS / IPS • Network Device that identifies and optionally stops hostile network traffic • Signature based detection • Signatures can match on packet content • Signatures can match on behavior • Deployed at network choke points • Generally in conjunction with a firewall • Border of an office, a workgroup, a building, or a campus

  6. Encryption • Encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. • Public Key / Private Key • Pre-shared Key • Example Uses • Disk Encryption, File Encryption • Secure Email (i.e. PGP)

  7. VPN • Network tunnel over a more general network • Implies channel encryption, authentication, authorization • May be used to avoid firewalls and IPS/IDS systems on the path of the tunnel • Deployed next to firewalls for remote access or administrative access.

  8. Secure Remote Access • Remote Desktop Client • SSH • Network Tunnels • Two Factor Authentication • Key Based Authentication

  9. Tripwire • Tripwire watches for changes to files for monitored systems. • Enterprise Tripwire runs with a server and clients. • Remote monitoring of changes, with alerts. • Ability to approve or roll back some changes. • Useful in the detection of intentional and unintentional changes.

  10. Network Flow Analysis • Look for ‘odd’ behavior rather than ‘odd’ content. • Traffic sent to an analysis engine via a mirror, or summarized by the routers • Multiple products exist with differing emphasis • Arbor Networks • Q1 labs

  11. Anti-Malware • Malware is any piece of malicious code or a program that embeds itself onto a computer without the user’s knowledge. • Examples • Virus • Spam • Trojan • Root kit • Spyware • Adware • Key Logger

  12. Anti-Malware • What to do about it? • DON’T OPEN ATTACHMENTS THAT YOU ARE NOT EXPECTING. • ESPECIALLY IF YOU DON’T TRUST THE SOURCE • Keep an up to date Anti-Malware application (or suite) installed and running. • Many different vendors and some free apps do this.

  13. Security Practices - Servers • Patch Management • All systems are vulnerable, patching makes them less so • Log Analysis • Learn what is normal, then watch for the abnormal • Secure Configuration • Pick a standard and follow it

  14. Security Practices - Users • All users on the network are integral to overall security • User Education Campaigns • User Policy Tools • Group Policy, reviewing logs

  15. Denial of Service Protection • Types of DoS • UDP flood, SYN flood, ICMP flood, backscatter, distributed, packet of death, BGP route injection • Type of protection • Routing infrastructure • Firewalls • Special adaptive devices

  16. Advanced Network Tricks • Honey Pots – a weakened computer meant to attract attackers • Tar Pits – a series of fake computers meant to slow attackers down • Dark Nets – a network of fake computers meant to determine what attackers are doing

  17. Managing Your Identities • Common complaint: I have too many passwords to remember! • This may lead to sticky notes under keyboards • Password Wallet or Password Safe • Public key / private key encryption • Password generation algorithms

More Related