1 / 18

Importance of a Multi-Layered Approach to Cyber Security

Importance of a Multi-Layered Approach to Cyber Security. Ian Whiting, CEO Titania. What do we do?. We develop advanced security auditing software. Our products:. Awards & Memberships (2012). Won 2 Prestigious Security Awards in 2012. ISO 9001 Accredited in 2012 . Our Customers.

gratia
Télécharger la présentation

Importance of a Multi-Layered Approach to Cyber Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Importance of a Multi-LayeredApproach to Cyber Security Ian Whiting, CEO Titania

  2. What do we do? • We develop advanced security auditing software. • Our products:

  3. Awards & Memberships (2012) Won 2 Prestigious Security Awards in 2012 ISO 9001 Accredited in 2012

  4. Our Customers

  5. Why Multi-Layered? • Examples of single layer failures • Anti-Virus • Application Firewalls • State Subverted Code

  6. Anti-Virus (Weakness) • All Vendors are Susceptible • Optimization Weaknesses: • Large Files • Virus Definition Databases • Pattern Intelligence • Encryption (Email and File)

  7. Anti-Virus (Defence) • Use Multiple Anti-Virus Vendors • Virus Scanners: • E-Mail Server • Gateways • Server File Scanning • Client Machines

  8. Application Firewalls (Overview) • These are firewall devices that understand application communications and is able to allow or disallow access based on configured rules.

  9. Application Firewalls (OSI) Layer 7 Examples: HTTP, SMTP Layer 4 Examples: TCP, UDP Layer 3 Examples: IP, ICMP Open Systems Interconnection (OSI) model (ISO/IEC 7498-1)

  10. Application Firewalls (Layers 1-6) • What about the earlier OSI layers? • For a web server, TCP/IP connections must be made.

  11. Application Firewalls (Performance) • Once it has been established that network traffic is HTTP (for a web server), why keep checking? • Significant optimizations can be made once assumptions are made by an application firewall. • It has already been checked once, why check again?

  12. Application Firewalls (Encryption) • If the application firewall cannot read the traffic, how can it make allow / deny decisions?

  13. Application Firewalls (Defence) • Employ Traditional Firewall Technology to Supplement Application Firewalls. • Decrypt the Network Traffic before the Application Firewall.

  14. State Subverted Code • Huawei • Cheap Enterprise Network Devices • Some are Modified Cisco or 3COM / HP Clones • Manufactured in China • Security Issues Not Present In Original Hardware

  15. State Subverted Code • BSD Crypto : FBI Backdoor - Gregory Perry • Used in VPN Connections. • Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) • Recommended by NIST SP 800-90 • Output can be Predicted After Collecting 32 Bytes of Data (http://rump2007.cr.yp.to/15-shumow.pdf)

  16. State Subverted Code (Defence) • Firewalls • Use multiple devices from different manufacturers. • Services • Use application firewalling, monitoring, IPS and Anti-Virus / Anti-Malware. • Everything • Keep the software up-to-date.

  17. Summary • Defence in Depth is Key to a Secure Strategy

  18. Questions?

More Related