180 likes | 314 Vues
Importance of a Multi-Layered Approach to Cyber Security. Ian Whiting, CEO Titania. What do we do?. We develop advanced security auditing software. Our products:. Awards & Memberships (2012). Won 2 Prestigious Security Awards in 2012. ISO 9001 Accredited in 2012 . Our Customers.
E N D
Importance of a Multi-LayeredApproach to Cyber Security Ian Whiting, CEO Titania
What do we do? • We develop advanced security auditing software. • Our products:
Awards & Memberships (2012) Won 2 Prestigious Security Awards in 2012 ISO 9001 Accredited in 2012
Why Multi-Layered? • Examples of single layer failures • Anti-Virus • Application Firewalls • State Subverted Code
Anti-Virus (Weakness) • All Vendors are Susceptible • Optimization Weaknesses: • Large Files • Virus Definition Databases • Pattern Intelligence • Encryption (Email and File)
Anti-Virus (Defence) • Use Multiple Anti-Virus Vendors • Virus Scanners: • E-Mail Server • Gateways • Server File Scanning • Client Machines
Application Firewalls (Overview) • These are firewall devices that understand application communications and is able to allow or disallow access based on configured rules.
Application Firewalls (OSI) Layer 7 Examples: HTTP, SMTP Layer 4 Examples: TCP, UDP Layer 3 Examples: IP, ICMP Open Systems Interconnection (OSI) model (ISO/IEC 7498-1)
Application Firewalls (Layers 1-6) • What about the earlier OSI layers? • For a web server, TCP/IP connections must be made.
Application Firewalls (Performance) • Once it has been established that network traffic is HTTP (for a web server), why keep checking? • Significant optimizations can be made once assumptions are made by an application firewall. • It has already been checked once, why check again?
Application Firewalls (Encryption) • If the application firewall cannot read the traffic, how can it make allow / deny decisions?
Application Firewalls (Defence) • Employ Traditional Firewall Technology to Supplement Application Firewalls. • Decrypt the Network Traffic before the Application Firewall.
State Subverted Code • Huawei • Cheap Enterprise Network Devices • Some are Modified Cisco or 3COM / HP Clones • Manufactured in China • Security Issues Not Present In Original Hardware
State Subverted Code • BSD Crypto : FBI Backdoor - Gregory Perry • Used in VPN Connections. • Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) • Recommended by NIST SP 800-90 • Output can be Predicted After Collecting 32 Bytes of Data (http://rump2007.cr.yp.to/15-shumow.pdf)
State Subverted Code (Defence) • Firewalls • Use multiple devices from different manufacturers. • Services • Use application firewalling, monitoring, IPS and Anti-Virus / Anti-Malware. • Everything • Keep the software up-to-date.
Summary • Defence in Depth is Key to a Secure Strategy