data center without perimeters
TRANSCRIPT
Data Center Security in a World Without PerimetersData Center Security in a World Without Perimeters
PATRICK PETERSONVP, Technology, IronPort Systems
Agenda
About IronPort Systems
Perimeter Security Circa 1597
What happened to my perimeter?– Three “perimeter-less” threats
Recommendations
Complete Email Perimeter Security
Anti-Spam
Anti-Virus
Policy Management
Mail Routing
Before IronPort
Internet
Firewall
MTAs
Groupware
Users
IronPort Email Security Appliance
After IronPort
Internet
Users
Groupware
Firewall
Appliance + Security Services 75% reduction in admin time
Key words, intellectual property,regulatory compliance
EMAILSecurity Gateway
MANAGEMENTController
Internet
WEBSecurity Gateway
INSTANT MESSAGING
Security Gateway
Application-Specific Security GatewaysWith Common Security Database and Management Framework
SenderBase(the common
security database)
VOIPSecurity Gateway
APPLICATION-SPECIFICSECURITY
GATEWAYS
LAN/WAN
Block incoming threats:•Spam, Phishing/Fraud•Viruses, Trojans, Worms•Spyware, Adware•Unauthorized Access
Block incoming threats:•Spam, Phishing/Fraud•Viruses, Trojans, Worms•Spyware, Adware•Unauthorized Access
Enforce policy:•Acceptable Use•Regulatory Compliance•Intellectual Property•Encryption
Enforce policy:•Acceptable Use•Regulatory Compliance•Intellectual Property•Encryption
Centralize admin:•Per-user policy•Per-user reporting•Quarantine•Archiving
Centralize admin:•Per-user policy•Per-user reporting•Quarantine•Archiving
Network Layer Equipment
Agenda
About IronPort Systems
Perimeter Security Circa 1597
What happened to my perimeter?– Three “perimeter-less” threats
Recommendations
Protect the Crown Jewels!
Agenda
About IronPort Systems
Perimeter Security Circa 1597
What happened to my perimeter?– Three “perimeter-less” threats
Recommendations
What happened to the perimeter?
1. Drawbridge is always down– SMTP on port 25– HTTP and HTTPS on ports 80 and 443– Instant Messaging
2. Crown jewels are outside the castle– Data on employee laptops, backup tapes– Data with 3rd parties
3. Every citizen can be an infiltrator– Infected mobile workers joining LAN– Infected users provide credentials and path to data center
1. Drawbridge is down
• SMTP on Port 25– Spam, viruses, phishing, spyware– No solution is 100%, some are far worse– Virus outbreaks– Blended threats– Corporate phishing
• HTTP(S) on Ports 80 and 443– Numerous browser, application and OS exploits– Spyware download is identical to valid user request– Spyware is running rampant: up to 75% of enterprise PCs have
some form of spyware– Spyware can operate encrypted over HTTPS– Spyware with key loggers
• Instant Messaging– URL-based malware infection most common
One Spyware Example
An ‘Anti-Virus’ site
–‘Free AV’ program is actually a a spyware application– Covert download and installationbegins without any advance warning– Closing the window has no effect
2. Crown jewels are outside the castle
• Data on employee laptops– Fidelity laptop stolen with 196,000 accounts
• Data on backup tapes– Time Warner backup tapes stolen from Iron Mountain,
600,000 employees’ data– Bank of America lost tapes with 1.2 million federal
employees data• Data with 3rd parties
– Information on 40 million Visa, MasterCard and other cards stolen from CardSystems
– Engineering, financial and HR data commonly stored by third parties
• Criminals are aggregating data from multiple theftsFor a frightening list of data losses, seehttp://www.neoscale.com/ssb/databreach.php?page=da
3. Every citizen can be an infiltrator
• Laptop use outside the perimeter– Internet cafes, Home office, Hotels
• These area can be active security threats– Fake or insecure wireless hotspots for data theft
• Infiltrator provides easy access to crown jewels– Infected users move inside the perimeter– Infected users provide credentials and path to data center– Key loggers no longer log only financial information– Interpol recovered phisher’s laptop. Included data from IT
professional• Bank logins, tax return login, IM connection to help desk on
VPN, PC help desk issues, login to corporate HR site
Agenda
About IronPort Systems
Perimeter Security Circa 1597
What happened to my perimeter?– Three “perimeter-less” threats
Recommendations
What not to do
Recommendations
• Understand your business requirements– E.g. Financial institution vs university
• “Citizen infiltrators”– Secure home office, policies for other locations– NAC (Network Access Control) for re-entry to LAN
• “Drawbridge down” threats– Eliminate email viruses– Solution with proactive and reactive security– Measure the spyware problem and solve it
• Evolve from security laws to a risk paradigm– Good visibility and cross-functional teams