network security overview tales from the trenches
Post on 19-Dec-2015
214 views
TRANSCRIPT
Why security?Why security?
increasingly hostile public networkincreasingly hostile public network
cost of downtimecost of downtime
value of the informationvalue of the information
Increasingly hostile public network(2)Increasingly hostile public network(2)
intruders are prepared and organizedInternet attacks are easy, low risk, and hard to traceintruder tools are- increasingly sophisticated- easy to use, especially by novice intruders- designed to support large-scale attackssource code is not required to find vulnerabilitiesthe complexity of the Internet, protocols, and applications are all increasing along with our reliance on them
Value of the informationValue of the information
Large stores of Credit Card information Large stores of Credit Card information stored on DB serversstored on DB servers
Intellectual property valued in the Millions Intellectual property valued in the Millions
Basic CategoriesBasic Categories
PolicyPolicy
Physical Physical
IP basedIP based
Software/OS basedSoftware/OS based
PolicyPolicy
Email usageEmail usage
External services allowedExternal services allowed
Acceptable useAcceptable use
User and resource architectureUser and resource architecture
Virus responseVirus response
IP basedIP based
RoutersRouters Packet filtering Packet filtering
FirewallsFirewalls Packet inspection versus packet filterPacket inspection versus packet filter Ability to build rulesetsAbility to build rulesets
Switches/VLANSwitches/VLAN Isolating IP segments using VLANSIsolating IP segments using VLANS
SoftwareSoftware
Proxy serversProxy servers
Software firewalls vs. hardware Software firewalls vs. hardware
OS security Unix/MSOS security Unix/MS
Patches and updatesPatches and updates
Remote accessRemote access
security versus usabilitysecurity versus usability P: drive accessP: drive access
options for remote accessoptions for remote access extranetextranet web accessweb access VPNVPN Private dial upPrivate dial up
ExtranetExtranet
Secure web site with access to specific dataSecure web site with access to specific data
Requires loginRequires login
Can provide access to all information available Can provide access to all information available “on site”“on site”
VPNVPN
Virtual private networkVirtual private network
Creates a Secure Tunnel between two points Creates a Secure Tunnel between two points on a networkon a network
All data traveling on the tunnel is encryptedAll data traveling on the tunnel is encrypted
Should use encryption for tunnel creationShould use encryption for tunnel creation