Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Environments

Similar presentations

Presentation on theme: "Enterprise Environments"— Presentation transcript:

1 Enterprise Environments
Cyber Security in Evolving Enterprise Environments TechNet International 09 Adrian R Hartman, PhD Senior Manager & Architect LGS Innovations, Bell Labs 29 October 2009

2 LGS is an independent entity of Alcatel-Lucent
Focused on serving U. S. Government 500+ experienced professionals across varied disciplines Government R&D Direct access to the world-class innovation of Bell Labs LGS & Alcatel-Lucent (ALU) provide a comprehensive portfolio of Government Enterprise Security Products / Services 29 October 2009 All Rights Reserved © LGS Innovations, LLC 2

3 The Cyber Security Problem Cyber Security Vision & Technologies
Agenda The Cyber Security Problem Cyber Security Vision & Technologies 29 October 2009 All Rights Reserved © LGS Innovations, LLC

4 Evolution in Government Enterprise Networks & Services
FROM TO Separated switched circuit voice/video & IP data networks Broadband converged, All IP, multimedia next generation networks Location-centric interconnected enterprise services & perimeter defenses Regionalized Network Service Centers (using virtual architectures) including military systems In house managed applications, data storage & IT services Networked / Cloud Computing (SaaS, PaaS, IaaS) & Web 2.0+ Services Enterprise services with limited extranet collaboration / sharing Global collaboration with customers / partners including social networking web sites, wikis & blogs Separate vertical industry networks and infrastructure control systems Global networked Information Systems encompassing: infrastructure, e-Gov, health care, finance, commercial, etc Wired networks with mobile extensions Ubiquitous user centric services with diverse terminals & 3G/4G Mobility 29 October 2009 All Rights Reserved © LGS Innovations, LLC

5 Faster Exploitation, Propagation, Botnets, DDOS - SPAM on the Rise
Months Days Weeks 2006 2007 2008 Exploits Now at Zero Day Vulnerabilities Exploited Faster 2006 2008 2004 2005 Hours Seconds Minutes Threats Propagating Faster Botnet Launched DDOS on the Rise SPAM: 90% of s in 12/08 Government agencies Reported ~13,000 cyber security incidents to DHS in FY08, triple the number from two years earlier. Sources: CERT/CC, Symantec, NVD, Cisco 29 October 2009 All Rights Reserved © LGS Innovations, LLC

6 Why is the Problem So Hard?
The Enemy is Everywhere Nation-State Actors Non-State Actors Terrorists & Organized Crime Ad-Hoc Networks of “Hactivist” Cyber Threat now “Business” driven Barriers to Entry are low globally Complicated multinational law enforcement There are plenty of added perimeter Security Solutions Firewalls, IDS, IPS But are the boxes configured properly? Do they work together? The Government has Special Requirements & Regulations Multiple levels of security / coalition sharing Government Networks are becoming more complex / vulnerable Incursions on Military Networks were up 55% Last Year 29 October 2009 All Rights Reserved © LGS Innovations, LLC

7 The Current Approach Adds Perimeter & Defense-in-Depth Protection
Current Government approaches are limited Can we continue to address the increasing threats Growing numbers of vulnerabilities & patches? Is signature based virus / malware detection enough How are out sourced services protected? How are insider threats dealt with? Some deliberate and Some unintentional (memory sticks) Where is the perimeter in mobile networking? How does this approach address malicious code embedded in software? There are known problems with the supply chain Perimeter Protection add on security will not be sufficient 29 October 2009 All Rights Reserved © LGS Innovations, LLC

8 The Cyber Security Problem Cyber Security Vision & Technologies
Agenda The Cyber Security Problem Cyber Security Vision & Technologies 29 October 2009 All Rights Reserved © LGS Innovations, LLC

9 How Do You Get Ahead of the Curve?
Cyber Security Vision 1. Holistic Approach to Security Security Throughout the Security Life Cycle 2. Threat Tolerant Network Design Networks that Operate in the Presence of Malicious Software 3. Application Security and Web 2.0+ Approaches Protect the Privacy and Integrity of Consumer Generated Data 29 October 2009 All Rights Reserved © LGS Innovations, LLC

10 1. Holistic Approach to Security
Security Throughout Life Cycle Lowers Life Cycle Cost The cost of security incidents are often enormous Risk Based Assessments (solutions needs to be affordable) Automated Certification and Accreditation Recognizes Inherent Need for Mobility Apply wireless security technology Behavior-Based Monitoring of Network Operations Detection of sophisticated zero day targeted attacks Security Event Management (SEM) Identifies Network Anomalies (Dynamic Behavior Analysis) Determines if Requirements (Policies) are being met The Perimeter is in New Places… Threats Come From the Inside This Requires a System Level View of Vulnerabilities 29 October 2009 All Rights Reserved © LGS Innovations, LLC

11 Applying value-chain thinking to security
Increasing Lifecycle Value with Built in, Standards Compliant Security Increased Security Transparency and Reduced Risk to the Buyer & End-User 29 October 2009 All Rights Reserved © LGS Innovations, LLC

12 Comprehensive Security Analysis Applying the X.805 Security Model
Power Environment Hardware Software Payload Human Networks Policy Security Layers Applications Security Applications Security THREATS THREATS Services Security Services Security repudiation repudiation Data Integrity Access Management VULNERABILITIES VULNERABILITIES Authentication Authentication Data Confidentiality Data Confidentiality Communication Security Communication Security Integrity Availability Availability Privacy Privacy Access Control - - Vulnerabilities Can Exist In Each Layer, Plane, Dimension Non Non Infrastructure Security Infrastructure Security ATTACKS ATTACKS End User Security End User Security Security Planes Control/Signaling Security Security Planes Control/Signaling Security 8 Security Dimensions Management Security Management Security Comprehensive End-to-End View of Network Security Existing International Industry Standard Framework Security Perspective (3 Layers  3 Planes  8 Dimensions) 29 October 2009 All Rights Reserved © LGS Innovations, LLC

13 Security Event Management
Dynamic Behavior Analysis Viewing Descriptions Alarms Customer / Mission Data (Requirements & Policies) Correlation Asset Analyze and Suppress Topology Data Request Additional Data, Take Action Thresholder Rate, Value, Time Filter, Pattern Match, Message Map Local to Global Name Mapping, Grouping Network IDS Host IDS Firewalls AAA OS logs Routers Vulnerability Scanners Anti-Virus 29 October 2009 All Rights Reserved © LGS Innovations, LLC

14 2. Inherent Threat Tolerance
Design Networks to Tolerate Inevitable Malware / Backdoors / Timebombs Software Assurance Technology Protect Enterprise Office Applications / Operating Systems Ability to Operate Networks in Degraded Mode Graceful Degradation of Prioritized Traffic Behavior-Based Monitoring of Network Operations BotNet Detection and Mitigation Tight Access Control to Identify Sources of Malware Wireless Network Protection Technology Protect 3G/4G Wireless Networks – users share limited RF bandwidth Minimize client security software on the mobile terminals Technologies Resistant to the Effects of Malware / Threats are Needed 29 October 2009 All Rights Reserved © LGS Innovations, LLC

15 Protect networks against large-scale attacks
Software Diversity Protect networks against large-scale attacks Construct diverse instances (“shuffles”) of a program that are: Not all vulnerable to the same attack But are functionally equivalent Make it hard to design a successful attack: Prevent an attack that is successful against one computer from spreading to other computers Extend polymorphic code shuffling research to consider program structure Formal mathematical methods used to change code signature by: Identifying independent code blocks Rearranging the blocks While maintaining functionality 29 October 2009 All Rights Reserved © LGS Innovations, LLC

16 BotNet Detection and Mitigation
Infection Report for Detects symptoms / behaviors Not signatures Utilizes existing forensic analysis technology developed / operational at Polytechnic University Hierarchical Bloom filter technology permits months of data to be stored for queries Detects Botnets using current & historical network traffic / host data Provides multiple Botnet detection and collaboration mechanisms Provides targeted mitigation recommendations Infection Detection Owner: Jon Doe Virulence: 0.87 Symptoms: Host slowed down at t1 - Downloaded exe from untrusted hosts -- at time t2 from (30KB) -- at time t2’ from (194KB) - Change in host role -- role changed from web/mail client to p2p-node at time t3 slowdown (t1) symptoms roles reputation untrusted download (t2) role of host changed (t3) (t1 > t3 > t2) Retroactive Query Results Downloaded: from at time t2 from at time t4 from at time t5 Uploaded: uploaded to at time t3 Containment recover evidence The red circle denotes a case where one of the internal hosts was seen uploading the same payload later downloaded by another internal host. This could mean, that the internal host could have been infected outside the scope of IMS and was used as a mule! In this case, investigation in forensics mode would continue (if they deem necessary) IDS or behavior wont capture such things if they didn’t have a signature Restrict all network access Restrict outbound access Retroactive Query Direct link to packet data Manual download from source Which hosts downloaded or uploaded the payload? OR 29 October 2009 All Rights Reserved © LGS Innovations, LLC

17 Wireless Network Security (Aware)
Detector Aware Central Internet RNC RNC RNC RNC Home Agent BTS RNC PDSN Wireless Core Aware Detector Provides traffic assessment to assist in network & end user service quality protection Wireless 3G/4G Network Anomaly Behavior Detector (Bell Labs algorithms) Monitors individual subscriber session behavior Calculates “cost” of behavior relative to real-time capacity in the network Observes Mobile-to-Mobile & Internet-to-Mobile traffic Aware Central Security Event Viewer for reports, alarms, network awareness and forensics Element / configuration manager for Detectors & Mitigation Appliances for Security Event Management Mitigation plan through IPS/Firewall, Mobile Quarantine of abusive users 29 October 2009 All Rights Reserved © LGS Innovations, LLC

18 Laptop Guardian Protects the mobile laptop & applications with
hardened wireless agent Automates VPN connection to the Enterprise Agent: Intelligent data card, plugs into the end-user mobile host, terminates IPsec tunnel to Gateway, includes 3G interface (HSDPA, EV-DOrA) for ubiquitous connectivity Gateway: Enhanced remote access server, deploys at the edge of the enterprise network Driver: Software package, installs on the end-user mobile host Management Server: Management software platform, installs on general-purpose enterprise server 29 October 2009 All Rights Reserved © LGS Innovations, LLC

19 3. Application Security & Web 2+ Approaches
Secure the Applications Security Concerns: RSS, AJAX (Asynchronous JavaScript and XML), Instant Messaging, Widgets / Gadgets Web 2.0 apps might initially have higher vulnerabilities than above Provide a “platform in the cloud” that makes proprietary data stored in applications securely accessible across Web 2.0 interfaces In Government private cloud computing Meet Government Information Assurance requirements In Government public cloud computing Provide security standards transparency & SLAs audit support Establish how Government customer data integrity & privacy will be assured Consider segregating Government domains in the cloud 29 October 2009 All Rights Reserved © LGS Innovations, LLC

20 The Bottom Line… Today’s Networks are Different
Voice & Data -> Converged, Multimedia, All IP Enterprise -> Web 2.0+ & Cloud Computing Standard Content -> Consumer Generated Content Fixed Users -> Mobile Users Today’s Adversaries are More Sophisticated Threats extended to all networks connected to the Global Information System Security Paradigm Shifts are Needed Parameter Security -> Holistic Security Threat Intolerance ->Threat Tolerance Signature Based -> Behavior Based 4. KNOWLEDGE 3.PROCESS 1. NETWORK 2.PEOPLE 29 October 2009 All Rights Reserved © LGS Innovations, LLC

21 Thank You… Any Questions?
Adrian R Hartman Senior Manager and Architect Solution Engineering LGS, Bell Labs Innovations 15 Vreeland Road Florham Park, NJ 07932 mobile: phone: 29 October 2009 All Rights Reserved © LGS Innovations, LLC

22 Backup

23 Alcatel-Lucent Security Solutions
Leveraging Bell Labs innovations and its user-centric security blueprint, Alcatel-Lucent offers a complete suite of products and solutions that can be easily integrated with existing switching and security infrastructures. The Alcatel-Lucent user-centric security portfolio is backed by an experienced services team and a complete selection of professional services. Where needed the Alcatel-Lucent solution set is augmented with solutions and professional services from our alliance partners Perimeter Deploying solutions to follow the user centric security blueprint requires starting by gaining an understanding of what perimeter security is existing in the enterprise and how it must be augmented to enable the virtualization of the perimeter needed to ensure there are the require open but secure interfaces in place protected by proper encryption. Perimeter security is composed of two distinct functions: Firewall and Threat Management. An enterprise must determine if they want to follow a best of breed approach for selecting firewall and threat management solutions or prefer to purchase a single solution that covers both firewall and threat management capability – referred to as Unified Threat Management. Alcatel-Lucent offers a unique and strongly differentiated VPN/Firewall solution called the Brick which has been on the market for 10 years since its inception in Bell Labs and is suited for large scale deployments in enterprises, service providers, and Managed Security Service Providers Alcatel-Lucent integrates with tier-one alliance partners such as Symantec and MacAfee threat management appliances Alcatel-Lucent offers a Unified Threat Management solution – the OA 5700 series Security Router that is best suited for Managed Branch Office Environments and is highly scalable. Alcatel-Lucent rounds out its Unified Threat Management Solution Portfolio by re-selling FortiGate for unified threat management in mid sized enterprises and its Firewall Portfolio by re-selling FortiWeb for protecting web facing applications. Network Access Control Moving along the path laid out by the blueprint the next step is examine the need for Network Access Control Solutions to ensure that adequate controls are in place to allow a user and or a device onto the network and to also if needed fine grained controls enable users to access the network resources and applications they need to once permitted onto the network. Network Access Control is considered to be composed of two principle pieces of functionality: Host Integrity Check and Role-Based Access. An important function that is also part of Network Access Control is the ability to automatically assign IP addresses to devices requesting a connection to the network. For Host Integrity Check – Alcatel-Lucent offers the Market leading Host Integrity Check solution with its ability to handle many different platforms and deliver of scalability either as an overlay or with its integration with Alcatel-Lucent data switches. For Role-based Access Control – Alcatel-Lucent offers SafeGuard – a high performance device that covers multiple platforms and provides transparent role-based access control with audit and installs as an overlay solution in the network Alcatel-Lucent also offers Vital QIP its IP address management solution for automating address management services across IPv4 or IPv6 networks specifically for large enterprises and service providers that seamlessly manages multi-vendor IP platforms and appliances Embedding policy management and enforcement for Network Access control within the switching fabric can enhance security and reduce costs. Alcatel-Lucent provides to embedded security management products for its OmniSwitch family Access Guardian and Quarantine Manager. Identity Management Again referring back to the Blueprint – we can see that the fine grained control delivered by NAC is dependent upon the deployment of an enterprise-wide identity management solution. Solutions in this category provide AAA (Authentication, Authorization, and Accounting), single sign-on, password management, certificate management, and directory services solutions. Alcatel-Lucent provides a carrier grade AAA solution called 8950 AAA for communication services access management for large enterprises and service providers. It provides Extensive protocol support for wireless LANs and other networks, such as 802.1x, DIAMETER, and EAP protocols. Alcatel-Lucent will integrate with other 3rd Party Security Management Platforms Application Security Once again referring to the blueprint with the open interfaces that need to be secured and recalling the need to secure new business modes that leverage cloud computing, Web 2.0 and technology the enterprise must deploy solutions that secure specific applications that require extra special treatment. In the category of application security we find solutions to secure Voice, to secure Web services, and solutions to secure Credit Card Transactions according to the PCI DSS standard. Alcatel-Lucent offers its unique VoIP Security solution leveraging Bell Labs research for securing VoIP communications target large enterprises with multiple sites. Key Features include Dynamic Pin-holing (SIP, H.323, NOE), Encryption of Voice & Signaling, Unique Very Fine grained QoS, High Availability, Scalability & Reliability. This solution is differentiated because it is non disruptive, supports multi-vendor deployment, can augment existing perimeter defense, ensures no interrupt of voice on failover, and is the only solution for Alcatel-Lucent's NOE Alcatel-Lucent offers its unique PCI Compliance solution leveraging Bell Labs Innovation for securing credit card data & transactions. Key features include Perimeter & Web application security, Role-based policy enforcement, and Consolidated audit. It is differentiated with reduced cost with virtual control on “in-scope” endpoints and non-disruptive installation. Alcatel-Lucent offers is unique Web service Security Solution leveraging Bell Labs research for mediating and securing Web services for B2B, Web 2.0, SaaS and Cloud Computing target Enterprises & Service Providers using Web services and SOA. Its Key features include Per-Service, Per-User Monitoring, REST/SOAP/POX Service Mediation, Web Service Security & Virtualization. It is differentiated with its Identity Mapping features and Flexible Policy Decision Engine Mobile Security Now coming back to the Blueprint, we can see that the perimeter is enhanced to provide the open interfaces and also recall the need to support the mobile user. With this requirement also comes the need to deploy solutions to protect the mobile user and mobile assets of the corporation such as Laptops. Alcatel-Lucent offers its unique Bell Labs driven innovative product – the Nonstop Laptop Guardian its device management and data protection solution for securing mobile devices, protecting data and simplifying device management providing Always-on visibility and control over laptops with Unique location and remote data “kill” capabilities Security Management Now once again referring to the Blueprint, the requirement to allow the enterprise to manage risk, handle security related events dictates the need for Security Management Solutions. Security Management solutions typical cover functionality for Compliance Management, Event Management, Patch Management, and Vulnerability Detection. Alcatel-Lucent offers Vital Suite its Performance and event management solution for preempting network problems, optimize resources and maximize ROI target large enterprises and service providers providing unmatched end-to-end, management for geographically dispersed, multi-vendor, multi-service, networks A Comprehensive Enterprise Portfolio 29 October 2009 All Rights Reserved © LGS Innovations, LLC

24 Security Innovations for Next Generation Networks
Bell Labs Security Framework X.805, ISO 18028 Security Consulting Secure ALU COTS Networking Products Security Assessments Third Party Partner Relationships ALU VPN/Firewall (aka The Brick) Software Diversity Bot Detection Vital ISA for Security Event Management Laptop Guardian 29 October 2009 All Rights Reserved © LGS Innovations, LLC

25 Network Reconnaissance for Penetration Testing
Internet Probing, Mapping and Analysis Remotely probe Internet connected networks Low probability of network disruption Determine target network exposure, vulnerabilities and weaknesses Produce detailed analyses, network maps and collected data Propose Remediation Identify machines with vulnerabilities in the target network Web Servers, DNS Servers, Vulnerable Hosts Provided as Output Potential Targets, Paths to Target Machines, Server Types, Vulnerabilities i.e. Open Ports Network Reconnaissance Process 29 October 2009 All Rights Reserved © LGS Innovations, LLC

26 Kiviat Diagram X.805 Example: High Risk Zones / Plans for Remediation
Access control Authentication repudiation Data confidentiality Communication Security integrity Availability Privacy X.805 Dimension % of Risk to Remediate Access control 10 Authentication 12 Non-repudiation Data confidentiality 8 Communication Security Data Integrity Availability 7 Privacy 14 1.00 0.91 0.90 0.93 0.92 0.94 0.95 0.90 0.80 0.71 0.47 0.60 0.75 0.59 0.56 0.41 0.70 0.60 0.65 0.52 0.53 0.35 0.61 0.30 0.50 0.40 0.42 0.20 Non 0.10 0.00 Area of high risk gaps Low Priority Medium priority High priority Current Levels - High The red areas show high risk gaps for X.805 dimensions. Purple indicates the implementation status of high priority security capabilities. 29 October 2009 All Rights Reserved © LGS Innovations, LLC

Download ppt "Enterprise Environments"

Similar presentations

Ads by Google