2 Agenda Open Networks PROs & CONs Challenges Alternatives
3 Open Networks are … Open P2P applications Wireless Net Meeting Instant Messenger Email Internet access Outsourcing Wireless Partners/Consultants Telecommuting Traveling Employees Website access InsideOutside PERIMETER
4 Information Security Challenges Know When you are Finished ? Missing protection Security investment not at work Misconfiguration Solve ‘solved’ problems again and again Misuse/Misbehavior Tradeoff Protection for productivity Missing in actionChasing the unknown What to do?...
5 Challenge Finished when you Stop Rogues Open Networks Valid Device Valid Device Valid Device Valid Device Rogue Device Rogue Device
12 ManagedUnmanaged Corporate-owned devices Computers owned by partners, suppliers, customers, outsourcers, employees or public kiosks Network Dark Matter rogue computers, network infrastructure, and embedded devices Unmanageable Devices
13 Educate software not people Security policies must adapt from HQ to hotel to home to hotspot Policies must change by role, device type, location and connection Without transparency, CSOs must choose between good security or productive users Adaptive Policies RoleDevice TypeNetwork LocationPolicy ExecutiveCorporate OwnedEnterprise LANTrusted, file sharing on, full application access Sales personEmployee OwnedHome wirelessHI, file sharing off, IM off, print sharing off, limited application access OutsourcerUnknownPublic InternetVD, HI, SSL VPN access only and webmail only with data sanitization
14 Policy Verification Radius DHCP/DNS Plumbing AV & PFW & IPS AD & LDAP Patch Policy Repositories Policy Enforcement VPN Switch Wireless AP Clients Windows Linux/Macintosh PDA & Phone
16 Trusted Computing Group Standards TCG –a thought leading organization working together to help enterprises ensure a trusted computing environment Trusted Network Connect Sub-Group is creating a standard for interoperability to prevent untrustworthy devices from connecting to enterprise networks. Leverage existing standards – current consideration -IEEE 802.1x protocol and the IETF EAP RFC 3748 protocol for host access negotiation with network devices. -RADIUS [RFC 2865] for making access verification decisions and defining network access privileges. Ability to leverage the Trusted Platform Module (TPM) microchip for hardware based level of assurance.