Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analyzing Security In A Novell Environment Alan Mark Chief Security Strategist Novell, Inc. Geir Mork Manager, Products.

Similar presentations


Presentation on theme: "Analyzing Security In A Novell Environment Alan Mark Chief Security Strategist Novell, Inc. Geir Mork Manager, Products."— Presentation transcript:

1 Analyzing Security In A Novell Environment Alan Mark Chief Security Strategist Novell, Inc. Geir Mork Manager, Products and Services Sospita

2 Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

3

4 Agenda Analyzing your network Auditing servers and services Tracking users Tracking workstations Protecting applications Olympic security vs. network security Disaster recovery methods

5

6 Analyzing Your Network Directory Services Directory Services User Security Desktop/Laptop Security Server/Service Security App Security Router Security Goal: Secure the entire network environment

7 Risk Analysis Determine what to protect  Servers  Data  Communication systems Determine the prime intruders  Outsiders  Inside hackers  Disgruntled employees

8 What Is the Data Path? Transmitted Data Internet

9 Where Is Your Data? Electronic  Secured servers  Public servers  Secluded systems Printed  Stored in closets  Sent to off-site warehouses  The public printer exposed

10 How Is Your Data Protected? Simple passwords Secure transmissions Advanced authentication Is there an alternate path? Is there an alternate staff?

11 How Do You Get Data? Communication channels  Traditional cabling (e.g., Ethernet)  Dial-up  DSL/ISDN  Wireless  VPN  Determine the weakest link…

12 Portals: Single Point of Access A single point of failure Will DOS attacks take down your business Setup alternate front-ends

13 Who Holds the Keys Encrypted data may be secure, but who can decrypt it PKI for everyone

14 Security Policies Policies are both written and electronic Periodically evaluate policies Use ZENworks ® and other products to enforce Ensure that IS staff follows policies

15 Security Policy Goals Identification  What, where, who someone is Access control  Data privacy  Where someone can go Integrity/availability  Virus protection  Redundancy  Backup  Contingency plans

16 Blue Lance

17

18 VisualClick—DSMeter

19

20 NetVision NetVision’s Policy Management Suite—Security for Novell eDirectory ®, NetWare ® OS/file system, real-time monitoring, auditing and enforcement  Automate policy enforcement  Detect security breaches in real-time  Trigger action to reverse the change, disable the user account and stop the perpetrator  Automate the granting and revoking of access rights

21 NetVision

22 Novell Advanced Auditing Services Auditing framework  The frame work will be a common piece which can be applied on to any product which has an auditing requirement  The frame work will export several interfaces to develop Audit Solutions for applications  The framework will be available cross-platform Auditing solutions for Novell products  All Novell products to be based on the above frame work  This will result in a uniform auditing and reporting solution across Novell products

23 Tracking Server Access Control physical access to servers Watch where departmental servers reside Control console access with third-party utilities

24 AdRem sfConsole Access to “Hung Console” (Emergency Console)

25 AdRem sfConsole Secure console authentication via eDirectory

26 AdRem sfConsole Audit console users

27 Tracking Users Control when and where users can access information Control what applications users can access ZENworks for Desktops user policies

28 Managing User Passwords The single most difficult aspect for users is managing their passwords The single most difficult aspect for users is managing their passwords

29 Novell SecureLogin Secure storage of passwords based on user authentication

30 Tracking Workstation Access Consolidated policy packages Windows 2000/XP group policy integration Auto desktop import (AWI)  Including desktop removal

31 Application Policies in ZENworks for Desktops Managed exposure of applications  Users get consistent view of applications  Users successfully run ANY application they can “see” Fault-tolerant  Desktop always goes to correct “state” for the application  Uninstall option Application installation/execution  Force-run virus check  Repair damaged apps  CD creation utility—install applications

32 Protecting Your Applications In A Novell Environment Geir Mork Technical Product Manager Sospita

33 Sospita License Protection (SLP) Overview Of SLP Application protection solution Prevents un-authorized use of applications A solution for both in-house developers and ISVs SLP is based on smart card technology Supports several programming languages Easy-to-use interface Integrated with MS Visual Studio

34 Sospita License Protection Key Features Execution of protected source code on smart cards or USB tokens (Secure Token) Unique four-step security provided through  “Best Practise” software protection  3DES encryption  Security evaluated micro chips  Individual transport codes available for software vendors

35 Sospita License Protection Key Features (cont.) Protecting valuable source code from being re- engineered Protecting software applications from being used by non authorized end-users Providing a variety of secure licensing schemes Providing Secure Electronic Software Distribution opportunities (SESD)

36 Sospita License Protection Core Modules Sospita QX™ QX is a multi-application, secure token operating system that handles high performance execution of license-protected software Provides the interface between the license protected software application and an external token Allows developers to protect software easily and with a high degree of security—The software application can be written and debugged using an ordinary compiler and debugging tools, then the code sections are simply marked for encryption and the development kit protects it Handles basic license management on smart cards or tokens

37 Protecting Applications in Your Environment Using the SLP enables full control of application code with  Authorization to the smart card  Authorization to single applications  32 different access rights levels per applications (modules or functions)  Time-based usage constraints

38 How to Protect an Application At source code level Encryption with 3DES in hardware Protected code are decrypted and run on the token All security pertinent operations are executed in a safe tamper-resistant environment Integrated with MS-Visual Studio v6.0  One click to protect source code  One click to unprotect source code  One click to make release

39 Sospita License Protection Secure Execution “Unlike traditional application protection, Sospita’s technology creates a ‘usage based’ protection which encourages and supports open electronic (or physical ) distribution, but allows only the paid license holders to ‘use’ the software.”

40 Sospita License Protection Security Aspects—4 Step 1. What source code is protected  Best practices 2. Encrytion algoritm used to protect software  3xDES 3. Security of chip (micro module)  Phillips EAL 5+  Atmel EAL Transport License  Hierarchy, using 3xDES, only between two valid tokens

41 Sospita License Protection Security Aspects—Access Control and Constraints (cont.) Access control to smart card or applications  Based on PIN/PUK code or password  Can be linked to other applications

42 Sospita License Protection Security Aspects—Access Control and Constraints (cont.) Access control within the application  Based on Access Control Levels  Can be any function or module in the application  32 levels available

43 Sospita License Protection Security Aspects—Access Control and Constraints (cont.) Access control within the application  Based on time  Lenght of use  Fixed time  Uptime  Number of execution combinations

44 Sospita License Protection QX Operating System Features  Multi-application support  License-controlled applet execution  Inter-applet firewall  32 bit Virtual Machine  Dynamic (runtime) applet upload and deletion  Secure garbage collection  Support for HUGE applets  On-card crypto support

45 Sospita License Protection Micro-controllers Micro-controllers  Secure micro-controllers  Typically 8-32 bits with onboard crypto processors, running at 4-16Mhz  Large amount of ROM/EEPROM— Typically from 32K-64K (128K)  ITSEC certified EAL1-5  Typically 1-5K RAM  Comm. speed up to 300Kb (Theoretically up to 750K+)  Today: Atmel and Philips

46 Sospita License Protection Future Distribution in a Novell network  Using eDirectory as license repository  Extended schema  Distributing licenses at log in  Linking App objects to user and license objects Your Novell network

47 Sospita License Protection Thank you for your time— Back to you, Alan...

48 Olympic Security 10,000 security officers $310 million “Soft” zone “Hard” zone Breaking the zone

49 Olympic Village

50 Olympic Village (cont.)

51 Olympic Village

52 Vehicle Checkpoint

53 Personnel Checkpoint IDs  Photos  Venue ID  Bar code (date/time policy) Bags x-rayed IDs  Photos  Venue ID  Bar code (date/time policy) Bags x-rayed

54 Olympic IDs

55 Disaster Recovery Also known as business continuity What’s new after September 11?  Backup systems really are important  Cross-trained personnel really is important New threats face western businesses  Security needed for remote offices  Quick-ship startup systems (wireless, NAS, pre-configured workstations)

56 Disaster Recovery Basics Create a duplicate hardware and software environment away from the main business Test the backup system by restoring data Cross-train personnel on key systems Document key systems, including any tricks that are learned

57 DR Basics Create basic server images on bootable CD or DVD, ready to be installed Create a method to store keys and passwords in a safe place Outsource some services, especially web-based applications

58 More Info See Novell Connections articles from January (“Rethinking Security”) and April 2002 (“Disaster Recovery”)

59


Download ppt "Analyzing Security In A Novell Environment Alan Mark Chief Security Strategist Novell, Inc. Geir Mork Manager, Products."

Similar presentations


Ads by Google