Download presentation
Presentation is loading. Please wait.
Published byJake McPherson Modified over 9 years ago
1
www.novell.com Analyzing Security In A Novell Environment Alan Mark Chief Security Strategist Novell, Inc. amark@novell.com Geir Mork Manager, Products and Services Sospita geir@mork.com
2
Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
4
Agenda Analyzing your network Auditing servers and services Tracking users Tracking workstations Protecting applications Olympic security vs. network security Disaster recovery methods
6
Analyzing Your Network Directory Services Directory Services User Security Desktop/Laptop Security Server/Service Security App Security Router Security Goal: Secure the entire network environment
7
Risk Analysis Determine what to protect Servers Data Communication systems Determine the prime intruders Outsiders Inside hackers Disgruntled employees
8
What Is the Data Path? Transmitted Data Internet
9
Where Is Your Data? Electronic Secured servers Public servers Secluded systems Printed Stored in closets Sent to off-site warehouses The public printer exposed
10
How Is Your Data Protected? Simple passwords Secure transmissions Advanced authentication Is there an alternate path? Is there an alternate staff?
11
How Do You Get Data? Communication channels Traditional cabling (e.g., Ethernet) Dial-up DSL/ISDN Wireless VPN Determine the weakest link…
12
Portals: Single Point of Access A single point of failure Will DOS attacks take down your business Setup alternate front-ends
13
Who Holds the Keys Encrypted data may be secure, but who can decrypt it PKI for everyone
14
Security Policies Policies are both written and electronic Periodically evaluate policies Use ZENworks ® and other products to enforce Ensure that IS staff follows policies
15
Security Policy Goals Identification What, where, who someone is Access control Data privacy Where someone can go Integrity/availability Virus protection Redundancy Backup Contingency plans
16
Blue Lance
18
VisualClick—DSMeter
20
NetVision NetVision’s Policy Management Suite—Security for Novell eDirectory ®, NetWare ® OS/file system, real-time monitoring, auditing and enforcement Automate policy enforcement Detect security breaches in real-time Trigger action to reverse the change, disable the user account and stop the perpetrator Automate the granting and revoking of access rights
21
NetVision
22
Novell Advanced Auditing Services Auditing framework The frame work will be a common piece which can be applied on to any product which has an auditing requirement The frame work will export several interfaces to develop Audit Solutions for applications The framework will be available cross-platform Auditing solutions for Novell products All Novell products to be based on the above frame work This will result in a uniform auditing and reporting solution across Novell products
23
Tracking Server Access Control physical access to servers Watch where departmental servers reside Control console access with third-party utilities
24
AdRem sfConsole Access to “Hung Console” (Emergency Console) www.adremsoft.com
25
AdRem sfConsole Secure console authentication via eDirectory
26
AdRem sfConsole Audit console users
27
Tracking Users Control when and where users can access information Control what applications users can access ZENworks for Desktops user policies
28
Managing User Passwords The single most difficult aspect for users is managing their passwords The single most difficult aspect for users is managing their passwords
29
Novell SecureLogin Secure storage of passwords based on user authentication
30
Tracking Workstation Access Consolidated policy packages Windows 2000/XP group policy integration Auto desktop import (AWI) Including desktop removal
31
Application Policies in ZENworks for Desktops Managed exposure of applications Users get consistent view of applications Users successfully run ANY application they can “see” Fault-tolerant Desktop always goes to correct “state” for the application Uninstall option Application installation/execution Force-run virus check Repair damaged apps CD creation utility—install applications
32
www.novell.com Protecting Your Applications In A Novell Environment Geir Mork Technical Product Manager Sospita
33
Sospita License Protection (SLP) Overview Of SLP Application protection solution Prevents un-authorized use of applications A solution for both in-house developers and ISVs SLP is based on smart card technology Supports several programming languages Easy-to-use interface Integrated with MS Visual Studio
34
Sospita License Protection Key Features Execution of protected source code on smart cards or USB tokens (Secure Token) Unique four-step security provided through “Best Practise” software protection 3DES encryption Security evaluated micro chips Individual transport codes available for software vendors
35
Sospita License Protection Key Features (cont.) Protecting valuable source code from being re- engineered Protecting software applications from being used by non authorized end-users Providing a variety of secure licensing schemes Providing Secure Electronic Software Distribution opportunities (SESD)
36
Sospita License Protection Core Modules Sospita QX™ QX is a multi-application, secure token operating system that handles high performance execution of license-protected software Provides the interface between the license protected software application and an external token Allows developers to protect software easily and with a high degree of security—The software application can be written and debugged using an ordinary compiler and debugging tools, then the code sections are simply marked for encryption and the development kit protects it Handles basic license management on smart cards or tokens
37
Protecting Applications in Your Environment Using the SLP enables full control of application code with Authorization to the smart card Authorization to single applications 32 different access rights levels per applications (modules or functions) Time-based usage constraints
38
How to Protect an Application At source code level Encryption with 3DES in hardware Protected code are decrypted and run on the token All security pertinent operations are executed in a safe tamper-resistant environment Integrated with MS-Visual Studio v6.0 One click to protect source code One click to unprotect source code One click to make release
39
Sospita License Protection Secure Execution “Unlike traditional application protection, Sospita’s technology creates a ‘usage based’ protection which encourages and supports open electronic (or physical ) distribution, but allows only the paid license holders to ‘use’ the software.”
40
Sospita License Protection Security Aspects—4 Step 1. What source code is protected Best practices 2. Encrytion algoritm used to protect software 3xDES 3. Security of chip (micro module) Phillips EAL 5+ Atmel EAL 1+ 4. Transport License Hierarchy, using 3xDES, only between two valid tokens
41
Sospita License Protection Security Aspects—Access Control and Constraints (cont.) Access control to smart card or applications Based on PIN/PUK code or password Can be linked to other applications
42
Sospita License Protection Security Aspects—Access Control and Constraints (cont.) Access control within the application Based on Access Control Levels Can be any function or module in the application 32 levels available
43
Sospita License Protection Security Aspects—Access Control and Constraints (cont.) Access control within the application Based on time Lenght of use Fixed time Uptime Number of execution combinations
44
Sospita License Protection QX Operating System Features Multi-application support License-controlled applet execution Inter-applet firewall 32 bit Virtual Machine Dynamic (runtime) applet upload and deletion Secure garbage collection Support for HUGE applets On-card crypto support
45
Sospita License Protection Micro-controllers Micro-controllers Secure micro-controllers Typically 8-32 bits with onboard crypto processors, running at 4-16Mhz Large amount of ROM/EEPROM— Typically from 32K-64K (128K) ITSEC 15408 certified EAL1-5 Typically 1-5K RAM Comm. speed up to 300Kb (Theoretically up to 750K+) Today: Atmel and Philips
46
Sospita License Protection Future Distribution in a Novell network Using eDirectory as license repository Extended schema Distributing licenses at log in Linking App objects to user and license objects Your Novell network
47
Sospita License Protection Thank you for your time— Back to you, Alan...
48
Olympic Security 10,000 security officers $310 million “Soft” zone “Hard” zone Breaking the zone
49
Olympic Village
50
Olympic Village (cont.)
51
Olympic Village
52
Vehicle Checkpoint
53
Personnel Checkpoint IDs Photos Venue ID Bar code (date/time policy) Bags x-rayed IDs Photos Venue ID Bar code (date/time policy) Bags x-rayed
54
Olympic IDs
55
Disaster Recovery Also known as business continuity What’s new after September 11? Backup systems really are important Cross-trained personnel really is important New threats face western businesses Security needed for remote offices Quick-ship startup systems (wireless, NAS, pre-configured workstations)
56
Disaster Recovery Basics Create a duplicate hardware and software environment away from the main business Test the backup system by restoring data Cross-train personnel on key systems Document key systems, including any tricks that are learned
57
DR Basics Create basic server images on bootable CD or DVD, ready to be installed Create a method to store keys and passwords in a safe place Outsource some services, especially web-based applications
58
More Info See Novell Connections articles from January (“Rethinking Security”) and April 2002 (“Disaster Recovery”) http://www.nwconnection.com/
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.