Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security in Real Business

Similar presentations

Presentation on theme: "Information Security in Real Business"— Presentation transcript:

1 Information Security in Real Business
MSIT 458: Information Security and Assurance Asian Connection and Craig

2 Secure Remote Access for Company XYZ
Provide remote users secure access to internal corporate network resources – 1000 user company Remote users access the perimeter network from public Internet Quantity of the threats are progressing and complexity is increasing – “Bot Nets” The end-points are hard to secure and network security is a corporate standard How do we trust the remote users while verify they are secure Provide authenticated secure connection for remote users In order to protect company assets, personal and financial information from the outside world, Company XYZ plans to implement a secure remote access solution for its employees who virtually connect to the company’s network in order to perform their day-to-day duties. Here are the following reasons as to why remote access is needed to be implemented by Company XYZ: 1- Since majority of employees travel and use their computers in unsecure locations (i.e. Starbucks, Airports, Wi-Fi hotspots) They access the public Internet in order to virtually connect to corporate resources (i.e. applications and/or data files) which introduces risk to the corporate network with the potential of security vulnerabilities. 2. With the use of public internet to connect to corporate resources makes the end user machine susceptible to virus threats, botnets, or any malicious software - complexity to combat this kind of situation is time consuming for security engineers. 3. Since majority of users travel to unsecure locations, it is more difficult to keep end user machines up to date with security patches and current virus definition files. Another security challenge that the Company XYZ is facing is how do they know the remote user is secure and how is this security validated? 4. Solution – provide a new security process that authenticates remote users and provides a secure connect to the corporate network. Source: Gartner Research

3 Secure Remote Access for Company XYZ
Why this problem is a general one that comes across multiple industry/education/government sectors? Globalization – Companies have operations outside the US Talent pool – No longer constrained by geographic limitations Remote users - Increase in demand for users to work remotely Globalization- in order to stay competitive in its current market; company’s expand their line of business globally in order to capture global market share. To support these new markets – the trend is to outsource and offshore the talent pool, leverage resources outside the US in order to support other countries. Remote User- With flex schedule and the benefit to work at home; a great number of employees connect remotely to perform their daily duties. Source: Gartner Research

4 Global Setup Frankfort Chicago Singapore
Currently, the main offices of Company XYZ corporate office is located at Chicago. The Frankfort and Singapore are the hubs for remaining countries Source: Gartner Research

5 Secure Remote Access for Company XYZ
Remote Users Asia - 9 countries (100 users) Europe – 10 countries (120 users) Americas – 4 countries (780 users) Security Verifications Validate virus definitions files and active monitoring Verify windows patches are current Isolate worm virus from entering corporate network Company XYZ has a great number of remote users which are mainly in three continents:    Some of the security verification designed for remote users of Company XYZ Validate virus definitions files and active vulnerability monitoring – up-to-date virus definition and active monitoring are very important as it pertains to security, they are the first line of defense against attacks on the client computer. Verify windows patches are current – Staying up to date with windows patches are some of the simple ways to eliminate vulnerabilities as we learned in class with the Nessus scanning. These could eliminate application or operating system holes where viruses and botnets can penetrate. Isolate worm virus from entering corporate network – upon connection to the company’s network, it will be able to automatically detect if the machine that’s trying to connect is infected with virus. Source: Gartner Research

6 Existing State for Company XYZ
Users login through the public Internet using VPN client access No Virus Checking Patch Management is not verified The user can use any computer with VPN client – no way to enforce corporate approved machines No validation for malware or bot net infected machines Before this project, remote users would simply use VPN to connect to the corporate network. There was no virus checking. There was no verification if patches were up to date. Users could connect from any computer with VPN client; there was no way to enforce usage of corporate-approved machines. This left a huge hole of vulnerabilities for infection from malwares, botnets, viruses, and worms.

7 Business Applications
and SharePoint Business Intelligence Tools SAS & ETL Tools Business Data Structured Unstructured File Server Data Warehousing ERP Systems Just to give some idea about the application landscape, these are some examples of the type of applications. So we have and SharePoint, which is an online collaboration tool from Microsoft. We have business intelligence tools, such as SAS and ETL. We have various kind of business data, both in structured and unstructured format, in various file servers, data warehouses and ERP systems. As RB has pointed out earlier, we have users all around the globe. All of these application servers are hosted here in the US, and we want to provide secure access for international users.

8 Remote Users User Landscape Global Remote Offices - DSL connections
Home Users – Broadband Connections Partners Local and Off Shore – DSL / Public Internet Higher Level privileges – above guest access These are the categories of the remote users. So we have remote offices in foreign countries. Some of these offices are small, consist only around 10 people. These small offices use DSL for their internet access. We have employees working from their home as well, in that case they use broadband access. For these small offices and home users, they don’t have sophisticated security on their end-points. Virtually, there is almost none or barely minimum security. So it’s really up to the company to enforce a security policy that is up to the company’s standard. We also have partners both located in the US and also offshore. We learned in the class about the principle of “least priviledge”. The same principle also applies here. So for guest users, we just want to provide access for guest-level only. Partners are not employess, but they need certain access so to be able to do their work properly. So here, we want to provide access, higher than just the guest-level. For employees, we also want to make sure each is assigned the most appropriate access level, so they can do their work properly, nothing more, nothing less.

9 Symantec Network Admission Control
Technical Solution Symantec Network Admission Control End Point Product is currently being used for Anti-Virus and Client security “Single Pane of Glass” – One Management Interface is used to manage Anti-Virus, Client Firewall, Client Intrusion Prevention System and Network Admission Control Microsoft Certificate Administration Management is built into 2008 Active Directory Symantec Network Admission Control This solution integrates three vendors (Microsoft, Cisco, and Symantec) We are picking the best technology from each vendor As we learned with the Cisco solution that is fully UTM – this is a cost effective This solution could be installed in a couple of weeks vs. the Cisco solution would take months The operation benefit is Level 2 (Technical Support team that manages A/V) can support this moving forward Integrates with the Microsoft Network Access Protection (NAP) – Windows 2008, Vista and XP SP3 This is new security feature built into the Microsoft operating systems Symantec Endpoint Product line (version 11.0) Integrates with Symantec Network Access Control the gateway-based enforcement (appliance) and Self enforcement The Self enforcement leverages the client side firewall capabilities with-in the Endpoint product Source: Gartner Research

10 Network Access Control (NAC)
Technical Solution User attempts to connect to 2. Cisco ASA validates user Certificate with Windows 2008 Certificate Server VLAN 0 VLAN 1 Certificate Server Symantec Endpoint Protection ASA Firewall 1 2 AD Internet Antivirus Security Patterns 3 - OK 1 - The client initiates the VPN connection through our Cisco ASA firewall 2 - X.509 certificate is used to validate the identity of the client system This is deployed from a Windows 2008 Certificate server Windows 2008 has fully integrated certificate management Symantec Gateway Enforcer Network Access Control (NAC) Remote employees or partners Source: Gartner Research

11 Network Access Control (NAC)
Technical Solution 3. If Certificate is valid, information is passed back through the Cisco ASA and the user is allowed access to VLAN0 Computer information is passed to the Symantec Gateway Enforcer Gateway Enforcer checks for policy information from Symantec Endpoint Protection Server VLAN 0 VLAN 1 Symantec Endpoint Protection Certificate Server ASA Firewall 1 2 AD 3 Internet Antivirus Security Patterns 3 - OK 4 4 Once the client is connected to perimeter network “VLAN0” Symantec Gateway Enforcer appliance performs a “posture check” Posture check Custom policy can be defined on the management server Can include specific Windows Patch Levels Specific Anti-Virus definitions Check for vulnerabilities – malware, Trojans and worm viruses Verify for non-corporate software (i.e. P2P) Symantec Endpoint protection server Manage NAC Policies Virus definition signatures Client firewall settings Review client vulnerbilities Symantec Gateway Enforcer Network Access Control (NAC) Remote employees or partners Source: Gartner Research

12 Network Access Control (NAC)
Technical Solution 5 . Gateway Enforcer compares remote computer security with policy from Symantec Endpoint Protection - If computer is not compliant information is presented to the user on steps needed to become compliant 6. When computer is compliant access is granted to internal VLAN VLAN 0 VLAN 1 Certificate Server Symantec Endpoint Protection ASA Firewall 1 2 AD 3 Internet Antivirus Security Patterns 3 - OK 4 4 6 Non-Compliant Client Client is connected to the remediation server Client can download the Windows patches A/V virus client installation and definition files Compliant Client Gateway appliance allows the client to connect to Internal network resource “VLAN 1” Symantec Gateway Enforcer Network Access Control (NAC) Remote employees or partners 5 – Policy Check Source: Gartner Research

13 Network Access Control (NAC)
Technical Solution Computer Connects locally to our network - Network Access Control performs policy check 8. NAC will also determine what resources local users can access VLAN 0 VLAN 1 Certificate Server Symantec Endpoint Protection ASA Firewall 1 2 AD 3 Internet Antivirus Security Patterns 3 - OK 4 4 6 NAC Appliance features Network resources can be delegated or controlled Symantec Gateway Enforcer Network Access Control (NAC) Remote employees or partners 5 – Policy Check Source: Gartner Research

14 Research Findings Cisco Symantec NAC appliances are expensive
There is integration with Microsoft’s Network Access Protection. (This can be utilized as we migrate to Windows 2008 and the next Desktop OS we roll-out) Uses optional dissolvable or permanent agent or scanning function Need to define how they will integrate 802.1x enforcement Symantec Uses the existing Endpoint infrastructure Uses dissolvable agent or agentless scanning option for non-Symantec endpoints. They have a separate model for 802.1x enforcement Cisco Unified Threat Management: The Cisco Solution is very expensive Requires high level staff to support and install this system (Can not be managed by Level 1 or Level 2 support staff like the Symantec NAC) As we learned in last week’s presentation it is considered “Vapor Ware” Symantec NAC: Requires only a single agent and is managed by a single management console They are the leaders in A/V protection The endpoint product comes with the Symantec Network Access Control built-in "SNAC-ready“ Instant upgrade – license key and drop the H/W in place Unlike the Cisco solution – No additional software deployments are required on the endpoints Source: Gartner Research Source: Gartner Research

15 Cost Comparison Hardware Software Installation Symantec One Time Cost
Cisco On-Going On-Going Cisco Hardware NAC Hardware $27,000 $125,000 $2,700 $22,000 Software Client Licensing and Microsoft SA $25000 $46,000 $2,500 $9,500 Installation Consulting $5000 $65,000 Total $57,000 $236,000 $5,200 $31,500 This slide looks at the cost comparison between the two solutions. There are two categories that the cost are divided into One Time Cost and On-Going Cost. One Time Cost – The one time cost is the total cost of purchasing the hardware, software, licenses, implementation and consulting fees. Employee time, etc. On-Going Cost – This cost includes annual maintenance, employee time to manage the system, additional staff salaries which are hired due to the new solution, etc. Based on the above numbers it is clear that Symantec not only had a significant lower one time cost, but also significantly lower on-going cost. Source: Gartner Research

16 Requirements Requirement Symantec Cisco $$$ (<200K) Yes No
Ease of Use Interoperability Ease of Training Warranty Customer Support The table in this slide looks at the key requirements for the company and based on these requirements puts the two vendors for the security solutions (Symantec and Cisco) side by side and does the comparison. The top requirement is Cost, the budget that was approved was $200K, so the solutions needed to be below that amount, Symantec was a clear winner for this requirement. Easy of Use – Since the Symantec suite was already installed on users machines it was relatively easy to use. For the IT department the easy of use of symantec vs cisco was very important and less training was required. Interoperability – The ability of diverse systems to work together was important and both Symantec and Cisco were able to meet this requirement. Training – Since Symantec anti-virus solution was already used by the organization and the IT staff was trained on it, getting trained on the security suite was easier for the department. For Cisco security the IT department would have to get additional training as Cisco security suite compared to Symantec is more complex, or the organization would have to hire cisco certified professionals which are quite easy to get but have a higher salary requirement as compared to non-cisco certified professionals. Warranty – Both vendors had excellent Warranty options available. Customer Support – Both vendors had 24X7 customer support available cisco annual support fees was highter then symantec as cisco’s cost of acquisition was higher then Symantec and usually customer support and maintenance is usally around 10% of the total sales amount. Source: Gartner Research

17 Some of the Consequences
Better protection for corporate assets against: Trade secret leakage Malwares, botnets, viruses, worms, etc Ensuring proper usage of corporate resources Trade off between additional security vs. additional operational overhead Increasing IT support staff 24x7 support availability Initial time to establish connection is longer than the traditional VPN Additional complexity requiring training for non-technical users There are some positive and some negative consequences for implementing this security solution. The positive aspects are related to increase in over all security. The security solution protects companies assets. There are numerous databases, spreadsheets, word documents etc that contain confidential information that if leaked could cause both financial and goodwill loss. Also the security solution protects companies computer systems again virus, worms etc thus reducing opportunity loss. Also it ensure that the IT resources are focused on improving overall IT processes for the benefit of Business instead of spending time and energy in cleaning virus infected system which could be protected by a reliable security solution. However the implementation of a security selection will mean that they will need to increase IT support staff during the initial roll out and for some time after the full implementation as users will be calling in with issues which might be due to slow initial connection as compared to the traditional VPN access. Also educating the remote users who are mostly business users not technical, to spend time and resources to educate them and work with them ensuring that during the initial implementation phase the business operation do not suffer. Source: Gartner Research

Download ppt "Information Security in Real Business"

Similar presentations

Ads by Google