Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jericho Commandments, Future Trends, & Positioning.

Published byBernice Hunter Modified over 8 years ago

Similar presentations

Presentation on theme: "Jericho Commandments, Future Trends, & Positioning."— Presentation transcript:

1 Jericho Commandments, Future Trends, & Positioning

2 Fundamentals 1. The scope and level of protection must be specific and appropriate to the asset at risk  So as to add flexibility to meet new business requirements and increase speed of deployment  Central protection decreasing in effectiveness  Boundary firewalls might protect the network, but individual systems and data need their own protection 2. Security mechanisms must be simple, scalable and easy to manage  Unnecessary complexity is a threat to good security  Small things will need to interoperate with large things  Must support chunking/lumping

3 Surviving in a hostile world 3. Devices and applications must communicate using open, secure protocols  Assume eavesdropping, overlooking, injection  Security CIA requirements should be built in to protocols, not add-on  Encrypted encapsulation doesn’t solve everything 4. All devices must be capable of maintaining their security policy on an untrusted network  must be capable of surviving on the raw Internet  “Security policy” = CIA status

4 The need for trust 5. All people, processes, technology must have declared and transparent levels of trust for the transaction  Clarity of expectation  No surprises  Trust level may vary by location, transaction 6. Mutual trust assurance level must be determinable  Devices and users must be capable of appropriate levels of (mutual) authentication for accessing systems and data

5 The need for mutual authentication 7. Authentication must interoperate / exchange outside of your locus of control  Must be capable of trusting an organisation, which can authenticate individuals or groups – no need to create separate identities  Only need one instance of person / system / identity, but can also support multiple instances

6 Finally, access to data 8. Access to data should be controlled by security attributes of the data itself  Could be held within the data (DRM) or could be in separate system  Could be implemented by encryption  Some data may have “public, non-confidential” attributes 9. By default, data must be appropriately secured both in storage and in transit  Removing default is conscious act  “Appropriate” also allows some data to not need securing, must not enforce high security for everything 10. Assume context at your peril

7 11. Deperimeterisation is inevitable  It will happen in your corporate lifetime  Therefore you need to plan for it  Therefore you need a roadmap  And JF has generic roadmap

8 Trust level  Untrusted  Trust the protocol  Trust the person/process  Trust the environment  Full trust Risk Level  No Risk  Low Risk  Medium Risk  High Risk Transactional Capability  Public information – view only  Restricted information – view only through to  High value information  High value transaction

9 Security Protocols SecurePoint Solution (use with care)  AD Authentication Use & Recommend  SMTP/TLS  AS2  HTTPS InsecureNever Use (Retire)  NTLM Authentication Use only with additional security  SMTP  FTP  TFTP  Telnet  VoIP ClosedOpen Secure Insecure Closed/ProprietaryOpen Stop/Retire (Now!) e.g. NTLM Authentication Use only with additional security (force disuse of ‘security’ features) e.g. SMTP, FTP (use TFTP), TELNET, VoIP, … Point Solution Use with Care! e.g. AD Authentication Use and Recommend e.g. SMTP/TLS AS2 (EDI/HTTPS) HTTPS, WPA2

10 Buy, Hold and Sell SystemsTechnologyArchitecture Buy (Invest)Trusted Computing  Inherently Secure Protocols  De-perimeterised architectures Hold (Watch)NAC  IPSec Sell (Retire)Perimeter IDS  Proprietary protocols  Perimeter Security Boundary

11 Corporate Roadmap Anti-Malware Ext. Scan Int. Scan SMTP/TLS & ML Virtual Proxies / IFR DRM Fed. Identity Trusted Computing Inherently Secure Protocols Virtual Secure Services Secure Internet Working Firewalls Ext. Scan Int. Scan SMTP/TLS & ML Shrunken Intranet Virtual Proxies / IFR DRM Fed. Identity Trusted Computing Inherently Secure Protocols Virtual Secure Services Anti-Malware Firewalls Corporate Boundary Anti-Virus Anti-Spam IPSec VPN Ext. Scan Int. Scan SMTP/TLS & ML Shrunken Intranet Fed. Identity Virtual Proxies / IFR DRM Firewalls Corporate Border Anti-Virus Anti-Spam IPSec VPN Proxies/IFR Ext. Scan Int. Scan SMTP/TLS & ML Shrinking Intranet DRM (Partial) Fed. Identity (Partial) Firewalls Corporate Border Anti-Virus SMTP/ML Anti-Spam IPSec VPN Proxies/IFR Ext. Scan Int. Scan Key Components Additive by Generation 60% Adoption20052006200720082009 Key Obsoleted Technology Proxies / IFRCorporate Boundary Firewalls

12 Vendors Customers Desired Future State Standards and Solutions Customers Vendors Work Types Needs Principles Strategy White Papers Patterns Use Cases Guidelines Standards Solutions Workflow

Download ppt "Jericho Commandments, Future Trends, & Positioning."

Similar presentations

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
L. Alchaal & al. Page 1 2002 Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.

L. Alchaal & al. Page Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.

Check Point ©2000 Check Point Software Technologies Ltd. -- Proprietary & Confidential Robert Żelazo Check Point Software Technologies Ltd. Check Point.
Real world application  Protocols  Paul Simmonds ICI Plc. & Jericho Forum Board.

Real world application  Protocols  Paul Simmonds ICI Plc. & Jericho Forum Board.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.

Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
IT Audit & Identity Management Challenges in a De-perimeterisation Scenario Henry S. Teng, CISSP, CISM Enterprise Security Compliance Officer Philips International.

IT Audit & Identity Management Challenges in a De-perimeterisation Scenario Henry S. Teng, CISSP, CISM Enterprise Security Compliance Officer Philips International.
1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?

Goal of The Paper  What exactly is a VPN?  Why do you need a VPN?  what are some of the technologies used in deploying a VPN?  How does a VPN work?
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S09761197.

Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Similar presentations

Ads by Google