1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.

Slides:



Advertisements
Similar presentations
Case Study: Examining the Results of P2P Collaboration at PricewaterhouseCoopers February 14, 2001 Case Study: Examining the Results of Collaboration at.
Advertisements

Polycom Unified Collaboration for IBM Lotus Sametime and IBM Lotus Notes January 2010.
UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.
0 - 0.
1 Overview Program Goals Laptops Wireless Networking Desktop Management Support Training Pilot Project Timelines Connecting Classrooms Agenda.
| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
Smart Identity Protection That Works for You and Your Users 2 Petri Ala-Annala Senior Principal, CISSP-ISSAP, CISA, CISM.
©2010 Check Point Software Technologies Ltd. | [Restricted] ONLY for designated groups and individuals Visions for 2010 Anna Russell & Andy Clark.
©2013 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Best Practices to Secure the Mobile Enterprise Macy Torrey
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Technical Track Securing EtherNet/IP Networks Presented by: Paul Didier - Cisco Eddie Lee - Moxa.
ONE® Mail Training Presentation North York General Hospital North York General Hospital.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.
How To Set Up A Wireless Network Using A D-Link Wireless Router
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Agenda Introduction Network Access Protection platform architecture
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
Module 3 Windows Server 2008 Branch Office Scenario.
Providing 802.1X Enforcement For Network Access Protection Mudit Goel Development Manager Windows Enterprise Networking Microsoft Corporation.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
Network Access Protection Platform Architecture Joseph Davies Technical writer Windows Networking and Device Technologies Microsoft Corporation.
Information Security in Real Business
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
© 2003, Cisco Systems, Inc. All rights reserved _07_2003_Richardson_c11 Security Strategy Update Self Defending Network Initiative Network Admission.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria.
Copyright Security-Assessment.com 2004 New Technology Enforcement Strategies by Peter Benson.
Clinic Security and Policy Enforcement in Windows Server 2008.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Copyright 2009 Trend Micro Inc. OfficeScan 10.5 VDI-aware endpoint security.
1 Network Admission Control to WLAN at WIT Presented by: Aidan McGrath B.Sc. M.A.
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
Copyright © 2005 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Open Standards for Network Access Control Trusted Network Connect.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Selecting the Right Network Access Protection Architecture
Network Access Control for Education
Surviving in a hostile world  The myth of fortress applications  Tomas Olovsson CTO, Appgate Professor at Goteborg University, Sweden.
Implementing Network Access Protection
Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran.
Module 8: Configuring Network Access Protection
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
Configuring Network Access Protection
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Module 6: Network Policies and Access Protection.
Edge Security with Forefront Sandeep Modhvadia Security Specialist.
Module 5: Network Policies and Access Protection
Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.
Access · management security · performance Wick Hill Ltd Value Added Distribution Check Point End Point.
By: Keith Reiter COSC 356. Today’s Agenda Introduction Types of firewalls Firewall Access Rules Firewall Logging Who needs a firewall Summary.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
TOP 5 Reasons to Migrate IPSec VPN to SSL VPN. 1)Reduce remote access costs by eliminating client software installation, configuration, and maintenance;
Copyright © 2009 Trusted Computing Group An Introduction to Federated TNC Josh Howlett, JANET(UK) 11 June, 2009.
Firewall Issues Research Group GGF-15 Oct Boston, Ma Leon Gommans - University of Amsterdam Inder Monga - Nortel Networks.
Implementing Network Access Protection
Configuring and Troubleshooting Routing and Remote Access
Forefront Security ISA
Check Point Connectra NGX R60
Protecting Network Assets
Security and identity (Network Access Protection, Parental Controls)
NAP / PWG Discussion August 17, 2009.
Presentation transcript:

1 Endpoint Security Considerations

2 Agenda Open Networks PROs & CONs Challenges Alternatives

3 Open Networks are … Open P2P applications Wireless Net Meeting Instant Messenger Internet access Outsourcing Wireless Partners/Consultants Telecommuting Traveling Employees Website access InsideOutside PERIMETER

4 Information Security Challenges Know When you are Finished ? Missing protection Security investment not at work Misconfiguration Solve ‘solved’ problems again and again Misuse/Misbehavior Tradeoff Protection for productivity Missing in actionChasing the unknown What to do?...

5 Challenge Finished when you Stop Rogues Open Networks Valid Device Valid Device Valid Device Valid Device Rogue Device Rogue Device

6 Challenge and… Prevent valid devices from becoming Rogues Open Networks Valid Device Valid Device Valid Device Valid Device Rogue Device Rogue Device

7 Open Network What is a Rogue? Gartner Vulnerabilities Old Patch Recent Patch New Vulnerability Misconfiguration Customer experience Rogues

8 Compliance Models Voluntary Compliance Model Turning the crank faster doesn’t help

9 Process Discover –missing in action Protect -mis-configuration, -missing protection, -misuse and misbehavior. Enforce -endpoints, -access points -all of the time. Remediate – to reconnect

10 Know when you’re finished

11 Requirements Devices – managed, unmanaged, unmanageable Roles – educate software not people Processes - network, security, operations Plumbing – switches, wireless, VPN, SSL Relentless – always, everywhere

12 ManagedUnmanaged Corporate-owned devices Computers owned by partners, suppliers, customers, outsourcers, employees or public kiosks Network Dark Matter rogue computers, network infrastructure, and embedded devices Unmanageable Devices

13 Educate software not people Security policies must adapt from HQ to hotel to home to hotspot Policies must change by role, device type, location and connection Without transparency, CSOs must choose between good security or productive users Adaptive Policies RoleDevice TypeNetwork LocationPolicy ExecutiveCorporate OwnedEnterprise LANTrusted, file sharing on, full application access Sales personEmployee OwnedHome wirelessHI, file sharing off, IM off, print sharing off, limited application access OutsourcerUnknownPublic InternetVD, HI, SSL VPN access only and webmail only with data sanitization

14 Policy Verification Radius DHCP/DNS Plumbing AV & PFW & IPS AD & LDAP Patch Policy Repositories Policy Enforcement VPN Switch Wireless AP Clients Windows Linux/Macintosh PDA & Phone

15 NAC * NAP * TNC Comparison

16 Trusted Computing Group Standards TCG –a thought leading organization working together to help enterprises ensure a trusted computing environment Trusted Network Connect Sub-Group is creating a standard for interoperability to prevent untrustworthy devices from connecting to enterprise networks. Leverage existing standards – current consideration -IEEE 802.1x protocol and the IETF EAP RFC 3748 protocol for host access negotiation with network devices. -RADIUS [RFC 2865] for making access verification decisions and defining network access privileges. Ability to leverage the Trusted Platform Module (TPM) microchip for hardware based level of assurance.

17 Summary – Requirements Devices – managed, unmanaged, unmanageable Roles – educate software not people Process – security, network, operations Plumbing – switches, wireless, VPN, SSL Relentless – always, everywhere

Thank you for your time

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.