Securing the Borderless Network March 21, 2000 Ted Barlow.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Chapter 9 Deploying IIS and Active Directory Certificate Services
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Firewall Configuration Strategies
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Chapter 7 HARDENING SERVERS.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 19 Security.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Installing and Configuring a Secure Web Server COEN 351 David Papay.
Firewall Slides by John Rouda
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Chapter 19 Security Integrity Security Control –computer-based –non-computer-based PC security DBMS and Web security Risk Analysis Data protection and.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Hands-On Microsoft Windows Server 2008
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Chapter 13 – Network Security
70-411: Administering Windows Server 2012
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
TNQ How To Implement Secure, Web-Based Business Solutions Based On Windows ® 2000 Server And Internet Information Server 5.0 Name Title Microsoft.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Chapter 6 of the Executive Guide manual Technology.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 11: Remote Access Fundamentals
System Security Basics. Information System Security The protection of information systems against unauthorized access to or modification of information,
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Module 9: Fundamentals of Securing Network Communication.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
® Gradient Technologies, Inc. Inter-Cell Interworking Access Control Across the Boundary Open Group Members Meeting Sand Diego, CA USA April 1998 Brian.
Network Infrastructure Microsoft Windows 2003 Network Infrastructure MCSE Study Guide for Exam
Security fundamentals Topic 10 Securing the network perimeter.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
WEB SERVER SOFTWARE FEATURE SETS
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Firewalls Definition: Device that interconnects two or more networks and manages the network traffic between those interfaces. Maybe used to: Protect a.
Security fundamentals
Securing the Network Perimeter with ISA 2004
Security in Networking
Unit 27: Network Operating Systems
Server-to-Client Remote Access and DirectAccess
Goals Introduce the Windows Server 2003 family of operating systems
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Securing the Borderless Network March 21, 2000 Ted Barlow

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu The Internet has fundamentally changed the way networks are designed and secured Introduction

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu How things used to be... single host environment mainframe security systems hierarchical controls well-defined access paths dumb terminals centralized storage/processing of data Old Model

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu “Fortress” Security Model Internet Internal Network Firewall Protocols: SMTP FTP HTTP “New” Old Model

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu DMZ “Freeway” Security Model Internet Internal Network Firewall Web Server Application/ Database Vendor Extranet HTTP SSLJava ActiveX SMTP S/MIME VPNViruses TrojansH.323 Credit Validation Network New Model

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu What are the Risks? Denial of Service DDOS (Distributed Denial of Service Attacks) Defacement 3693 web server defacements in 1999 ( 130 government sites (.gov) Loss of private data CD Universe (~350,000 credit card numbers) Breach of internal networks and systems Risks

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu How do you Build a Secure Internet Application Environment? Incorporate security reviews early in the design process Design with future strong authentication methods in mind Design for explosive growth Encrypt entire path from client to backup tapes for critical data Establish security baselines and perform security hardening before going live on the Internet Design and Build

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Key Components of the Secure Network Border routers DMZ Firewalls Encrypted data paths Intrusion Detection System (IDS) Content Security (CVP) Infrastructure

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu The Firewall/DMZ Environment Begin with a secure screening router Choose a firewall that is extensible, scalable Packet filtering vs. application proxy firewalls Firewall appliances and next generation firewalls Network address translation (NAT) will improve DMZ security Build firewall redundancy Firewalls

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Choosing the Right Firewall Solution Packet Filters Application- Proxy Gateways Stateful Inspection Firewall Comparison PROSCONS Application Independent High Performance Scalable Good Security Fully Aware of Application Layer Good Security High Performance Scalable Fully Aware of Application Layer Extensible Low Security No Protection Above Network Layer Poor Performance Limited Application Support Poor Scalability More Expensive

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Is Intrusion Detection Necessary? Definition – the ability to detect and defend against defined attack patterns Host based & network based Network IDS can be integrated with firewalls to automatically respond to attacks Host based IDS can detect changes to operating system programs and configurations IDS

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Internet Web Server Internet External Router Intranet Web Server Internal Network DMZ Outside Application/Database Server Backup Server Intrusion Detection System (IDS) Inside Design Case Study Internal Router

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Web Server Internet External Router Internal Router IDS App Server Backup Server Internal Network IDS Console IDS CVP Server DMZ NAT DMZ NAT Design Case Study

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu How do you Maintain a Secure Internet Application Environment? Keeping ahead of security exploits is a full time job Actually review and report on firewall, IDS and system logs Develop incidence response (IR) procedures and IR team Periodically review and audit system and network security configurations Maintenance

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu What is coming in Network Security? Better, cheaper authentication mechanisms Open network security models System, application level “firewalls” Windows 2000 Future Developments

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Windows 2000 Security Kerberos Authentication Infrastructure Certificate Authority (CA) Security Configuration Editor IPSec Support Encrypting File System (EFS) Future Developments

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Kerberos Authentication Windows 2000 supports several authentication models: Kerberos for internal authentication and X.509 certificates for external authentication. Kerberos can be configured to use private or public key authentication. Keys are managed by the Domain Controller (DC) in the Key Distribution Center (KDC). A User is granted a ticket or certificate which permits a session between the user and the server. Important security considerations: The KDC MUST be physically secured Susceptible to password dictionary attacks Administrators still have complete access Future Developments

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Certificate Authority (CA) This is a Public Key Certificate Server built into Windows The server manages the issuing, renewal, and cancellation of digital certificates. Digital certificates are used to initiate encrypted sessions such as Secure Sockets Layer (SSL) for secure web-based communications. Future Developments

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Security Configuration Editor This is a Microsoft Management Console (MMC) tool that eases security administration. Allows administrators to create security baselines by defining templates with global security parameters, and then perform security analyses against the templates. Manages security policies, file system access control, and Registry permissions. Future Developments

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Internet Protocol Security (IPSec) Defines security policies at the lowest possible layer: the network communication layer. Enables encryption and decryption of network packets before they leave the network interface card (NIC). Supports the use of public keys (RSA) or private keys (DES). Future Developments

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Encrypting File System (EFS) Allows users to encrypt files and directories that only they (and administrators) can decrypt. EFS creates a separate 56-bit encryption key based on the Data Encryption Standard (DES) algorithm. The administrator’s key can unlock any encrypted file in the domain. This service is very fast and encryption/decryption occurs without the user noticing. Future Developments

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Summary of Best Practices If possible, create a separate trusted network (DMZ) Choosing the right firewall solution is key Application security is only as strong as system and network security Design the infrastructure to facilitate monitoring and data backups Intrusion Detection Systems – you can’t defend what you don’t detect Summary

Securing the Network Copyright 2000, Deloitte Touche Tohmatsu Questions? Contact: Ted Barlow Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.