Joe Budzyn Jeff Goeke-Smith Jeff Utter

Risk Analysis  Match the technologies used with the security need  Spend time and resources covering the most likely and most expensive risks

Firewalls  What is a firewall? A technology for the selective allowance of network traffic.  Types of firewalls Stateful or Stateless Software or Hardware  Border or Intranet

Firewalls  Rule Set Methodology Mostly Open Mostly Closed  Zones Untrust Trust DMZ

IDS / IPS  Network Device that identifies and optionally stops hostile network traffic  Signature based detection Signatures can match on packet content Signatures can match on behavior  Deployed at network choke points Generally in conjunction with a firewall Border of an office, a workgroup, a building, or a campus

Encryption  Encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.  Public Key / Private Key  Pre-shared Key  Example Uses Disk Encryption, File Encryption Secure (i.e. PGP)

VPN  Network tunnel over a more general network  Implies channel encryption, authentication, authorization  May be used to avoid firewalls and IPS/IDS systems on the path of the tunnel  Deployed next to firewalls for remote access or administrative access.

Secure Remote Access  Remote Desktop Client  SSH  Network Tunnels  Two Factor Authentication  Key Based Authentication

Tripwire  Tripwire watches for changes to files for monitored systems.  Enterprise Tripwire runs with a server and clients. Remote monitoring of changes, with alerts. Ability to approve or roll back some changes.  Useful in the detection of intentional and unintentional changes.

Network Flow Analysis  Look for ‘odd’ behavior rather than ‘odd’ content.  Traffic sent to an analysis engine via a mirror, or summarized by the routers  Multiple products exist with differing emphasis Arbor Networks Q1 labs

Anti-Malware  Malware is any piece of malicious code or a program that embeds itself onto a computer without the user’s knowledge.  Examples Virus Spam Trojan Root kit Spyware Adware Key Logger

Anti-Malware  What to do about it? DON’T OPEN ATTACHMENTS THAT YOU ARE NOT EXPECTING. ○ ESPECIALLY IF YOU DON’T TRUST THE SOURCE Keep an up to date Anti-Malware application (or suite) installed and running. ○ Many different vendors and some free apps do this.

Security Practices - Servers  Patch Management All systems are vulnerable, patching makes them less so  Log Analysis Learn what is normal, then watch for the abnormal  Secure Configuration Pick a standard and follow it

Security Practices - Users  All users on the network are integral to overall security User Education Campaigns  User Policy Tools Group Policy, reviewing logs

Denial of Service Protection  Types of DoS UDP flood, SYN flood, ICMP flood, backscatter, distributed, packet of death, BGP route injection  Type of protection Routing infrastructure Firewalls Special adaptive devices

Advanced Network Tricks  Honey Pots – a weakened computer meant to attract attackers  Tar Pits – a series of fake computers meant to slow attackers down  Dark Nets – a network of fake computers meant to determine what attackers are doing

Managing Your Identities  Common complaint: I have too many passwords to remember! This may lead to sticky notes under keyboards  Password Wallet or Password Safe  Public key / private key encryption  Password generation algorithms