Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.

Published byAdelia Moody Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc."— Presentation transcript:

1

2 Network Perimeter Defense Josef Pojsl, jp@tns.cz Martin Macháček, mm@tns.cz Trusted Network Solutions, Inc.

3 IP filtering gateways Proxy gateways Combinations (defense in depth) Traditional techniques Internet Internal Network

4 Perimeter expansion Increased bandwidth Remote offices Telecommuters Roaming users Partners Technology Cryptography VPNs Internet Internal Network

5 Role of communication Growing dependence on IT systems Paperwork replaced with electronic data As a consequence Greater potential of attacks and vulnerabilities Data integrity attacks Harder detection Automation Complexity Technology Cryptography Content scaning Intrusion detection Vulnerability scanning

6 Complexity Internet Internal Network VPNs Firewalls Public servers Internal servers Intrusion detection Content scanner Vulnerability scanner

7 Risk Assessment Risk factors Worth Attraction Threat Vulnerability Probability Countermeasures Prevention Detection Reaction High-risk environments: risk factors are relatively high

8 Security processes Every day New processes are being transformed into electronic forms New vulnerabilities and patches emerge Event logs must be analyzed Appropriate actions must be taken Etc. As a consequence Security is a process Services serve better than products Expert teams specialized in security are needed Some processes may be (internally) outsourced

9 Fighting complexity Minimalism Rarely used in software design Unusual parameter combinations Number of interactions Modularity Modules are more easily verifiable Well-defined interfaces between modules Minimal design Customization

10 Event logging Full, fine-grained event logs are vital for detection Easy to process, human readable Log analysis: statistics, expert systems, manual Audit Logs

11 Open architecture Not necessarily open-source Source code serves for –Verification –Documentation No “security through obscurity” No “breakthroughs” Compliance with open standards

12 Conclusion Design principles to follow when building network security defense in high-risk environments Processes, not solutions MinimalismModularity Thorough audit trails and log analysis Open architecture Expert teams Outsourcing

Download ppt "Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc."

Similar presentations

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.

The Whole/Hole of Security Public (DoD) v. Corporate Carl Bourland US Army Judge Advocate Generals Corps.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
What’s New in Office 2007. Visio 2007 Microsoft Office Visio 2007 drawing and diagramming software makes it easy for IT and business professionals to.

What’s New in Office Visio 2007 Microsoft Office Visio 2007 drawing and diagramming software makes it easy for IT and business professionals to.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.

Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor

Blended Threats and Layered Defenses Security Protection in Today’s Environment Marshall Taylor
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
Term Project Teams of ~3 students Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and.

Term Project Teams of ~3 students Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
University of Massachusetts Amherst InteLock TM Team: Emmanuel Seguin Josh Coffin Anh-Kiet Huynh Christos Tsiokos Remote Access and Proximity Key Advisor:

University of Massachusetts Amherst InteLock TM Team: Emmanuel Seguin Josh Coffin Anh-Kiet Huynh Christos Tsiokos Remote Access and Proximity Key Advisor:
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.

“Today over 70% of attacks against a company’s network come at the ‘Application Layer’ not the Network or System layer.” - Gartner Is Your Web Application.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Similar presentations

Ads by Google