A Layered Approach to Security for Extranets
Download
Report
Transcript A Layered Approach to Security for Extranets
A Layered Approach to Support
Extranet Security
Ralph Santitoro
Director of Security Solutions - Nortel
EntNet @ SUPERCOMM 2005 Panel 2 Session - June 6, 2005
[email protected]
http://www.nortel.com/security
What are you trying to protect?
> Business Continuity
• Protecting the network, hosts and applications from threats or
vulnerabilities
• Protecting outsourced services, e.g., Call Centers, Customer Service
> Information Security
• Controlling the usage of information
• Auditing the movement of information
Information
Privacy Layer
Information Security
Network, Host, and
Application Defense Layer
Business Continuity
© 2005 Nortel Networks. All Rights Reserved.
-2-
What’s Keeping the CxO Up at Night?
- Top 5 Security Concerns for 2005*
>1
Computer worms, viruses
>2
Regulatory compliance
>3
Online fraud
>4
Early warning of cyber attacks
>5
Data Privacy
80% of CSOs report that cyber attacks had a
bottom-line financial impact on their organizations*
* Source: CSO Interchange New York December 2004
© 2005 Nortel Networks. All Rights Reserved.
-3-
Regulations will Drive Security Deployments
- Regulations will increase the focus on Security
> Sarbanes Oxley
> Health Insurance Portability and
Accountability Act (HIPAA)
> Gramm-Leach-Bliley (GLB)
> California Database Breach Notification
Act (SB1386)
> Data Protection and Misuse Act (UK)
> Personal Information Protection &
Electronic Documents Act (Canada)
> Safe Harbor Act – EU Data Protection
Act (Europe, U.S.)
© 2005 Nortel Networks. All Rights Reserved.
-4-
Business Continuity
- Protecting the Network, Hosts and Applications
- What are the Threats ?
Business Continuity
- Must maintain reliable services
> Conduct business without outages of critical services
> Maintain communications
• Internally and with customers, suppliers, partners
© 2005 Nortel Networks. All Rights Reserved.
-6-
What are the Threats ?
- Malicious Software (Malware) : Viruses, Worms, Trojans
> Typically infect computer by exploiting “vulnerabilities”
and social engineering
•
•
•
•
•
Steal passwords (e.g., cookies)
Destroy documents
Steal confidential data (e.g, Phishing, Scam)
Impede host or network device performance
Distribute SPAM
> Infected computers threaten security of the network
> How to stop Malware
•
•
•
•
AntiVirus software
Intrusion Detection software or appliances
Traffic Management devices
Security policies
© 2005 Nortel Networks. All Rights Reserved.
-7-
Denial of Service and DDoS attacks
> Targets known “vulnerability” in devices
> Can cause devices to completely stop working
> Denial of Service
• one hacker targeting one network device or host
> Distributed Denial of Service (DDoS)
• One or several hackers taking over multiple hosts on the Internet.
• These machines then target a single network device or host
© 2005 Nortel Networks. All Rights Reserved.
-8-
Extranet Challenges
- Threats from Encrypted Traffic
> Sensitive data, VPN traffic, secure multimedia and
eCommerce rely on encryption for security
• Encryption hides malicious code
> Threat prevention devices must:
• Decrypt the traffic
• Scan traffic for Malware
• Report or take action on the traffic
• E.g., report the threat, drop the traffic, reduce the bandwidth, etc.
• Re-encrypt the traffic
© 2005 Nortel Networks. All Rights Reserved.
-9-
ANATOMY OF A REAL-WORLD ATTACK
A sophisticated attacker will leverage trust relationships to gain
access to more valuable information assets.
5 P’s
• Probe
• Penetrate
• Persist
• Propagate
• Paralyze
External
attacker’s system
Base camp
A target server is attacked and compromised
The acquired server is used as vantage point
to penetrate the corporate net
Further attacks are performed as an internal user
© 2005 Nortel Networks. All Rights Reserved.
-10-
Threat Prevention
> Extranet Treats require similar
protection to other internal or
external threats
> Similar technologies and
procedures used
> Intelligent traffic
management is critical
Mitigate
Analyze
Signatures
Violations
Capture
Scan
Monitor
Detect
Patch
Mitigate
Act
Behavior
Log
Act
Configure
Alert
Detect
Monitor
Policy
© 2005 Nortel Networks. All Rights Reserved.
Block
-11-
Enterprise Security Challenge
- A Dynamic Situation
Infrastructure
Attacks
Unknown attacks
Engineered attacks
• Passwords
compromised
• Sessions intercepted
X
X
X
X
Intranet
• Compromised
• Malicious
• Unintentional
Extranet
X
• Compromised
• Malicious
• Unintentional
X
Unknown Connections
• Wireless
access points
• Unused active ports
• Unauthorized use
X
X
X
Understand the network.© 2005
Detect
the vulnerabilities.-12-Protect the assets
Nortel Networks. All Rights Reserved.
Security Policy Layers
- Why Deep Packet (L3-L7) Inspection and Intelligent Traffic
Management are so important
Example Traffic Flows
Anti-Spoofing
ScanSynFin DoS Attack
Worms, Viruses, Trojans …
Peer-to-Peer
Instant Messaging
Limited
VoIP
Guaranteed
Reporting and Logging
© 2005 Nortel Networks. All Rights Reserved.
-13-
Remote End Point Compliance
> Remote end point devices (PCs, mobile devices, etc.)
accessing Extranet are assessed prior to network access
• To determine if they are compliant with security policies
> Example policy compliance rules
• AntiVirus installed, AntiSpyware installed, Operating System
security patches and Application security patches must be installed
> Compliance Policies Choices
• Block All, Quarantine, Allow Some, Allow All
End point devices accessing the network are made
compliant with corporate security policies
© 2005 Nortel Networks. All Rights Reserved.
-14-
Remote End Point Security Challenges and
Solutions for Extranets
> Masquerading: How do I know the user hasn’t stolen a user ID & password?
• Use a Token-based or 2-factor authentication, e.g,. RSA SecureID card or User ID /
Password + VPN ID / Password
> Negligence: A user walks away from her desk leaving an open VPN session
• Use an auto-logoff timer to terminate VPN session after a period of inactivity
> Residual Data: A patient’s medical data is cached on a PC and becomes
accessible to the next user
• Use cache cleansing to clear browser history and cached data once VPN session is
terminated.
> Trust: I don’t want sensitive applications accessed from any unknown PCs
• Use dynamic access policies enabling varied access depending on configured
parameters at login, e.g., allow Email, but no file access or deny access completely
© 2005 Nortel Networks. All Rights Reserved.
-15-
Remote Endpoint Security Compliance
and Remediation for Extranets
> Example Extranet end point security policy to access network:
• AntiVirus must be installed
• AntiSpyware must be installed
PFW
IDS
Virus
AntiSpyware
PFW
IDS
Virus
AntiSpyware
Quarantine / Remediation
Extranet VPN
connection
Client-based
Extranet access
Client-less
Extranet access
© 2005 Nortel Networks. All Rights Reserved.
-16-
Summary
> Extranets require multiple layers of protection to ensure
business continuity and protect information privacy
• Secure access (VPN) with user-based Security Policies
• Threat Prevention at Layer 3-7
• Deep Packet Inspection and Intelligent Traffic Management
• End Point Security Compliance and Remediation
© 2005 Nortel Networks. All Rights Reserved.
-17-