Академический Документы
Профессиональный Документы
Культура Документы
Objectives
Security awareness Latest trends in security Device Awareness
Current Trends
Cyber-attacks are increasing in speed and sophistication
exponentially
Blended threats, hybrid attacks and APTs.. Getting automated tools is easy, increase in skid culture Security costs money, Security problems cost money, time and lots
of pain.
Auto Coordinated Cross site scripting stealth / advanced scanning techniques packet spoofing denial of service
High
Staged
sniffers
Intruder Knowledge sweepers
back doors disabling audits network mgmt. diagnostics hijacking burglaries sessions Attack Sophistication exploiting known vulnerabilities
password cracking
self-replicating code
Low
1980
password guessing
Intruders
1995 2011
1985
1990
Software Vulnerabilities
99% of intrusions result from exploitation of known
vulnerabilities
Source: 2001 CERT, Carnegie Mellon University
development
Threat: lack of patches for the above Lizamoon SQLi exploited 1.5 million + hosts
E-mail Viruses
Primary medium for distributing threats Trojans Easy to create, quick to deliver, easy
to install
HTML viruses on email Innocent sounding Emails having malicious
Infected servers
Email
firewalls
Once inside the network, others are
easily affected
Further..
Unpatched servers are ticking bombs
suspects
Gathering information:
Browsing habits (sites visited, links clicked, etc.) Data entered into forms (including account names, passwords, text of Web forms and Web-based email, etc.) Key stokes and work habits
Spam
Unsolicited Email Multiple techniques to send mails Spoof email address
Image only mail Random text Text merging Token Manipulation URL hiding HTML Tag corruption Increase False positives Parse corruption
Network woes
Label spoofing Core hiding Replay attacks
Compromise of LIB
Access to LER And other MPLS security issues..
Router abuse
TACACS+ forced session_id collisions Sophisticated Packet body DOS Boot ios manipulation Improper tcl scripts (if present)
External factors
SNMP compromise
application)
Advanced Persistent Threats Smartphone Abuse
PKIOverheid..)
Key abuse (RSA, anyone ?) Kernel Rootkits/Bootkits
Obsolete Defenses
Firewalls work on port blocking strategy Reactive approach Stateful Packet Inspection (SPI) :
Provides source / destination / state
intelligence
Provides NAT Stateful firewalls cannot protect against
multilayer threats
Is limited in nature
SSL VPN solutions offer a flexible and highly secure way to extend network resources to virtually any remote user with access to the Internet and a web browser. Organizations can customize access and extend the reach of their corporate network to individuals based on their role, including the teleworker, contractor, or business partner.
Cookies Temporary Internet Files Browser History Visited URLs Downloaded Program Files
Authentication Mechanisms
Vast range of Authentication
Two-Factor or Multi-Factor
Authentication
End-point compliance
SSL VPN End-point security service - Check devices before & during session - Ensure device compliance with corporate policy - Remediate devices when needed - Cross platform support
Virus
Home PC User
- No Anti-Virus Installed - Personal Firewall enabled - User remediated install antivirus - Once installed, user granted access
Managed PC User
- AV Real-Time Protection running - Personal Firewall Enabled - Virus Definitions Up To Date - User granted full access
Web Access Terminal (WAT) is clientless access modes where user needs just a browser to establish SSL VPN connection. Using WAT user can access web applications such as Outlook Web Access (OWA), Intranet, Share Point, web-based databases, etc from any location like Airport kiosk, Cyber Caf, etc.
What is PHAT
Private Hyper Access Transport (PHAT) is one of the modes to access the Virtual Private Network (VPN). Its small footprint web deployed software that gets installed on users machine. PHAT client provide IPSec like functionality to give full access to network.
What is QAT
Quick Access Terminal (QAT) is an intermediate client between the PHAT Client and the WAT Client. The users can access TCP based client applications without installing PHAT on their machines. Once configured by the Administrator for a particular group, QAT is started from the web portal.
targeted specifically for VPN subnets is routed over SSL VPN tunnel to SSL VPNPlus Gateway. Rest of the traffic flows follows normal LAN path.
sent to SSL VPN-Plus Gateway over SSL VPN tunnel for routing. In this case, complete data from users machine can be monitored on SSL VPN-Plus Gateway. If local subnets are not excluded for user, the user wont be able to access local LAN also.
Tulip IDC
X
Tulip Connect MPLS Backbone Remote Location
Scenario 2 Instant Connectivity SSL Server Remote Customer Location Tulip Connect ADSL Link Not yet Installed Or getting delayed Remote (TNF) Location Customer Location Ready
www
Tulip IDC
www
Tulip IDC
Primary Link
Dealer Locations
www
Roaming Executives
Tulip IDC
Cyber Cafe Primary Link Tulip Connect MPLS Backbone User Moves Out
User
Management
Integration of Firewall
Deep Packet Inspection
Intrusion Prevention for blocking network threats Anti-Virus for blocking file based threats Anti-Spyware for blocking Spyware
Gateway Anti-Virus
Scan through unlimited files sizes Scan through unlimited connections Scan over more protocols than any similar solution
DPI
malicious programs
Blocks the installation of spyware Blocks Spyware that is emailed and sent internally
DPI
DPI
Protection:
Full protection from Trojan, worm, blended and polymorphic threats
Dept Zone
Server Zone
User Zone
Stateful inspection deals with only port scanning, no data is examined. Deep Packet Inspection with Intrusion Prevention can find and block, application vulnerabilities, worms or Trojans.
Stateful Packet Inspection Deep Packet Inspection Gateway Anti-Virus Anti-Virus Anti-Spyware Content Content Filtering Inspection Service
Prevention and Anti-spyware Modified for Router monitoring by combining with MSSP Trusted Certificate Management
link termination)
Reassembly-free engine
Scans & decompresses unlimited number of files & file sizes
Simple
Unified AIO solution and easy to manage
Powerful
Integrated-Realitime-Dynamic
Thank You.
Questions ?