Professional Documents
Culture Documents
Agenda
SECURITY OVERVIEW
TYPES OF ATTACK
SECURITY BLUEPRINT
FIREWALL AND IDS
ANTIVIRUS SYSTEM
SECURITY SCANNER SYSTEM
SECURITY CENTRAL MANAGEMENT SYSTEM
IDENTITY
SECURITY DESIGN SOLUTION FOR
EXIMBANK
SECURITY OVERVIEW
Everything is a target
Routers, switches, hosts, networks, applications,
information, management tools
New breed of network attacks have multiple vectors
that cannot be blocked by one device
Network security requires an integrated system
Layers of security are required
Embedded security throughout the network
Integrated security in network devices
Network management and reporting must be secure
Operational capability
Future
Adaptive networks
- Self-managing, self-healing
- Security-aware networks
Today
Protection
Protection from threats
- Comprehensive, integrated solutions
1995
1985
Detection
Detection of threats
- Reactive point products, some automation
Inappropriate
Web Content
Worms
Trojans
Deep
Packet
Inspection
Simple
intrusions
Stateful
Inspection
1990
1995
Viruses
Sophisticated
Intrusions
Denial of
Service Attacks
2000
2005
Security Threats
On the rise, more dangerous, easier to launch
Number of
Intrusions
Packet Forging/
Spoofing
Stealth
Diagnostics
DDOS
Sweepers
Back
Sniffers
Doors
25000
20000
Exploiting Known
Vulnerabilities
15000
10000
Sophistic
ation
of hacker
tools
Self Replicating
Code
Disabling
Audits
Password
Cracking
5000
Technical
knowledge
required of
hacker
Password
Guessing
0
1988
1990
1992
1994
1996
1998
2000
Port Number
30 day history
Explanation
epmap
135
nterm
1026
remote_login network_terminal
icq
1027
ms-sql-m
1434
Microsoft-SQL-Monitor
netbios-ns
137
microsoft-ds
445
dabber
9898
sasser-ftp
5554
mydoom
3127
netbios-ssn
139
TYPES OF ATTACK
Packet Mangling
Oversize, Fragmentation
Flooding
Hackers
Customers
Themselves
Through stolen/guessed passwords
Insiders
Through malice
Carelessness
Overwork
Competitors
Misconfigured Software
Lots of sw has more secure configuration
which is not turned on out of the box
Outdated software with known problems
Bad passwords
Exploit tools
Stealth tools
SECURITY BLUEPRINT
Corporate
Security
Policy
Real-Time
Intrusion
Detection
Audit/Test
Proactive Network
Vulnerability Assessment
Intrusion protection
Intrusion protection
II
Identity services
Card readers
Security room CCTV
Secure connectivity
Secure transport
FIREWALL
Application Firewall
CheckPoint Software
Stateless Firewall
Stateful Firewall
URL
Block
Proxy
Server
WWW
DNS
Perimeter Networks
Inside Network
Cisco
Secure
NT
RAS
CheckPoint Express
SmartCenter SmartDashboard
Accelerated, Integrated
Depth-of-Defense
Engineering
Finance
Security Sensor
Web Server
Email Server
Security Sensor
Corporate
Network
Router
Hacker
Inside
Pix Firewall
Network
Operation Center
Router
Internet
Encrypted VPN
Service
Provider
Security Sensor
Alert
IDS Director
Remote
Office
31
ANTIVIRUS SYSTEM
2000:
$12.1 billion
$17.5
Billion
1999:
Melissa:
$385m
ILOVEYOU:
$6.7 billion
Annual Estimated Costs
*Source: ICSA
(International Computer
Security Association)
Computer Virus
Prevalence Survey 2000
Firewalls functions
Firewall
1. Authentication
2. Permission Check
STOP!
Firewall
Interscan Viruswall
STOP!
SECURITY SCANNER
SYSTEM
SECURITY CENTRAL
MANAGEMENT SYSTEM
Policy versioning
IPsec VPN
Centralized repository
IPsec VPN
IDENTITY
What is AAA?
AUTHENTICATION Who is allowed access?
H NI
Router 3620
NNG
CN TH
VP
VP
VPN
Catalyst 4003
VPN
2 x Router 3640
CrossBeam
Firewall X45
IDS 4235
Server
Storage
VP
Web Cache
CA Server
Aplication Server
MANAGEMENT MODULE
Security Scanner
Central Management
Server
CH LN
Mail Server
VPN
Database
Server
Web Server
WEB Sense
Antivirus
Server
Mail Relay
Proxy
HA BNH
DMZ Module
HI S
FUTURE PLAN
Two-Factor Authentication
Applications in Healthcare
E-Business
Internet
Access
RSA
ACE/Server
RSA
Agent
Internet
Web Server
Mainframe
VPN or
Firewall
Enterprise
Intranet
RAS
RSA
Agent
Remote Access
Applications
&
Resources
Enterprise
Access
Unix
Network Activity
Example
Overall Activity
Approx 2.5
Gbytes/day
Provides:
Advanced Visualization