Cisco Social Network Security

1,035 views
984 views

Published on

Презентация Алексея Лукацкого, бизнес-консультанта по безопасности Cisco

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,035
On SlideShare
0
From Embeds
0
Number of Embeds
26
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • The business environment is changing fast, with new requirements to expand customer relationship, improve productivity and reduce cost, while introducing new IT business models. Result: the Security practitioner has to move even faster and anticipate potential threats and respond to risks they bring and to provide a security safety net that will allow the organization to move with change.
  •  Mobility and Consumerization of endpointsStats on mobility trends (how many devices, by when)Stats on consumerization of endpoints in the workplaceList a couple of security breaches that happened due to mobilityCollaboration Stats on collaboration apps picking up in organizations/social mediaExample of security breaches for VoIP, Video conferencing, etcCloud/Virtualization/Externalization Key trends around cloud (private/virtual private/public)Example of security breaches for VoIP, Video conferencing, etc Slide layout: this slide should present 3 columns. The top part of each one will list the market trend and stats. The bottom part of each one (via build) will give a couple of security threats as a result of each respective change.Mobile ComputingLoss of personal information and data on mobile devices is a leading threat.For example, in July 2010, a data breach case involved a stolen laptop computer that contained personal information of more than 8,300 students and employees of P.K. Yonge Development Research School. The research school is affiliated with University of Florida. http://news.ufl.edu/2010/08/31/yonge-privacy/A similar security incident took place in November 2010. A laptop stolen in Georgia contained personal information of nearly 14,000 patients of Centra, which is a Lynchburg, VA based hospital system.http://www.myfoxatlanta.com/dpp/news/local_news/Centra%3A-Stolen-Laptop-Contains-Patient-Info-20101221-ap-sdThreats to mobile computing also come from malicious activities that attack their targets in public networks.A well known example is Firesheep. This is a Firefox web browser extension that can be used as a hacking tool to attack users of social media and other popular sites on a Wi-Fi network. This is a great example of mobile computing threats. In less than 6 months, more than 1 million downloads of this tool were made – some of these downloads perhaps have already turned into active attacks right now.https://github.com/codebutler/firesheep/downloads 2. CollaborationLoss of sensitive data and security violations are the leading threats associated with various forms of collaboration tools.Skype is a clear example. This is a communication tool that can support voice and video. The application itself is extremely resistant to reverse engineering and it uses strong encryption for its network traffic. As a result, Skype activities are difficult to detect and its communications nearly impossible to decipher. Skype can also bypass firewalls to create a backdoor to the internal network. For these reasons, Skype should be banned to prevent unauthorized communications and access on networks that are subject to strict legal or administrative regulations.http://www.sans.org/reading_room/whitepapers/voip/skype-practical-security-analysis_32918Unsecured instant messaging (IM) tools also pose many security threats, including:- Client Vulnerabilities: without proper testing, many IM clients can introduce security vulnerabilities on the endpoint device.- Data Theft: tunnel through the network firewall and email filter to transfer confidential materials out of an organization.- many othershttp://www.technicalinfo.net/papers/IMSecurity.htmlP2P sharing of copyright-protected materials is another known security issue for many universities and colleges.3. Virtualization and CloudThese new technologies introduce new threats.In virtualization, a new “attack surface” is born as a result of the virtual machines and the hypervisor.Gartner lists the following threats:•A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads•The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms•Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking•There Is a Potential Loss of Separation of Duties for Network and Security Controls When These are Virtualized http://www.gartner.com/DisplayDocument?ref=clientFriendlyUrl&id=1288115For cloud computing, many threats are identified due to changes in technologies and business processes. Cloud Security Alliance listed the following as top cloud computing threats.Threat #1: Abuse and Nefarious Use of Cloud Computing Threat #2: Insecure Interfaces and APIs Threat #3: Malicious Insiders Threat #4: Shared Technology Issues Threat #5: Data Loss or LeakageThreat #6: Account or Service HijackingThreat #7: Unknown Risk Profilehttp://www.cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf 
  • The changing business environment is also shifting user expectations of IT. The Cisco Connected World Report shows greater demand for the ability to work from anywhere with the user’s device of choice, while using video and rich media to enhance communications. Simultaneously, the report showed that IT is struggling with the performance and security implications associated with the proliferation of mobile devices and the delivery of a dynamic networked organization. 60% believe they don’t need to be in the office to be productive66% would accept a lower-paying job (10%) for more work flexibility45% work an extra 2-3 hours a day since they are able to work outside of the office (additional 25% work 4+ hours)45% of IT professionals unprepared to make workforces more mobile57% of IT professionals said security is the biggest challenge in supporting a mobile and distributed workforce
  • This trend brings with it a set of business challenges, centered on malware, data loss, and acceptable use.Threat writers know that HTTP can get’em in the door and it’s difficult to defend such a real-time medium. More malware variations in 2008 than in all of history. 94% of malware attacks now coming via the web. Data Loss – there are more frequent examples of the CEO’s nightmare of landing on the front page over customer or partner records being compromised—and in many cases the web being the channel that the information leaked or was stolenAcceptable use challenges: draining productivity and introducing legal risk of offensive content entering the enterprise; but also risk that YouTube chokes off resources from critical business applications like WebEx
  • Modern malware is designed to evade legacy defenses. Two specific themes that we want to highlight: (1) exploiting legitimate sites; and (2) social engineering.Expoited Websites: Nearly 90% of threats today are launched via Exploited legitimate websites. High traffic, reputable sites such as MSNBC and Business Week.Shows why URL filtering is not a security solution: who would block the News category?Social Engineering: attacks takes advantage of interest in current events to take users to polished mal-sites. For example, on the eve of the US presidential inauguration a “news” story circulated about Obama’s purported decision to not take the oath of office. Almost every current event today is accompanied by a new malware threat.Other campaigns target trust of messages from friends, sending messages on Facebook or promoting YouTube videos.Beyond directing users to Web malware, these attacks also convince users to bypass their desktop defenses. “Installing this may give a virus warning. Simply click to proceed…” , highlighting the limitations of desktop defenses.
  • The changing business environment is also shifting user expectations of IT. The Cisco Connected World Report shows greater demand for the ability to work from anywhere with the user’s device of choice, while using video and rich media to enhance communications. Simultaneously, the report showed that IT is struggling with the performance and security implications associated with the proliferation of mobile devices and the delivery of a dynamic networked organization. 60% believe they don’t need to be in the office to be productive66% would accept a lower-paying job (10%) for more work flexibility45% work an extra 2-3 hours a day since they are able to work outside of the office (additional 25% work 4+ hours)45% of IT professionals unprepared to make workforces more mobile57% of IT professionals said security is the biggest challenge in supporting a mobile and distributed workforce
  • Web Reputation Filters examine every request made by the browser  - from the initial HTML request to all subsequent data requests including live data, which may be fed from different domains. This gives IronPort's Web Reputation Filters a unique advantage over vendors that reduce Web reputation to a simple URL Filtering category. IronPort’s Web Reputation Filters is the industries only reputation system to include Exploited Website Defense, Botsite Defense and URL Outbreak Detection - protecting users from known and unknown exploits (including adware, Trojans, system monitors, keyloggers, malicious/ tracking cookies, browser hijackers, browser helper objects and phishing attacks) delivered through Cross-sight Scripting, Cross-sight Request Forgery, SQL Injections or invisible iFrames. The power behind the IronPort’s reputations technology comes from the systems pattern-base assessment techniques and per-object scanning capabilities. IronPort’s Web Reputation Filters is industry’s first and best Web reputation filtering system that provides a powerful outer layer of malware defense before it has a chance to enter the network.
  • Criminals are using their business acumen ("Cybercrime MBA") to maximize innovation and profits across a portfolio of criminal techniques and business modelsWe lack the framework to analyze criminal businesses at a macro levelThe CROI Matrix plots techniques and business models that make up the cybercrime product life cycle according to their growth and revenue potentialModeled on the Boston Consulting Group Growth-Share Matrix-- highlight how things are moving – phishing 1.0 (inoculation) into Zeus and money mules (due to better payment security), IM > Social networking, web exploits – major, developing technique, cash cows = less change…clockwise movementif they made into it rising star status…- DDoS got a lot of ink. Not part of the investment, a side benefit,
  • Overall picture: list of Cisco security solutions with perhaps the architecture as a backdrop.Cisco TrustSec, Cisco AnyConnect Secure Mobility, Cisco Virtual Office, PCI DSS Compliance, Threat Defense (Firewall, IPS), Cisco Content Security (email/web), Cisco Data Center Security, Cisco Virtualization and Cloud Security
  •  
  •  
  • AnyConnect Client: AnyConnect automatically creates an SSL VPN, IPSec VPN, or MACsec encrypted tunnelCatalyst Switch: Cisco TrustSec tags data with access policy, inspects MACsec encrypted traffic, assesses the health of the endpoint device, and provides role-based accessCisco ASA: Cisco ASA terminates SSL or IPSec VPN tunnel, provides traffic protectionCisco ISE: Cisco ISE provides role-based access policy and AAA (Authentication, Authorization, and Accounting) servicesNexus Switch:Cisco TrustSec inspects MACsec encrypted traffic, reads data policy tags, and enforces access policy
  • The changing business environment is also shifting user expectations of IT. The Cisco Connected World Report shows greater demand for the ability to work from anywhere with the user’s device of choice, while using video and rich media to enhance communications. Simultaneously, the report showed that IT is struggling with the performance and security implications associated with the proliferation of mobile devices and the delivery of a dynamic networked organization. 60% believe they don’t need to be in the office to be productive66% would accept a lower-paying job (10%) for more work flexibility45% work an extra 2-3 hours a day since they are able to work outside of the office (additional 25% work 4+ hours)45% of IT professionals unprepared to make workforces more mobile57% of IT professionals said security is the biggest challenge in supporting a mobile and distributed workforce
  • #3 casesTrusted security architecture with pervasive network visibility and control - reduce complexity and increase protectionThe industry’s most rich and innovative security portfolio - optimized for any organization size and needs today and into the futureUnique context aware threat protection and security intelligence discovers and protects against next generation of threatsConsistent enforcement of policy throughout an organization using posture and context to enable a secure borderless experience Network integration that enables security from the device, throughout the network, to the data center, gathering data and enforcing Validated with third-party ecosystem partners to ease integration and deployment
  • #3 casesTrusted security architecture with pervasive network visibility and control - reduce complexity and increase protectionThe industry’s most rich and innovative security portfolio - optimized for any organization size and needs today and into the futureUnique context aware threat protection and security intelligence discovers and protects against next generation of threatsConsistent enforcement of policy throughout an organization using posture and context to enable a secure borderless experience Network integration that enables security from the device, throughout the network, to the data center, gathering data and enforcing Validated with third-party ecosystem partners to ease integration and deployment
  • ×