Persistent LAN Security




                                                                         Ajit Shelat
         ...
Top Network Attacks


                                  Sabotage
                             DNS Attacks
                ...
Modern Day Complex Threats

               Typical Blended Attack
                       •    Designed to maximize damage
...
Virus/Worm internals –
Understanding Conficker


                 Disables all
                 Security on               ...
Hacking made easy

                                                                     •Stealth
                         ...
Security mechanisms
      today




10/21/2009   © 2005 Nevis Networks – Proprietary and Confidential   6
Perimeter Security

» Gateway Firewall
» IDS/IPS
» Gateway AV
» VPN
» Content filtering




Issues
»Ineffective against at...
Network Access Control - End
Point Security
»   OS Patch Management
»   Anti Virus / Anti Spyware
»   Personal Firewall
» ...
Network Access Control -
    Authentication

     »Access control




»Issues
»Does not provide for persistent security – ...
End-to-End Application Security
» Application security
» Client to Server Secure
pipe
» Clean, Trusted End-Point




Issue...
LAN Security – Weak Link in the
Chain
    Internet

                                       Gateway                        ...
Forrester View

• The Problem: Managing all endpoint risks to the network


• Proactive Endpoint Risk Management (PERM)*:
...
Comprehensive LAN
   Security Solution




10/21/2009   © 2005 Nevis Networks – Proprietary and Confidential   13
It’s All About Knowing…

                                                                    •   Who is on your
          ...
Characteristics of Comprehensive
LAN Security Solution
• Comprehensive LAN Security
       – Involves Endpoint Authenticat...
An Integrated Policy Approach




                                             Threat                 Network      Applica...
The Identity-Aware Network

                                                        Mission-critical Applications
        ...
Multi-layer Defense Model

•Unauthorized
access
•Plundering system
for data
•Reconnaissance
and Scanning
•Worm and
Viruses...
Comprehensive Security – Integrated
Perimeter, LAN & End point security
                                          VPN     ...
One Stop Comprehensive LAN Security
Status




 10/21/2009   © 2006 Nevis Networks – Proprietary and Confidential   20
Thank You




10/21/2009   © 2006 Nevis Networks – Proprietary and Confidential   21
Upcoming SlideShare
Loading in …5
×

Ajit Shelat - Persistent LAN Security - Interop Mumbai 2009

994 views
909 views

Published on

In a growing electronic economy, cyber attacks are now being used with greater intensity for political, financial and military reasons. Many countries are also using cyber attacks to extract critical information about strategic developments to gain an edge. Simultaneously, hackers are creating millions of zombies, and are using them effectively to launch coordinated attacks. The epidemic growth of malware is reducing the effectiveness of current signature-based technologies. As a result, the world is moving towards alternative technologies, namely reputation or anomalies based detection and prevention. This presentation will explore how targeted attacks are being executed, and how organizations can neutralize these attacks by adopting the right techniques. Shelat will also highlight how a multi-layered security technologies approach can be deployed to protect critical infrastructure from attacks.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
994
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ajit Shelat - Persistent LAN Security - Interop Mumbai 2009

  1. 1. Persistent LAN Security Ajit Shelat CEO Nevis Networks 10/21/2009 © 2005 Nevis Networks – Proprietary and Confidential 1
  2. 2. Top Network Attacks Sabotage DNS Attacks Password Sniffing Systems Penetration Abuse of wireless BOTS Bar 1 Denial of service attacks Unauthorized Access Insider Abuse Trojans, viruses, worms 0% 20% 40% 60% 2008 CSI Survey Results of 522 Worldwide Respondents 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 2
  3. 3. Modern Day Complex Threats Typical Blended Attack • Designed to maximize damage • Fast spreading network-based threat with multiple attack vectors: •Combination of virus, spam, worm, and with vulnerabilities exploits • Leverages p2p, IM and email to spread with a malicious payload attachment • Can self replicate acting as a hybrid virus/worm • Remote execution, DoS, Backdoor applications 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 3
  4. 4. Virus/Worm internals – Understanding Conficker Disables all Security on Tries to spread the PC Starts Peer to Peer Carries out Internet Communication rendezvous 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 4
  5. 5. Hacking made easy •Stealth Mode •Keystroke capture •Screen shots •Password capture •No detection by AV +AS software •Mail including Webmail capture 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 5
  6. 6. Security mechanisms today 10/21/2009 © 2005 Nevis Networks – Proprietary and Confidential 6
  7. 7. Perimeter Security » Gateway Firewall » IDS/IPS » Gateway AV » VPN » Content filtering Issues »Ineffective against attacks from inside the network » Non-malicious, careless Users with ‘tainted’ Laptops, USB devices, or who inject attacks directly into the LAN by careless internet access » Malicious Insiders who can launch targeted attacks 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 7
  8. 8. Network Access Control - End Point Security » OS Patch Management » Anti Virus / Anti Spyware » Personal Firewall » HIPS Issues » OS patches and AV/AS updates can take weeks to be deployed » AV, AS protection typically provide coverage of about 85-95% » AV, AS coverage for new attacks is lower in the few hours after a new attack is launched » Zero day and targeted attacks can bypass end-point protection mechanisms » Malicious Users can disable/evade endpoint security checks 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 8
  9. 9. Network Access Control - Authentication »Access control »Issues »Does not provide for persistent security – mainly aimed at pre-connect authentication » Does not protect against a determined, malicious User attack » No threat detection and prevention »No support for detailed logging of network activity – inability to generate compliance reports and support forensic analysis 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 9
  10. 10. End-to-End Application Security » Application security » Client to Server Secure pipe » Clean, Trusted End-Point Issues »End to end encryption does not prevent malicious traffic being exchanged between the client and server »Endpoints cannot be assumed to be clean since » They can be attacked using other protocols, e.g. L2 protocols on LAN, DoS attacks •Protocols such as SSL can be broken using man-in-the-middle type attacks 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 10
  11. 11. LAN Security – Weak Link in the Chain Internet Gateway LAN End Point • Security Focus has been on • Perimeter • End-point, i.e. PC/Laptop • With increasing usage of Laptops, Handheld devices & Wireless, the well defined Perimeter has dissolved • No focused, specific Security mechanisms for the LAN • Internal networks are flat, a good playground for Worms & Hackers. • Hard to manage thousands of internal users based on IP/MAC addresses and/or access level security at App Servers LAN Security Should be @ LAN Speeds 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 11
  12. 12. Forrester View • The Problem: Managing all endpoint risks to the network • Proactive Endpoint Risk Management (PERM)*: – Policy-based technology – Identity-based enforcement – Integrated security services • Endpoint verification • Identity-based Access control • Threat prevention • Monitoring and reporting • “PERM goes beyond NAC’s limited endpoint policy view”*. * Source: Forrester Research, Client 2.0, March, 2007, Robert Whiteley and Natalie Lambert 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 12
  13. 13. Comprehensive LAN Security Solution 10/21/2009 © 2005 Nevis Networks – Proprietary and Confidential 13
  14. 14. It’s All About Knowing… • Who is on your network? • Where are they going? • Can you control their behavior? • What traffic are they sending? • What are they doing? • What would you like to do? 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 14
  15. 15. Characteristics of Comprehensive LAN Security Solution • Comprehensive LAN Security – Involves Endpoint Authentication, compliance checks ensuring valid users with clean endpoints can access certain resources on the network – Blocking or quarantining the user if any intended or unintended malicious activity detected – Notifying admin of any deviations to organizational policies or malicious activities enabling auditing, drill down and forensic analysis – Control endpoints connected to managed switches restricting malicious endpoint as close to the source as possible – Control compromised endpoints from infecting other endpoints connected to unmanaged switches – Gives a complete view of the network health to the admin – Encompasses security right from the endpoint, user identity, network access privileges/control, audit capability and blocking malicious traffic – Ensures high network uptime, clean networks without any malicious or unwanted traffic and improve network bandwidth utilization 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 15
  16. 16. An Integrated Policy Approach Threat Network Application NAC Prevention Traffic Use Visibility Controls Identity-based Enforcement 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 16
  17. 17. The Identity-Aware Network Mission-critical Applications Subset of Applications Guest Network Contractors Partners Employees Guests 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 17
  18. 18. Multi-layer Defense Model •Unauthorized access •Plundering system for data •Reconnaissance and Scanning •Worm and Viruses •BOTs Endpoint integrity System Firewall/ Access Control Signature Detection •Spyware Protocol Anomaly Traffic Anomaly L2 Security •Backdoors and RATs •Anomalous traffic •Remote Execution •Detect Pswd Cracking •Denial of service •Bandwidth consumption •MAC spoofing •ARP spoofing 18 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 10/21/2009 18
  19. 19. Comprehensive Security – Integrated Perimeter, LAN & End point security VPN IDS IDS Router Internet Edge Firewall Firewall Enterprise Servers Departmental Firewall Distribution Workgroup Servers Network access control Wireless Security Gateway Access Wireless Access Point Extended Perimeter Secured Workgroup Desktops Laptop Wireless Users 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 19
  20. 20. One Stop Comprehensive LAN Security Status 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 20
  21. 21. Thank You 10/21/2009 © 2006 Nevis Networks – Proprietary and Confidential 21

×