Your SlideShare is downloading. ×
QTS: VPN Conclusion
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

QTS: VPN Conclusion

1,873
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,873
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.
    • Fundamentals of Internet Security
    • VPN Conclusion
    • Presented by Neil A. Rosenberg
    • President & CEO
    • Quality Technology Solutions, Inc.
  • 2. What is Computer Security?
    • Intrusion Detection/Response?
    • Confidentiality Protection & Encryption?
    • Single Sign-On?
    • Network & Firewall Configuration?
    • Training & Awareness?
    • Secure Email?
    • Virus Protection?
    • Access Control?
    • Electronic Records Management?
    • eBusiness?
    • Remote Access?
    • Virtual Private Networks?
    • Certificate Management?
    • Identification & Authentication?
    • Packet Filters?
    • Vulnerability Reduction?
    • Disaster Recovery?
    • Denial of Service Attacks?
    • Risk Assessment?
    • Quality of Service?
    • Network Directory Service?
    • Audits/Reviews?
    • Policy-Based Management?
    • Secure Messaging and Collaboration?
    • Authentication & Digital Identity
  • 3. Network IDS Content Management MultiFactor Authentication Single Sign-On Penetration & Attack Testing Security Audit Desktop IDS Host IDS Directory & LDAP Malicious Code Antivirus Security Policy FIREWALL VPN Strong Authentication Digital Certificates
  • 4. Security is a Complete System, not a product Requires objectives and clear focus
  • 5. Firewall
    • Control inbound and outbound access
    • Log traffic
    • Deter and block attacks
    • Generate alarms
  • 6. Intrusion Detection
    • Hackers
    • Crackers
    • Denial of Service, DDOS attacks
      • Protection versus Internal & External Attacks and Threats
  • 7. VPN
    • Authentication
    • Encryption
    • Client to Site
    • Site to Site
    • Extranet
  • 8. Authentication & Identity
    • Passwords
    • Tokens
    • Biometrics & Multifactor Authentication
    • Digital Certificates
    • SSL
    • Directories & LDAP
    • Single Sign-On
  • 9. Bandwidth Management
    • Control prioritization of data through the pipe
    • Assess needs for additional bandwidth
    • Track and Enforce SLAs
  • 10. Content Management
    • Viruses
    • Vandals (Java, ActiveX)
    • Worms
    • Trojan Horses
    • Scripts
  • 11. VPN & Authentication Best Practices
  • 12. Define Business Objectives
    • Define Remote Access Needs – specifically
    • Define key applications and data access
    • Define Goals – cost reduction? user empowerment?
  • 13. Management
    • Get buy-in on objectives
    • Get input on security versus access trade-off, in advance – “on a scale of 1-10, with 1 being most access, least secure, and 10 being minimal access, most secure, where should we be?”
    • Develop & get sign-off on security policy
  • 14. Keep It Simple
    • Centralize Management
    • Integrate Directories & Authentication – Leverage Your Directory!
    • Seamless User Experience
    • Minimize client side deployment of software (intrusiveness, licensing fees)
  • 15. Leverage the Directory!
    • LDAP
    • RADIUS
    • Manage one set of passwords – please!
  • 16. Client Side Setup
    • Use Personal Firewall to defend at all vulnerability points, and lock down if not
    • Standardize client install process (cookbook) and deploy with CD/diskettes with all required files (or from web server)
    • Schedule Installation Appointments to proactively manage client PC setup issues
  • 17. General Issues
    • Ensure private addresses are non-conflicting
    • Control synchronization (Domain, etc.) and similar traffic over low bandwidth lines
    • Implement bandwidth management
    • “ Don’t span the WAN” – design similarly
    • Centralize Management of VPN, remote resources
    • Use NFuse and RSA ACE Server for browser based authentication & access from non-VPN (Internet terminals)
  • 18. Authentication
    • Define and enforce password rules and changes
    • Implement single sign-on solution to minimize passwords users need to track – each one is a vulnerability
    • Implement Strong Authentication (token, certificate, smart card, biometrics) or Graded, Multifactor Authentication
  • 19. Web Server Security
    • Lock Down IIS – numerous TIDs, or have us audit
    • Use SSL to encrypt
    • If eCommerce, purchase Digital Certificates from a trusted CA
    • Only open necessary comm ports from web server(s) back to the internal network
  • 20. Secure Network Design
  • 21. Best Practice Network Security Implementation
    • Strong authentication for all users – not weak passwords!
    • Multi-layer security perimeters to restrict access
    • Intrusion Detection to analyze traffic in critical areas
    • VPNs to cost-effectively extend connectivity and ensure data privacy
    • Periodic network risk assessments
    • On-going policy development and training
    • Antivirus solution and strong email security & policy
  • 22. Next Steps
    • Do you have an information security plan for your business?
    • Has that plan been communicated, implemented and tested?
    • Do you have professional staff capable of managing and monitoring security?
    • Do you need outside help?
  • 23. For More Information
    • www.QTSnet.com/security
    • www.checkpoint.com
    • Xforce.iss.net
    • www.microsoft.com/security
    • www.novell.com/info/security
    • securityfocus.com
    • www.cert.org
    • www.sans.org
    • www.securityportal.com
    • razor.bindview.com
  • 24. Upcoming Events
    • Tuesday, Oct 23 rd – MetaFrame XP
    • Thursday, Nov 15 th – Fundamentals of Internet Security Part III – Bandwidth Management and Content Management (with Aladdin)
    • Tuesday, November 20 th – Introduction to PKI and Digital Certificates (with RSA)
  • 25. Questions & Answers Neil Rosenberg Quality Technology Solutions, Inc. 76 South Orange Avenue South Orange, NJ 07079 (973)761-5400 x230 Fax (973)761-1881 [email_address] www.QTSnet.com

×