Your SlideShare is downloading. ×
2012 Data Center Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

2012 Data Center Security

530
views

Published on

Data Center …

Data Center
System Incident Management
Data Leakage Protection
Public Key Infrastructure

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
530
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Rational Unified Process Bezpieczeństwo in Action Data Center Szymon Dowgwiłłowicz-Nowicki Styczeń 2012 roku
  • 2. Bezpieczeństwo informatyczne  Audyty bezpieczeństwa  Testy bezpieczeństwa aplikacji  Bezpieczny Cykl Rozwoju Oprogramowania (SDL)  Zarządzanie tożsamością  Badanie zabezpieczeń sieci  Projektowanie zabezpieczeń  Analiza podatności zabezpieczeń  Rekomendacje naprawcze  Pen-Testing  Badanie zgodności  Coaching / Szkolenia2
  • 3. Motywy kryjące się za incydentami bezp. Source: Breach/WASC 2007 Web Hacking Incident Annual Report
  • 4. Data Center SecuritySystem Incident Management Q1Radar/INVEA-TECH
  • 5. Juniper STRM / IBM Q1Labs QRadar Architecture  STRM – Real time network & security visibility  Data collection provides network, security, application, and identity awareness  Embedded intelligence & analytics simplifies security operations  Prioritized “offenses” separates the wheat from the chafe  Solution enables effective Threat, Compliance & Log Management
  • 6. Unrivalled Data & log Management Log Management• Networking events – Switches & routers, including flow data• Security logs Compliance Forensics Policy – Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway Templates Search Reporting AV, Desktop AV, & UTM devices• Operating Systems/Host logs – Microsoft, Unix and Linux• Applications – Database, mail & web• User and asset – Authentication data• Support for leading vendors including: – Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com, TopLayer and others – Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS, McAfee,Snort, SonicWall, Sourcefire, Secure Computing, Symantec, and others – Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow – Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat, SuSe), SunOS, and others – Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange, and others• Security map utilities: – Maxmine (provides geographies) – Shadownet – Botnet• Customization logs through generic Device Support Module (DSM) Adaptive Logging Exporter
  • 7. Q1Radar Key Value Proposition Threat Detection: Detect New Threats That Others Miss Log Management: Right Threats at the Right Time Compliance: Compliance and Policy Safety Net Enterprise Value Complements Juniper’s Enterprise Juniper’s STRM Mgmt Portfolio Appliance
  • 8. INVEA-Tech: FlowMon
  • 9. INVEA-Tech: Lawful Intercept
  • 10. DLP – Data Leakage Protection Fidelis Security
  • 11. Exfiltration • Business Partners • Webmail Leakage • Social Networking Uneducated User • Cloud Theft • Nation States Malicious Insider • Organized Non-State Actors (e.g., Terrorist groups) Exfiltration • Organized Crime External Threat Actors • Advanced Persistent Threats
  • 12. Fidelis XPS Products
  • 13. ®The Secret Sauce: Deep Session Inspection • Total visibility and control over inbound and outbound network traffic • Deep, session-level application, payload and content decoding and analysis • Flexible, multi-level policy engine with multiple real-time enforcement options (visualize, alert, prevent, etc) • Scalable up to multiple Gbps of analyzed throughput in a single device
  • 14. Fidelis SSL Inspector Solution • Identifies and decrypts all SSL/TLS encrypted traffic – Based on SSL/TLS handshake detection, not on TCP port (port-independent) – Decrypts everything over SSL (HTTP, POP3, SMTP….) – not just HTTPS • Forwards ALL traffic (SSL and non-SSL) to XPS for analysis • Completely transparent to endpoints at the IP, TCP and HTTP levels – Don’t need to configure endpoints to “point at” it – it’s an SSL proxy, not an HTTP proxy – Just need to install an endpoint-trusted CA certificate on the SSL Inspector • Scales up to 1 Gbps in a single device
  • 15. Fidelis Extrusion Prevention System®―Fidelis XPS™ Comprehensive Information Protection • Content protection • Application activity control • Encryption policy enforcement • Threat mitigation Deep Session Inspection™ Platform • Comprehensive visibility into content and applications • Prevention on all 65,535 ports The Power to Prevent: • Wire-speed performance It’s the Next Generation Network Appliance • Fast to deploy = quick time-to-value • Easy to manage • Enables zones of control
  • 16. Policy Engine: Power of Context •In addition to pre-built policies, customer-specific policies can easily be built using Fidelis XPS’ powerful policy engine. • Policy = group of one or more rules • Rule = logical combination of one or more triggers delivers context Trigger > Content Trigger > Location Trigger > Channel Sensitive information defined Sender and recipient Details about the in content information information flow analyzers 1. Smart Identity Profiling 1.source IP address 1.Application / protocol 2. Keyword 2.destination IP address (port -independent) 3. Keyword Sequence 3.Geographical Data–the country in 2.Application-specific Attributes 4. Regular Expressions which the IP address is registered (e.g., user, e-mail address, subject, 5. Binary Signatures 4.Username filename, URL, encrypted, cipher, 6. Encrypted Files 5.LDAP directory attributes and many more) 7. File Names 3.Port (Source / Destination) 8. Exact File Matching 4.Session length / size 9. Partial Document Matching 5.Day of week / Time of day 10.Embedded Images 6.Session duration 7.Decoding path
  • 17. Social Network whilst Mitigating Risk • Technical and Business Controls • Ensure employees code-of-conduct policies covers social networking – Who can speak on behalf of the company – What can employees use social network for • Train employees on roles and risks of social networking • Create official profiles for corporate executives – Even if they will not actually be used – Request sites block executives account • Implement technical controls that address how social network is used • Social Networking is here to stay – Security Policy needs to address how it is used 17
  • 18. Fidelis XPS: Risk assessment in vivo • 88 suspects culled out of >150,000 transactions in a 24 hour period. Price list trawling in password- protected areas PII over FTP in clear text File transfers of confidential office documents using MSN Messenger.
  • 19. Public Key Infrastructure Nexus Security
  • 20. Nexus PKI – System Overview
  • 21. Nexus - PortWise Authentication Suite
  • 22. Nexus IT Security - Corporate Environment
  • 23. Nexus PKI – System Overview
  • 24. Dziękuję za uwagę Szymon Dowgwiłłowicz-Nowicki sdow@premiumtechnology.pl 601.890.080Copyright © 2011 Premium Technology Sp. z o.o. All rights reserved.