Your SlideShare is downloading. ×
2012 Data Center Security
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

2012 Data Center Security


Published on

Data Center …

Data Center
System Incident Management
Data Leakage Protection
Public Key Infrastructure

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Rational Unified Process Bezpieczeństwo in Action Data Center Szymon Dowgwiłłowicz-Nowicki Styczeń 2012 roku
  • 2. Bezpieczeństwo informatyczne  Audyty bezpieczeństwa  Testy bezpieczeństwa aplikacji  Bezpieczny Cykl Rozwoju Oprogramowania (SDL)  Zarządzanie tożsamością  Badanie zabezpieczeń sieci  Projektowanie zabezpieczeń  Analiza podatności zabezpieczeń  Rekomendacje naprawcze  Pen-Testing  Badanie zgodności  Coaching / Szkolenia2
  • 3. Motywy kryjące się za incydentami bezp. Source: Breach/WASC 2007 Web Hacking Incident Annual Report
  • 4. Data Center SecuritySystem Incident Management Q1Radar/INVEA-TECH
  • 5. Juniper STRM / IBM Q1Labs QRadar Architecture  STRM – Real time network & security visibility  Data collection provides network, security, application, and identity awareness  Embedded intelligence & analytics simplifies security operations  Prioritized “offenses” separates the wheat from the chafe  Solution enables effective Threat, Compliance & Log Management
  • 6. Unrivalled Data & log Management Log Management• Networking events – Switches & routers, including flow data• Security logs Compliance Forensics Policy – Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway Templates Search Reporting AV, Desktop AV, & UTM devices• Operating Systems/Host logs – Microsoft, Unix and Linux• Applications – Database, mail & web• User and asset – Authentication data• Support for leading vendors including: – Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com, TopLayer and others – Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS, McAfee,Snort, SonicWall, Sourcefire, Secure Computing, Symantec, and others – Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow – Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat, SuSe), SunOS, and others – Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange, and others• Security map utilities: – Maxmine (provides geographies) – Shadownet – Botnet• Customization logs through generic Device Support Module (DSM) Adaptive Logging Exporter
  • 7. Q1Radar Key Value Proposition Threat Detection: Detect New Threats That Others Miss Log Management: Right Threats at the Right Time Compliance: Compliance and Policy Safety Net Enterprise Value Complements Juniper’s Enterprise Juniper’s STRM Mgmt Portfolio Appliance
  • 8. INVEA-Tech: FlowMon
  • 9. INVEA-Tech: Lawful Intercept
  • 10. DLP – Data Leakage Protection Fidelis Security
  • 11. Exfiltration • Business Partners • Webmail Leakage • Social Networking Uneducated User • Cloud Theft • Nation States Malicious Insider • Organized Non-State Actors (e.g., Terrorist groups) Exfiltration • Organized Crime External Threat Actors • Advanced Persistent Threats
  • 12. Fidelis XPS Products
  • 13. ®The Secret Sauce: Deep Session Inspection • Total visibility and control over inbound and outbound network traffic • Deep, session-level application, payload and content decoding and analysis • Flexible, multi-level policy engine with multiple real-time enforcement options (visualize, alert, prevent, etc) • Scalable up to multiple Gbps of analyzed throughput in a single device
  • 14. Fidelis SSL Inspector Solution • Identifies and decrypts all SSL/TLS encrypted traffic – Based on SSL/TLS handshake detection, not on TCP port (port-independent) – Decrypts everything over SSL (HTTP, POP3, SMTP….) – not just HTTPS • Forwards ALL traffic (SSL and non-SSL) to XPS for analysis • Completely transparent to endpoints at the IP, TCP and HTTP levels – Don’t need to configure endpoints to “point at” it – it’s an SSL proxy, not an HTTP proxy – Just need to install an endpoint-trusted CA certificate on the SSL Inspector • Scales up to 1 Gbps in a single device
  • 15. Fidelis Extrusion Prevention System®―Fidelis XPS™ Comprehensive Information Protection • Content protection • Application activity control • Encryption policy enforcement • Threat mitigation Deep Session Inspection™ Platform • Comprehensive visibility into content and applications • Prevention on all 65,535 ports The Power to Prevent: • Wire-speed performance It’s the Next Generation Network Appliance • Fast to deploy = quick time-to-value • Easy to manage • Enables zones of control
  • 16. Policy Engine: Power of Context •In addition to pre-built policies, customer-specific policies can easily be built using Fidelis XPS’ powerful policy engine. • Policy = group of one or more rules • Rule = logical combination of one or more triggers delivers context Trigger > Content Trigger > Location Trigger > Channel Sensitive information defined Sender and recipient Details about the in content information information flow analyzers 1. Smart Identity Profiling 1.source IP address 1.Application / protocol 2. Keyword 2.destination IP address (port -independent) 3. Keyword Sequence 3.Geographical Data–the country in 2.Application-specific Attributes 4. Regular Expressions which the IP address is registered (e.g., user, e-mail address, subject, 5. Binary Signatures 4.Username filename, URL, encrypted, cipher, 6. Encrypted Files 5.LDAP directory attributes and many more) 7. File Names 3.Port (Source / Destination) 8. Exact File Matching 4.Session length / size 9. Partial Document Matching 5.Day of week / Time of day 10.Embedded Images 6.Session duration 7.Decoding path
  • 17. Social Network whilst Mitigating Risk • Technical and Business Controls • Ensure employees code-of-conduct policies covers social networking – Who can speak on behalf of the company – What can employees use social network for • Train employees on roles and risks of social networking • Create official profiles for corporate executives – Even if they will not actually be used – Request sites block executives account • Implement technical controls that address how social network is used • Social Networking is here to stay – Security Policy needs to address how it is used 17
  • 18. Fidelis XPS: Risk assessment in vivo • 88 suspects culled out of >150,000 transactions in a 24 hour period. Price list trawling in password- protected areas PII over FTP in clear text File transfers of confidential office documents using MSN Messenger.
  • 19. Public Key Infrastructure Nexus Security
  • 20. Nexus PKI – System Overview
  • 21. Nexus - PortWise Authentication Suite
  • 22. Nexus IT Security - Corporate Environment
  • 23. Nexus PKI – System Overview
  • 24. Dziękuję za uwagę Szymon Dowgwiłłowicz-Nowicki 601.890.080Copyright © 2011 Premium Technology Sp. z o.o. All rights reserved.