Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2012 Data Center Security


Published on

Data Center
System Incident Management
Data Leakage Protection
Public Key Infrastructure

Published in: Technology
  • Be the first to comment

  • Be the first to like this

2012 Data Center Security

  1. 1. Rational Unified Process Bezpieczeństwo in Action Data Center Szymon Dowgwiłłowicz-Nowicki Styczeń 2012 roku
  2. 2. Bezpieczeństwo informatyczne  Audyty bezpieczeństwa  Testy bezpieczeństwa aplikacji  Bezpieczny Cykl Rozwoju Oprogramowania (SDL)  Zarządzanie tożsamością  Badanie zabezpieczeń sieci  Projektowanie zabezpieczeń  Analiza podatności zabezpieczeń  Rekomendacje naprawcze  Pen-Testing  Badanie zgodności  Coaching / Szkolenia2
  3. 3. Motywy kryjące się za incydentami bezp. Source: Breach/WASC 2007 Web Hacking Incident Annual Report
  4. 4. Data Center SecuritySystem Incident Management Q1Radar/INVEA-TECH
  5. 5. Juniper STRM / IBM Q1Labs QRadar Architecture  STRM – Real time network & security visibility  Data collection provides network, security, application, and identity awareness  Embedded intelligence & analytics simplifies security operations  Prioritized “offenses” separates the wheat from the chafe  Solution enables effective Threat, Compliance & Log Management
  6. 6. Unrivalled Data & log Management Log Management• Networking events – Switches & routers, including flow data• Security logs Compliance Forensics Policy – Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway Templates Search Reporting AV, Desktop AV, & UTM devices• Operating Systems/Host logs – Microsoft, Unix and Linux• Applications – Database, mail & web• User and asset – Authentication data• Support for leading vendors including: – Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com, TopLayer and others – Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS, McAfee,Snort, SonicWall, Sourcefire, Secure Computing, Symantec, and others – Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow – Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat, SuSe), SunOS, and others – Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange, and others• Security map utilities: – Maxmine (provides geographies) – Shadownet – Botnet• Customization logs through generic Device Support Module (DSM) Adaptive Logging Exporter
  7. 7. Q1Radar Key Value Proposition Threat Detection: Detect New Threats That Others Miss Log Management: Right Threats at the Right Time Compliance: Compliance and Policy Safety Net Enterprise Value Complements Juniper’s Enterprise Juniper’s STRM Mgmt Portfolio Appliance
  8. 8. INVEA-Tech: FlowMon
  9. 9. INVEA-Tech: Lawful Intercept
  10. 10. DLP – Data Leakage Protection Fidelis Security
  11. 11. Exfiltration • Business Partners • Webmail Leakage • Social Networking Uneducated User • Cloud Theft • Nation States Malicious Insider • Organized Non-State Actors (e.g., Terrorist groups) Exfiltration • Organized Crime External Threat Actors • Advanced Persistent Threats
  12. 12. Fidelis XPS Products
  13. 13. ®The Secret Sauce: Deep Session Inspection • Total visibility and control over inbound and outbound network traffic • Deep, session-level application, payload and content decoding and analysis • Flexible, multi-level policy engine with multiple real-time enforcement options (visualize, alert, prevent, etc) • Scalable up to multiple Gbps of analyzed throughput in a single device
  14. 14. Fidelis SSL Inspector Solution • Identifies and decrypts all SSL/TLS encrypted traffic – Based on SSL/TLS handshake detection, not on TCP port (port-independent) – Decrypts everything over SSL (HTTP, POP3, SMTP….) – not just HTTPS • Forwards ALL traffic (SSL and non-SSL) to XPS for analysis • Completely transparent to endpoints at the IP, TCP and HTTP levels – Don’t need to configure endpoints to “point at” it – it’s an SSL proxy, not an HTTP proxy – Just need to install an endpoint-trusted CA certificate on the SSL Inspector • Scales up to 1 Gbps in a single device
  15. 15. Fidelis Extrusion Prevention System®―Fidelis XPS™ Comprehensive Information Protection • Content protection • Application activity control • Encryption policy enforcement • Threat mitigation Deep Session Inspection™ Platform • Comprehensive visibility into content and applications • Prevention on all 65,535 ports The Power to Prevent: • Wire-speed performance It’s the Next Generation Network Appliance • Fast to deploy = quick time-to-value • Easy to manage • Enables zones of control
  16. 16. Policy Engine: Power of Context •In addition to pre-built policies, customer-specific policies can easily be built using Fidelis XPS’ powerful policy engine. • Policy = group of one or more rules • Rule = logical combination of one or more triggers delivers context Trigger > Content Trigger > Location Trigger > Channel Sensitive information defined Sender and recipient Details about the in content information information flow analyzers 1. Smart Identity Profiling 1.source IP address 1.Application / protocol 2. Keyword 2.destination IP address (port -independent) 3. Keyword Sequence 3.Geographical Data–the country in 2.Application-specific Attributes 4. Regular Expressions which the IP address is registered (e.g., user, e-mail address, subject, 5. Binary Signatures 4.Username filename, URL, encrypted, cipher, 6. Encrypted Files 5.LDAP directory attributes and many more) 7. File Names 3.Port (Source / Destination) 8. Exact File Matching 4.Session length / size 9. Partial Document Matching 5.Day of week / Time of day 10.Embedded Images 6.Session duration 7.Decoding path
  17. 17. Social Network whilst Mitigating Risk • Technical and Business Controls • Ensure employees code-of-conduct policies covers social networking – Who can speak on behalf of the company – What can employees use social network for • Train employees on roles and risks of social networking • Create official profiles for corporate executives – Even if they will not actually be used – Request sites block executives account • Implement technical controls that address how social network is used • Social Networking is here to stay – Security Policy needs to address how it is used 17
  18. 18. Fidelis XPS: Risk assessment in vivo • 88 suspects culled out of >150,000 transactions in a 24 hour period. Price list trawling in password- protected areas PII over FTP in clear text File transfers of confidential office documents using MSN Messenger.
  19. 19. Public Key Infrastructure Nexus Security
  20. 20. Nexus PKI – System Overview
  21. 21. Nexus - PortWise Authentication Suite
  22. 22. Nexus IT Security - Corporate Environment
  23. 23. Nexus PKI – System Overview
  24. 24. Dziękuję za uwagę Szymon Dowgwiłłowicz-Nowicki 601.890.080Copyright © 2011 Premium Technology Sp. z o.o. All rights reserved.