The document discusses various topics related to information security including security audits, application security testing, secure software development lifecycles, identity management, network security assessments, security design, vulnerability analysis, remediation recommendations, penetration testing, compliance testing, and security trainings. It also discusses motives for security incidents, system incident management, security monitoring tools, data leakage prevention, exfiltration threats, deep session inspection, social network risk mitigation, public key infrastructure systems, and port-based authentication. The presentation is in Polish and concludes by thanking the audience.

1. Rational Unified Process
Bezpieczeństwo
in Action
Data Center
Szymon Dowgwiłłowicz-Nowicki
Styczeń 2012 roku

2. Bezpieczeństwo informatyczne
 Audyty bezpieczeństwa
 Testy bezpieczeństwa aplikacji
 Bezpieczny Cykl Rozwoju
Oprogramowania (SDL)
 Zarządzanie tożsamością
 Badanie zabezpieczeń sieci
 Projektowanie zabezpieczeń
 Analiza podatności zabezpieczeń
 Rekomendacje naprawcze
 Pen-Testing
 Badanie zgodności
 Coaching / Szkolenia
2

3. Motywy kryjące się za incydentami bezp.
Source: Breach/WASC 2007 Web Hacking Incident Annual Report

4. Data Center Security
System Incident Management
Q1Radar/INVEA-TECH

5. Juniper STRM / IBM Q1Labs QRadar Architecture
 STRM – Real time network &
security visibility
 Data collection provides
network, security, application,
and identity awareness
 Embedded intelligence &
analytics simplifies security
operations
 Prioritized “offenses”
separates the wheat from the
chafe
 Solution enables effective
Threat, Compliance & Log
Management

6. Unrivalled Data & log Management Log
Management
• Networking events
– Switches & routers, including flow data
• Security logs Compliance Forensics Policy
– Firewalls, IDS, IPS, VPNs, Vulnerability Scanners, Gateway Templates Search Reporting
AV, Desktop AV, & UTM devices
• Operating Systems/Host logs
– Microsoft, Unix and Linux
• Applications
– Database, mail & web
• User and asset
– Authentication data
• Support for leading vendors including:
– Networking: Juniper,Cisco, Extreme, Nokia, F5, 3Com,
TopLayer and others
– Security: Juniper, Bluecoat, Checkpoint, Fortinet, ISS,
McAfee,Snort, SonicWall, Sourcefire, Secure Computing,
Symantec, and others
– Network flow: NetFlow, JFlow, Packeteer FDR, & SFlow
– Operating systems: Microsoft, AIX, HP-UX, Linux (RedHat,
SuSe), SunOS, and others
– Applications: Oracle, MS SQL, MS IIS, MS AD, MS Exchange,
and others
• Security map utilities:
– Maxmine (provides geographies)
– Shadownet
– Botnet
• Customization logs through generic Device
Support Module (DSM) Adaptive Logging Exporter

7. Q1Radar Key Value Proposition
Threat Detection:
Detect New
Threats That Others Miss
Log Management:
Right Threats at the Right
Time
Compliance:
Compliance and Policy
Safety Net
Enterprise
Value
Complements
Juniper’s Enterprise
Juniper’s STRM Mgmt Portfolio
Appliance

8. INVEA-Tech: FlowMon

9. INVEA-Tech: Lawful Intercept

10. DLP – Data Leakage Protection
Fidelis Security

11. Exfiltration
• Business Partners
• Webmail
Leakage
• Social Networking
Uneducated User
• Cloud
Theft
• Nation States
Malicious Insider
• Organized Non-State
Actors (e.g., Terrorist
groups)
Exfiltration • Organized Crime
External Threat Actors • Advanced Persistent
Threats

12. Fidelis XPS Products

13. ®
The Secret Sauce: Deep Session Inspection
• Total visibility and control over inbound and outbound network traffic
• Deep, session-level application, payload and content decoding and analysis
• Flexible, multi-level policy engine with multiple real-time enforcement options
(visualize, alert, prevent, etc)
• Scalable up to multiple Gbps of analyzed throughput in a single device

14. Fidelis SSL Inspector Solution
• Identifies and decrypts all SSL/TLS encrypted traffic
– Based on SSL/TLS handshake detection, not on TCP port (port-independent)
– Decrypts everything over SSL (HTTP, POP3, SMTP….) – not just HTTPS
• Forwards ALL traffic (SSL and non-SSL) to XPS for analysis
• Completely transparent to endpoints at the IP, TCP and HTTP levels
– Don’t need to configure endpoints to “point at” it – it’s an SSL proxy, not an HTTP proxy
– Just need to install an endpoint-trusted CA certificate on the SSL Inspector
• Scales up to 1 Gbps in a single device

15. Fidelis Extrusion Prevention System®―Fidelis XPS™
Comprehensive Information Protection
• Content protection
• Application activity control
• Encryption policy enforcement
• Threat mitigation
Deep Session Inspection™ Platform
• Comprehensive visibility into content
and applications
• Prevention on all 65,535 ports The Power to Prevent:
• Wire-speed performance It’s the Next Generation
Network Appliance
• Fast to deploy = quick time-to-value
• Easy to manage
• Enables zones of control

16. Policy Engine: Power of Context
•In addition to pre-built policies, customer-specific policies can
easily be built using Fidelis XPS’ powerful policy engine.
• Policy = group of one or more rules
• Rule = logical combination of one
or more triggers delivers context
Trigger > Content Trigger > Location Trigger > Channel
Sensitive information defined Sender and recipient Details about the
in content information information flow
analyzers
1. Smart Identity Profiling 1.source IP address 1.Application / protocol
2. Keyword 2.destination IP address (port -independent)
3. Keyword Sequence 3.Geographical Data–the country in 2.Application-specific Attributes
4. Regular Expressions which the IP address is registered (e.g., user, e-mail address, subject,
5. Binary Signatures 4.Username filename, URL, encrypted, cipher,
6. Encrypted Files 5.LDAP directory attributes and many more)
7. File Names 3.Port (Source / Destination)
8. Exact File Matching 4.Session length / size
9. Partial Document Matching 5.Day of week / Time of day
10.Embedded Images 6.Session duration
7.Decoding path

17. Social Network whilst Mitigating Risk
• Technical and Business Controls
• Ensure employees code-of-conduct policies covers social networking
– Who can speak on behalf of the company
– What can employees use social network for
• Train employees on roles and risks of social networking
• Create official profiles for corporate executives
– Even if they will not actually be used
– Request sites block executives account
• Implement technical controls that address how social network is used
• Social Networking is here to stay
– Security Policy needs to address how it is used
17

18. Fidelis XPS: Risk assessment in vivo
• 88 suspects culled out of >150,000 transactions in a 24
hour period.
Price list trawling in password-
protected areas
PII over FTP in clear text
File transfers of confidential office
documents using MSN Messenger.

19. Public Key Infrastructure
Nexus Security

20. Nexus PKI – System Overview

21. Nexus - PortWise Authentication Suite

22. Nexus IT Security - Corporate Environment

23. Nexus PKI – System Overview

24. Dziękuję za uwagę
Szymon Dowgwiłłowicz-Nowicki
sdow@premiumtechnology.pl
601.890.080
Copyright © 2011 Premium Technology Sp. z o.o. All rights reserved.