Powerful Start- the Key to Project Success, Barbara Laskowska
Network Security - Defense Through Layered Information Security
1. Presented for iFest UHAMKA, March 24th 2018
Network Security
Defense through Layered Information Security
Eryk Budi Pratama
Senior Consultant
PwC Indonesia
March 24th, 2018
7. Biggest Cyber Attacks 2017
Source: https://www.wired.com/story/2017-biggest-hacks-so-far/
Shadow Brokers first surfaced in
August 2016, claiming to have
breached the spy tools of the
elite NSA-linked operation known
as the Equation Group.
Shadow Brokers
WikiLeaks published a data trove
containing 8,761 documents
allegedly stolen from the CIA
containing spying operations and
hacking tools.
Wikileaks CIA Vault 7
Cloudflare announced that a bug
in its platform caused random
leakage of potentially sensitive
customer data.
Cloudbleed
WannaCry's reach came in part
thanks to one of the leaked
Shadow Brokers Windows
vulnerabilities, EternalBlue.
WannaCry (Ransomware)
The ransomware hit Ukrainian
infrastructure particularly hard,
disrupting utilities like power
companies, airports, public
transit, and the central bank
Petya/NotPetya
Hackers dumped a 9GB trove of
leaked emails of Emmanuel
Macron (French President)
Macron Campaign Hack
14. Defense in Depth
Information Security Protection for each Layer
Policies, Procedure, Awareness
Physical Security
Host Security
Data Security
Application & Data
Patch Management
Intrusion Prevention
Malware Prevention
Host-Based Firewall
Server Hardening
Internal Network
Perimeter Security
Strong passwords, file ACLs
Endpoint security and secure
communication path (TLS, IPSec)
Security update management
Zero-day attack protection
Anti-malware updates
Inbound TCP/IP port control
OS hardening, authentication, auditing
Network segments, Network IDS
Firewall, ACL configured router, VPNs
Guards, locks, access control
Security policies, procedures, education
Network Security in Layers
Advanced Threat Protection
Intrusion Detection/Prevention System
Web Security
Email Security
Forensics Analysis
Data Loss Prevention
Next Generation Firewall
Security Incident and Event Monitoring
15. Defense in Breadth
Information Security Protection for each Layer
Policies, Procedure, Awareness
Physical Security
Host Security
Data Security
Application & Data
Patch Management
Intrusion Prevention
Malware Prevention
Host-Based Firewall
Server Hardening
Internal Network
Perimeter Security
Multiple protection for
each layer
Covering multiple
attack surface
Automation
Network Security in Layers
Advanced Threat Protection
Intrusion Detection/Prevention System
Web Security
Email Security
Forensics Analysis
Data Loss Prevention
Next Generation Firewall
Security Incident and Event Monitoring
17. Traditional vs NexGen
Traditional vs Next Generation Firewall
Traditional Firewall
V
V
DNS
BitTorrent
DNS
BitTorrent
Firewall Rule: Allow Port 53
Packet on Port 53 : Allow
Packet on Port 53 : Allow
Visibility : Port 53 Allowed
Traditional Firewall
V
X
DNS
BitTorrent
DNS
Firewall Rule: Allow DNS
DNS = DNS : Allow
BitTorent : DENY
Visibility : BitTorent detected and blocked
18. Traditional vs NexGen
Side by side comparison
Traditional Firewall Next-Generation Firewall
Relies on common application ports to determine the
applications that are running and the types of attacks to monitor
.
Provide application “awareness”, which makes security policy
more granular. This combined with deep packet inspection,
provides a better platform to deal with new emerging threats.
Most traditional firewalls check over each packet individually
and are not able to discern the “flow” of traffic.
Uses “stateful inspection” and extends monitoring of the state of
the “flow” to the full range of layers (layer 2-7), including
inspection of applications.
Able to control the traffic that is allowed to enter or exit a point
within the network.
Examine bi-directional traffic simultaneously and across all p
rotocols, including encrypted SSL sessions, and ports without
any file size restriction.
Track the identity of the local traffic device and user.
Intrusion Detection/Prevention System is deployed separately
or on an appliance that is separate with a single appliance.
IPS or IDS appliance is fully integrated, which allows for
improved performance and greater accessibility to information
from all layers of the traffic
Support Network Address Translation (NAT), Port Address
Translation (PAT), and VPN termination.
Extends the traditional functionality of NAT, PAT, and VPN
support, to include transparent and routed mode operation, as
well as, integration with new threat management technologies
such as “sandboxing”