Network security practice: then and now
•Download as PPTX, PDF•
0 likes•292 views
This the deck for a guest lecture that I am giving in 11/15 for a computer security class at Fontbonne University
Recommended
More Related Content
More from David Strom
More from David Strom (20)
Recently uploaded
Recently uploaded (20)
Network security practice: then and now
- 1. Network Security for the new era David Strom Erica Wilson/Fontebonne Univ. 11/2015 Download these slides here: http://slideshare.net/davidstrom
- 2. Editorial management positions: My background
- 3. Agenda • Old school net sec (firewalls, UTMs) • What is changing: the center is no more! • How to protect apps at the source: – BYOD/MDM – Single sign-on – VM hypervisors
- 8. Then we moved to UTMs
- 11. But networks have no perimeter anymore
- 24. Thanks for your time! Go to http://sldieshare.net/davidstrom to download these slides
Editor's Notes
- My name is David Strom and I have been covering enterprise technology for more than 25 years, starting out in IT and end user computing back in the early 1980s when PCs were first coming into companies. I then moved into tech journalism and you can see here some of the places that I have written for including the New York Times and various TechTarget properties. I have also written two books on computer networking and built dozens of technical websites as well.
- ADSM threat management console
- Cisco ASA firewall Facebook access policies
- Fortinet UTM has prettied up its reporting feature, showing you which apps are consuming what particular bandwidth.
- Dell / Sonicwall UTM has various filters for fighting botnets and to set up specific geo-location rules.
- Blackberry MDM tool
- MDM policy
- On the left you see some of the MDM settings which is as capable as a full-blown MDM product. On the right is the properties sheet for how you configure its AD connector, which is where Centrify had its origins.Centrify has been around the AD space for several years and its integration is fairly seamless. Once you download the connector and install it on your Windows Server, there isn’t much to do. You can set up an active/active redundant support for a second AD server by just installing a second or third connector: these take care of doing the load balancing of AD authentication requests and automatically failover if there is some connection issue. It supports Windows Servers since the 64-bit 2003 vintage. It also supports Integrated Windows Authentications so you can sign into your local Windows desktops and apps.
- Dome9 complements AWS’ security groups and sets up firewall policies between them.
- Catbird has these options for vulnerability scanning. The top right screen shot shows you how to create the scans.
- Ping has been in the identity management space for many years and has some of the largest customers around the world, including doing Walmart’s SSO. When they began they were mostly an on-premises solution with their PingFederate product but recently they have focused on the cloud and offer a series of related products including their cloud-based PingOne, their web access tool PingAccess and their OTP soft token generator PingID. They also have a mobile app where you can access your portal page too. While that is a lot of different software bits to keep track of, it is how they can be flexible in supporting lots of different circumstances. Ping would be a stronger product if they would consolidate some of their various features and focus on the cloud as a primary delivery vehicle. If that isn’t important to you, or if you have complex federation needs, then you should give them more consideration and you will probably end up with using their on-premises Ping Federate. Ping provides these instructions on how to integrate a typical app with its SSO routines. Pricing starts at $2 per user per month for PingOne.
- These are the OneLogin MFA additional authentication factors that you can add to your SSO loigns.
- Unisys developed its Stealth product back 10 years ago as part of a DoD project, and last year began selling it commercially. each packet is encrypted with AES256, then split into three separate pieces and dispersed across the network, destined for a particular group of users that have to be running its protocols. The main piece of software to configure Stealth is used to create various virtual “communities of interest.” This ties two or more PCs together across the network in such a way that they can only communicate with each other. No one else can join in, and no one else can intercept this traffic.