Network Access Control, or NAC, solutions enhance network security by reducing the likelihood of unauthorized access and mitigating several threats and vulnerabilities. With a NAC, you can define and implement security policies that allow client machines access to network resources only when certain conditions are met.
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
Network Access Control, or NAC, solutions enhance network security by reducing the likelihood of unauthorized access and mitigating several threats and vulnerabilities. With a NAC, you can define and implement security policies that allow client machines access to network resources only when certain conditions are met.
PaloAlto Networks is world’s Cyber Security leader. Their technologies give 65,000 enterprise customers the power to
protect billions of people worldwide.
Cortex, Demisto & Prisma are the few flagship products to prevent attacks with industry-defining enterprise security platforms. Tightly integrated innovations, cloud delivered and easy to deploy and operate.
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
Running or planning on deploying a large ClearPass cluster? See what others are doing in larger environments to improve their deployments This session is designed to help customers that run the largest and most demanding networks learn how to deal with multiple locations, 100k+ endpoints, and strict SLA’s. Come to this session to discuss architecture for distributed deployments and how to better design your install for high performance, high availability needs. This is the one session where we’ll include the most experienced ClearPass team members for what will be a highly interactive session.
Cloud Security is critical to Data Security and Application Resilience against CyberAttacks. This talk looks at Security Best Practices that need to be practised.
This talk was presented at AWS Community Day Bengaluru 2019 by Amar Prusty, Cloud-Data Center Consultant Architect, DXC Technology
Along with the burgeoning Internet of Things comes a new reality: billions of invisible devices connected to private networks. These “shadow devices” enlarge your attack surface and, if left in the dark, expose your organization to malware propagation and theft of critical resources. Learn more: https://www.forescout.com/shining-light-shadow-devices/
SOC presentation- Building a Security Operations CenterMichael Nickle
Presentation I used to give on the topic of using a SIM/SIEM to unify the information stream flowing into the SOC. This piece of collateral was used to help close the largest SIEM deal (Product and services) that my employer achieved with this product line.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
Running or planning on deploying a large ClearPass cluster? See what others are doing in larger environments to improve their deployments This session is designed to help customers that run the largest and most demanding networks learn how to deal with multiple locations, 100k+ endpoints, and strict SLA’s. Come to this session to discuss architecture for distributed deployments and how to better design your install for high performance, high availability needs. This is the one session where we’ll include the most experienced ClearPass team members for what will be a highly interactive session.
Cloud Security is critical to Data Security and Application Resilience against CyberAttacks. This talk looks at Security Best Practices that need to be practised.
This talk was presented at AWS Community Day Bengaluru 2019 by Amar Prusty, Cloud-Data Center Consultant Architect, DXC Technology
Along with the burgeoning Internet of Things comes a new reality: billions of invisible devices connected to private networks. These “shadow devices” enlarge your attack surface and, if left in the dark, expose your organization to malware propagation and theft of critical resources. Learn more: https://www.forescout.com/shining-light-shadow-devices/
Network Access Control (NAC) can protect your network from insecure endpoints and enforce security policies. Yet deploying NAC can be a huge challenge. Does it make sense for your organization to take the plunge? Find out how to answer that question by understanding how open standards enable technology that helps ensure endpoint compliance with integrity policies at, and after, network connection.
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
Skybox Security joins SANS to address using a network model to gain insight into your attack surface and how to address SANS Critical Controls 10 and 11
Comparison Review Forticlient x Kaspersky.pdfImamBahrudin5
See this side-by-side comparison of FortiClient vs. Kaspersky Endpoint Security for Business based on preference data from user reviews. FortiClient rates 4.4/5 stars with 200 reviews. By contrast, Kaspersky Endpoint Security for Business rates 4.3/5 stars with 183 reviews. Each product's score is calculated with real-time data from verified user reviews, to help you make the best choice between these two options, and decide which one is best for your business needs.
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
A hybrid Architecture is one of the easiest ways to securely address new application requirements and cloud-first development initiatives. This approach allows you to start small and expand as your requirements change while maintaining a strong security posture. In this session, you will learn the 5 key steps to building a hybrid architecture using the VM-Series next-generation firewall.
Speaker: Bisham Kishnani, Consulting Engineer (APJC) – DataCenter & Virtualization, Palo Alto Networks
Why Its time to Upgrade a Next-Generation FirewallAli Kapucu
The bad guys keep getting better. They have found out advanced techniques that get
around our old defenses. Scanning for their signatures was enough for a while, but not
now. We can no longer just lock a few ports and feel safe at night. An application port can change everyday. These security bandits hijack IP addresses, hiding behind legitimate people to launch their attacks. Stopping them has gotten harder; our defenses have become more durable. Older enterprise firewalls and IPS are not enough anymore.
O Sophos XG Firewall traz uma nova abordagem na forma de gerenciar o seu firewall, responder às ameaças e monitorar o que acontece na sua rede. Prepare-se para um novo nível de simplicidade, segurança e percepção.
Piotr Kędra – network consultant. Since 2007 Piotr has been working as Systems Engineer in Polish entity of Juniper Networks. He is responsible for network solutions for enterprise sector and technical support for channel. Previously he work in Solidex and NextiraOne as presales enginner. He participated in number of audits and many projects in area of LAN, WAN and network security.
Topic of Presentation: The role of information in modern security systems
Language: Polish
Abstract: TBD
2. Why Do We Need NAC ?
NAC protects the network from
non-compliant or infected systems
Provides enforcement methods to
protect the network
Can perform pre- and post-admission
controls
Pre-admission: scanning for “health”
Post-admission: monitoring the
network and the traffic continuously
for threats
3. Three Generations of NAC
In 2004, Cisco launched
Network Admission Control
focused on Authentication
and health
Too complex and
expensive, required
upgrading of switches and
routers.
1
In 2005, Vendors
approached from their
strengths:
Cisco/Juniper introduced
appliances to simplify
deployment
Sophos/Symantec/McAfee
focused on Endpoint
Microsoft announced NAP
infrastructure
Third Generation (2008):
Unification of Compliance,
Security and Access Control
Unification of Network and
Endpoint Elements
2 3
Cisco is appliance oriented; Microsoft: server oriented; McAfee: endpoint & appliance oriented
4. What is NAC ?
Network Access Control (NAC) is an
extension to ePO 4.0
Provides network security by controlling
system access to network resources
Access is granted according to the
system’s “health” status
System’s “health” is assessed against a
set of defined compliance rules
5. NAC And Other Products
NAC works together with Microsoft NAP
(Network Access Protection) as well as
with McAfee NSP (Network Security
Platform), formerly IntruShield
In this case, NAC provides the “health”
statement, while enforcement is done
together with the other product
6. Managed vs. Un-managed Hosts
Managed Hosts (those having a
running McAfee agent) can be handled
by NAC (enforcing a policy through ePO)
Un-managed Hosts are detected but
they must be managed either by MS- NAP
or NSP (Network Security Platform,
IntruShield 5.1)
7. NAC & IntruShield
MNAC 3.1 combined with IntruShield
5.1 provides complete monitoring of
managed and un-managed system
McAfee will offer an appliance based
solution (NAC Appliance)
NAC appliance provides pre-admission
control for un-managed systems
IntruShield appliance provides
additional post-admission monitoring
8. 06/09/16
ToPS Advanced
Total Protection for Endpoint
Single Integrated Management
Console - ePO
Anti-Spyware
Host Intrusion Prevention
Desktop Firewall
Anti-Virus
Web Security
Policy Auditing
Network Access Control
Anti-Spam (Email server)
9. McAfee Network Access Control
3.1 Software
• Tightly integrated with Microsoft Network Access Protection (NAP) for
control of unmanaged systems
• Support for ePolicy Orchestrator 4.0
• Standards-based system health checks
– XCCDF and OVAL®
• The industry’s most advanced check library
• Creation of custom checks for system health policies
Key Features
10. Combined Network
IPS + NAC Solutions
McAfee Unified Secure Access Strategy:
Integrated Across Your Infrastructure
Endpoint
Security Solutions
NAC-only Appliance
Solutions
• Network Enforcement
• Full IPS Functionality
• Post and Pre-admission
Control
Network Security
Platform
• Cost Effective In-Line NAC
• Access Protection for
Unmanaged Endpoints
• Network-Class Platform
NAC Appliance
• Endpoint Health Assessment
• NAP Integrated
• Managed Endpoint Control
ToPS Advanced
11. 11
06/09/16
McAfee Network Security Platform with
NAC Add-on (formerly McAfee IntruShield)
• Combined IPS and NAC on same platform
• NAC software add-on deploys with simple upgrade
• Access Protection for Unmanaged Endpoints
• Built-in Host Quarantine
• Network-Class reliability and availability
• Identity-based access control
– Access based on organizational roles/users
– Integrates with Microsoft Active Directory
• Comprehensive post-admission control through:
– Application protocol
– Source/destination addresses
– Obtains endpoint health from MNAC
– IPS-detected malicious behavior
• NAC monitoring and reporting
– Reports on access logs (who, when, where) and
action taken
• Software Available on all I-Series Platforms
Security AND Performance.
No Compromise.
12. 12
06/09/16
McAfee Network Security Platform –
NAC Appliance*
• NAC functionality on Network-Class Appliance platform
• Access Protection for Unmanaged Endpoints
• Flexible deployment
– Deploying in DHCP-mode
– Inline behind a VPN or LAN
• Identity-based access control
– Access based on organizational roles/users
– Integrates with Microsoft Active Directory
• Comprehensive post-admission control through:
– Application protocol
– Source/destination addresses
– Obtains endpoint health from MNAC
• NAC monitoring and reporting
– Reports on access logs (who, when, where) and
action taken
Security AND Performance.
No Compromise.
*Available end 2008
13. Unified Secure Access Process
Scan for rogue devices, alert
and report
Step 2: Discover
Pre or Post Admission health
against policy is checked.
Malicious behavior monitored
Step 3: Enforce
Take action based on
outcome of policy check or
behavior
Step 4: Remediate
Monitor endpoint to ensure
ongoing compliance
Step 5: Monitor
Define health, machine/user
identity, application policy
Step 1: Policy
Editor's Notes
I am excited to be here with you to share the launch of a product that would reshaped McAfee and security management. If you are an ePO Admin, your work day would be forever changed and if your team own ePO, it would gain a new level of operational efficiency.
Lets talk about the 3 generations of NAC. The first generation started with Cisco in 2004, where they added NAC on switches. This was a method for Cisco to increase revenue by add capability to new switches to coax their customers to upgrade. The solution was very complex and very expensive.
The 2nd generation began when companies created NAC offerings based on their points of strength in the marketplace. So Cisco and Juniper created solutions based enforcement at the network, where companies strong at the endpoints like Sophos, Symantec and McAfee created solutions based on their strengths. And Microsoft create NAP which was server oriented. All these solutions solved part of the NAC problem, but the solutions had many holes and didn’t address the entire issue.
McAfee is moving to the 3rd generation, where integration and unification of the network and the endpoint solves the issues that the first 2 generations did not. The third generation also covers compliance issues, combining access control and security features.
McAfee Total Protection for Endpoint will provide you strong security that enables you to lower costs and get greater compliance. With this one solution, you can protect all your endpoints, physical and virtual. And manage all endpoints with one integrated, centralized management console.
With McAfee Total Protection for Endpoint you can:
Protect against advance threats that steal your data with advanced anti-virus protection
Get proactive anti-spyware and anti-spam protection to lower threat risk
Use host IPS & desktop firewall to protect against zero-day threats and reduce your patching costs Deploy network access control to enforce security policies
Educate your end users of the security risks when Internet browsing
Protect all desktops, physical and virtual, with the same trusted security
Verify and audit which endpoints are out-of-compliance to easily create audit reports to ensure compliance.
We have packaged the broadest and most effective end-point security offerings in the market
Unified Secure Access is McAfee’s approach to solving the NAC problem. It allows you to combine enforcement at the endpoint and the network where you can mix and match product offerings (depending upon your specific deployment needs) that are integrated and work together to give the highest enforcement of managed, unmanaged and unmanageable endpoints.
McAfee has a strong presence on the endpoint with a strong NAC product with McAfee NAC, or MNAC. This product is integrated with Microsoft’s NAP technology to provide critical health check data to NAP infrastructure. MNAC is also integrated with McAfee Networks Security Platform to cover NAC in the network even more extensively than NAP.
We have a strong presence in the network with the leading IPS, our Network Security Platform. Our strategy is to make NAC easy for our customers to deploy, so this year we are providing major leaps in functionality by delivering NAC functionality to our Network IPS. This includes a NAC software add-on module that can create an IPS and NAC combination on one network-class appliance.
McAfee is also providing a NAC Appliance (available January 2009) based on the Network Security Platform that focuses on NAC functionality only. This is will be a cost-effective hardware platform that would be deployed in the network where IPS functionality may not make sense.
Security is really not a product, it’s a process. And NAC is no different. NAC needs to be customized to a customers specific needs. So a step of defining what policies you want to track and enforce needs to be created. Once those policies are set, the Unified Secure Access solution needs to discover system and network components that are outside those policies you defined as they are attempting to access your network. You then define if and how you want to enforce any violations of those policies. At that point, you have the option of remediating the problem and letting them onto the network once they are deemed healthy again, or simply quarantining the violator to an area where they can do no harm. Step 5 is monitoring, a key piece of the process for post-admission violations, such as loading an illegal software download. But policies must always be reviewed to ensure the correct level of access is defined.
