Click here to load reader

QTS: VPN Conclusion

  • View
    2.378

  • Download
    4

Embed Size (px)

DESCRIPTION

 

Text of QTS: VPN Conclusion

  • 1.
    • Fundamentals of Internet Security
    • VPN Conclusion
    • Presented by Neil A. Rosenberg
    • President & CEO
    • Quality Technology Solutions, Inc.
  • 2. What is Computer Security?
    • Intrusion Detection/Response?
    • Confidentiality Protection & Encryption?
    • Single Sign-On?
    • Network & Firewall Configuration?
    • Training & Awareness?
    • Secure Email?
    • Virus Protection?
    • Access Control?
    • Electronic Records Management?
    • eBusiness?
    • Remote Access?
    • Virtual Private Networks?
    • Certificate Management?
    • Identification & Authentication?
    • Packet Filters?
    • Vulnerability Reduction?
    • Disaster Recovery?
    • Denial of Service Attacks?
    • Risk Assessment?
    • Quality of Service?
    • Network Directory Service?
    • Audits/Reviews?
    • Policy-Based Management?
    • Secure Messaging and Collaboration?
    • Authentication & Digital Identity
  • 3. Network IDS Content Management MultiFactor Authentication Single Sign-On Penetration & Attack Testing Security Audit Desktop IDS Host IDS Directory & LDAP Malicious Code Antivirus Security Policy FIREWALL VPN Strong Authentication Digital Certificates
  • 4. Security is a Complete System, not a product Requires objectives and clear focus
  • 5. Firewall
    • Control inbound and outbound access
    • Log traffic
    • Deter and block attacks
    • Generate alarms
  • 6. Intrusion Detection
    • Hackers
    • Crackers
    • Denial of Service, DDOS attacks
      • Protection versus Internal & External Attacks and Threats
  • 7. VPN
    • Authentication
    • Encryption
    • Client to Site
    • Site to Site
    • Extranet
  • 8. Authentication & Identity
    • Passwords
    • Tokens
    • Biometrics & Multifactor Authentication
    • Digital Certificates
    • SSL
    • Directories & LDAP
    • Single Sign-On
  • 9. Bandwidth Management
    • Control prioritization of data through the pipe
    • Assess needs for additional bandwidth
    • Track and Enforce SLAs
  • 10. Content Management
    • Viruses
    • Vandals (Java, ActiveX)
    • Worms
    • Trojan Horses
    • Scripts
  • 11. VPN & Authentication Best Practices
  • 12. Define Business Objectives
    • Define Remote Access Needs specifically
    • Define key applications and data access
    • Define Goals cost reduction? user empowerment?
  • 13. Management
    • Get buy-in on objectives
    • Get input on security versus access trade-off, in advance on a scale of 1-10, with 1 being most access, least secure, and 10 being minimal access, most secure, where should we be?
    • Develop & get sign-off on security policy
  • 14. Keep It Simple
    • Centralize Management
    • Integrate Directories & Authentication Leverage Your Directory!
    • Seamless User Experience
    • Minimize client side deployment of software (intrusiveness, licensing fees)
  • 15. Leverage the Directory!
    • LDAP
    • RADIUS
    • Manage one set of passwords please!
  • 16. Client Side Setup
    • Use Personal Firewall to defend at all vulnerability points, and lock down if not
    • Standardize client install process (cookbook) and deploy with CD/diskettes with all required files (or from web server)
    • Schedule Installation Appointments to proactively manage client PC setup issues
  • 17. General Issues
    • Ensure private addresses are non-conflicting
    • Control synchronization (Domain, etc.) and similar traffic over low bandwidth lines
    • Implement bandwidth management
    • Dont span the WAN design similarly
    • Centralize Management of VPN, remote resources
    • Use NFuse and RSA ACE Server for browser based authentication & access from non-VPN (Internet terminals)
  • 18. Authentication
    • Define and enforce password rules and changes
    • Implement single sign-on solution to minimize passwords users need to track each one is a vulnerability
    • Implement Strong Authentication (token, certificate, smart card, biometrics) or Graded, Multifactor Authentication
  • 19. Web Server Security
    • Lock Down IIS numerous TIDs, or have us audit
    • Use SSL to encrypt
    • If eCommerce, purchase Digital Certificates from a trusted CA
    • Only open necessary comm ports from web server(s) back to the internal network
  • 20. Secure Network Design
  • 21. Best Practice Network Security Implementation
    • Strong authentication for all users not weak passwords!
    • Multi-layer security perimeters to restrict access
    • Intrusion Detection to analyze traffic in critical areas
    • VPNs to cost-effectively extend connectivity and ensure data privacy
    • Periodic network risk assessments
    • On-going policy development and training
    • Antivirus solution and strong email security & policy
  • 22. Next Steps
    • Do you have an information security plan for your business?
    • Has that plan been communicated, implemented and tested?
    • Do you have professional staff capable of managing and monitoring security?
    • Do you need outside help?
  • 23. For More Information
    • www.QTSnet.com/security
    • www.checkpoint.com
    • Xforce.iss.net
    • www.microsoft.com/security
    • www.novell.com/info/security
    • securityfocus.com
    • www.cert.org
    • www.sans.org
    • www.securityportal.com
    • razor.bindview.com
  • 24. Upcoming Events
    • Tuesday, Oct 23 rd MetaFrame XP
    • Thursday, Nov 15 th Fundamentals of Internet Security Part III Bandwidth Management and Content Management (with Aladdin)
    • Tuesday, November 20 th Introduction to PKI and Digital Certificates (with RSA)
  • 25. Questions & Answers Neil Rosenberg Quality Technology Solutions, Inc. 76 South Orange Avenue South Orange, NJ 07079 (973)761-5400 x230 Fax (973)761-1881 [email_address] www.QTSnet.com

Search related