Upload
sandra4211
View
2.396
Download
4
Embed Size (px)
DESCRIPTION
Citation preview
04/10/23 1
Fundamentals of Internet Security: VPN Conclusion
Fundamentals of Internet Security
VPN Conclusion
Presented by Neil A. Rosenberg
President & CEO
Quality Technology Solutions, Inc.
04/10/23 2
Fundamentals of Internet Security: VPN Conclusion
What is Computer Security?• Intrusion Detection/Response?• Confidentiality Protection &
Encryption?• Single Sign-On?• Network & Firewall Configuration?• Training & Awareness?• Secure Email?• Virus Protection?• Access Control?• Electronic Records Management?• eBusiness?• Remote Access?• Virtual Private Networks?• Certificate Management?
• Identification & Authentication?• Packet Filters?• Vulnerability Reduction?• Disaster Recovery?• Denial of Service Attacks?• Risk Assessment?• Quality of Service?• Network Directory Service?• Audits/Reviews?• Policy-Based Management?• Secure Messaging and
Collaboration?• Authentication & Digital Identity
04/10/23 3
Fundamentals of Internet Security: VPN Conclusion
Network IDS
ContentManagement
MultiFactorAuthentication
SingleSign-On
Penetration &Attack Testing
SecurityAudit
Desktop IDS
Host IDS
Directory & LDAP
Malicious Code
AntivirusSecurityPolicy
FIREWALL
VPN
Strong Authentication
DigitalCertificates
04/10/23 4
Fundamentals of Internet Security: VPN Conclusion
Security is a Complete System,not a product
Requires objectives and clear focus
04/10/23 5
Fundamentals of Internet Security: VPN Conclusion
Firewall• Control inbound and outbound access• Log traffic• Deter and block attacks• Generate alarms
04/10/23 6
Fundamentals of Internet Security: VPN Conclusion
Intrusion Detection• Hackers• Crackers• Denial of Service, DDOS attacks
Protection versus Internal & External Attacks and Threats
04/10/23 7
Fundamentals of Internet Security: VPN Conclusion
VPN• Authentication• Encryption
• Client to Site• Site to Site• Extranet
04/10/23 8
Fundamentals of Internet Security: VPN Conclusion
Authentication & Identity• Passwords• Tokens• Biometrics & Multifactor Authentication• Digital Certificates• SSL• Directories & LDAP• Single Sign-On
04/10/23 9
Fundamentals of Internet Security: VPN Conclusion
Bandwidth Management• Control prioritization of data through the pipe• Assess needs for additional bandwidth• Track and Enforce SLAs
04/10/23 10
Fundamentals of Internet Security: VPN Conclusion
Content Management• Viruses• Vandals (Java, ActiveX)• Worms• Trojan Horses• Scripts
04/10/23 11
Fundamentals of Internet Security: VPN Conclusion
VPN & Authentication Best Practices
04/10/23 12
Fundamentals of Internet Security: VPN Conclusion
Define Business Objectives• Define Remote Access Needs – specifically• Define key applications and data access• Define Goals – cost reduction? user
empowerment?
04/10/23 13
Fundamentals of Internet Security: VPN Conclusion
Management• Get buy-in on objectives• Get input on security versus access trade-off, in
advance – “on a scale of 1-10, with 1 being most access, least secure, and 10 being minimal access, most secure, where should we be?”
• Develop & get sign-off on security policy
04/10/23 14
Fundamentals of Internet Security: VPN Conclusion
Keep It Simple• Centralize Management• Integrate Directories & Authentication – Leverage
Your Directory!• Seamless User Experience• Minimize client side deployment of software
(intrusiveness, licensing fees)
04/10/23 15
Fundamentals of Internet Security: VPN Conclusion
Leverage the Directory!• LDAP• RADIUS• Manage one set of passwords – please!
04/10/23 16
Fundamentals of Internet Security: VPN Conclusion
Client Side Setup• Use Personal Firewall to defend at all
vulnerability points, and lock down if not• Standardize client install process (cookbook) and
deploy with CD/diskettes with all required files (or from web server)
• Schedule Installation Appointments to proactively manage client PC setup issues
04/10/23 17
Fundamentals of Internet Security: VPN Conclusion
General Issues• Ensure private addresses are non-conflicting• Control synchronization (Domain, etc.) and
similar traffic over low bandwidth lines• Implement bandwidth management• “Don’t span the WAN” – design similarly• Centralize Management of VPN, remote resources• Use NFuse and RSA ACE Server for browser
based authentication & access from non-VPN (Internet terminals)
04/10/23 18
Fundamentals of Internet Security: VPN Conclusion
Authentication• Define and enforce password rules and changes• Implement single sign-on solution to minimize
passwords users need to track – each one is a vulnerability
• Implement Strong Authentication (token, certificate, smart card, biometrics) or Graded, Multifactor Authentication
04/10/23 19
Fundamentals of Internet Security: VPN Conclusion
Web Server Security• Lock Down IIS – numerous TIDs, or have us audit• Use SSL to encrypt• If eCommerce, purchase Digital Certificates from
a trusted CA• Only open necessary comm ports from web
server(s) back to the internal network
04/10/23 20
Fundamentals of Internet Security: VPN Conclusion
Secure Network Design
Server
Firewall
Router
Web Server Mail Server
Internet
Mail ServerCitrix Server
ServerServer
eCommerceWeb Server
eCommerceWeb Server
ACE Server
NFuse Server
IDS Sensor
IDS Sensor
IDS Sensor
IDS Sensor
Backup ACE Server
ManagementComputer
DB Server
Computer
Laptop
Router
Firewall
04/10/23 21
Fundamentals of Internet Security: VPN Conclusion
Best Practice Network Security Implementation
• Strong authentication for all users – not weak passwords!
• Multi-layer security perimeters to restrict access • Intrusion Detection to analyze traffic in critical areas• VPNs to cost-effectively extend connectivity and
ensure data privacy• Periodic network risk assessments • On-going policy development and training• Antivirus solution and strong email security & policy
04/10/23 22
Fundamentals of Internet Security: VPN Conclusion
Next Steps
• Do you have an information security plan for your business?
• Has that plan been communicated, implemented and tested?
• Do you have professional staff capable of managing and monitoring security?
• Do you need outside help?
04/10/23 23
Fundamentals of Internet Security: VPN Conclusion
For More Information• www.QTSnet.com/security
• www.checkpoint.com
• Xforce.iss.net
• www.microsoft.com/security
• www.novell.com/info/security
• securityfocus.com
• www.cert.org
• www.sans.org
• www.securityportal.com
• razor.bindview.com
04/10/23 24
Fundamentals of Internet Security: VPN Conclusion
Upcoming Events• Tuesday, Oct 23rd – MetaFrame XP• Thursday, Nov 15th – Fundamentals of Internet
Security Part III – Bandwidth Management and Content Management (with Aladdin)
• Tuesday, November 20th – Introduction to PKI and Digital Certificates (with RSA)
04/10/23 25
Fundamentals of Internet Security: VPN Conclusion
Questions & AnswersNeil Rosenberg
Quality Technology Solutions, Inc.76 South Orange AvenueSouth Orange, NJ 07079
(973)761-5400 x230Fax (973)761-1881