25
06/07/22 1 Fundamentals of Internet Security: VPN Conclusi Fundamentals of Internet Security VPN Conclusion Presented by Neil A. Rosenberg President & CEO Quality Technology Solutions, Inc.

QTS: VPN Conclusion

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: QTS: VPN Conclusion

04/10/23 1

Fundamentals of Internet Security: VPN Conclusion

Fundamentals of Internet Security

VPN Conclusion

Presented by Neil A. Rosenberg

President & CEO

Quality Technology Solutions, Inc.

Page 2: QTS: VPN Conclusion

04/10/23 2

Fundamentals of Internet Security: VPN Conclusion

What is Computer Security?• Intrusion Detection/Response?• Confidentiality Protection &

Encryption?• Single Sign-On?• Network & Firewall Configuration?• Training & Awareness?• Secure Email?• Virus Protection?• Access Control?• Electronic Records Management?• eBusiness?• Remote Access?• Virtual Private Networks?• Certificate Management?

• Identification & Authentication?• Packet Filters?• Vulnerability Reduction?• Disaster Recovery?• Denial of Service Attacks?• Risk Assessment?• Quality of Service?• Network Directory Service?• Audits/Reviews?• Policy-Based Management?• Secure Messaging and

Collaboration?• Authentication & Digital Identity

Page 3: QTS: VPN Conclusion

04/10/23 3

Fundamentals of Internet Security: VPN Conclusion

Network IDS

ContentManagement

MultiFactorAuthentication

SingleSign-On

Penetration &Attack Testing

SecurityAudit

Desktop IDS

Host IDS

Directory & LDAP

Malicious Code

AntivirusSecurityPolicy

FIREWALL

VPN

Strong Authentication

DigitalCertificates

Page 4: QTS: VPN Conclusion

04/10/23 4

Fundamentals of Internet Security: VPN Conclusion

Security is a Complete System,not a product

Requires objectives and clear focus

Page 5: QTS: VPN Conclusion

04/10/23 5

Fundamentals of Internet Security: VPN Conclusion

Firewall• Control inbound and outbound access• Log traffic• Deter and block attacks• Generate alarms

Page 6: QTS: VPN Conclusion

04/10/23 6

Fundamentals of Internet Security: VPN Conclusion

Intrusion Detection• Hackers• Crackers• Denial of Service, DDOS attacks

Protection versus Internal & External Attacks and Threats

Page 7: QTS: VPN Conclusion

04/10/23 7

Fundamentals of Internet Security: VPN Conclusion

VPN• Authentication• Encryption

• Client to Site• Site to Site• Extranet

Page 8: QTS: VPN Conclusion

04/10/23 8

Fundamentals of Internet Security: VPN Conclusion

Authentication & Identity• Passwords• Tokens• Biometrics & Multifactor Authentication• Digital Certificates• SSL• Directories & LDAP• Single Sign-On

Page 9: QTS: VPN Conclusion

04/10/23 9

Fundamentals of Internet Security: VPN Conclusion

Bandwidth Management• Control prioritization of data through the pipe• Assess needs for additional bandwidth• Track and Enforce SLAs

Page 10: QTS: VPN Conclusion

04/10/23 10

Fundamentals of Internet Security: VPN Conclusion

Content Management• Viruses• Vandals (Java, ActiveX)• Worms• Trojan Horses• Scripts

Page 11: QTS: VPN Conclusion

04/10/23 11

Fundamentals of Internet Security: VPN Conclusion

VPN & Authentication Best Practices

Page 12: QTS: VPN Conclusion

04/10/23 12

Fundamentals of Internet Security: VPN Conclusion

Define Business Objectives• Define Remote Access Needs – specifically• Define key applications and data access• Define Goals – cost reduction? user

empowerment?

Page 13: QTS: VPN Conclusion

04/10/23 13

Fundamentals of Internet Security: VPN Conclusion

Management• Get buy-in on objectives• Get input on security versus access trade-off, in

advance – “on a scale of 1-10, with 1 being most access, least secure, and 10 being minimal access, most secure, where should we be?”

• Develop & get sign-off on security policy

Page 14: QTS: VPN Conclusion

04/10/23 14

Fundamentals of Internet Security: VPN Conclusion

Keep It Simple• Centralize Management• Integrate Directories & Authentication – Leverage

Your Directory!• Seamless User Experience• Minimize client side deployment of software

(intrusiveness, licensing fees)

Page 15: QTS: VPN Conclusion

04/10/23 15

Fundamentals of Internet Security: VPN Conclusion

Leverage the Directory!• LDAP• RADIUS• Manage one set of passwords – please!

Page 16: QTS: VPN Conclusion

04/10/23 16

Fundamentals of Internet Security: VPN Conclusion

Client Side Setup• Use Personal Firewall to defend at all

vulnerability points, and lock down if not• Standardize client install process (cookbook) and

deploy with CD/diskettes with all required files (or from web server)

• Schedule Installation Appointments to proactively manage client PC setup issues

Page 17: QTS: VPN Conclusion

04/10/23 17

Fundamentals of Internet Security: VPN Conclusion

General Issues• Ensure private addresses are non-conflicting• Control synchronization (Domain, etc.) and

similar traffic over low bandwidth lines• Implement bandwidth management• “Don’t span the WAN” – design similarly• Centralize Management of VPN, remote resources• Use NFuse and RSA ACE Server for browser

based authentication & access from non-VPN (Internet terminals)

Page 18: QTS: VPN Conclusion

04/10/23 18

Fundamentals of Internet Security: VPN Conclusion

Authentication• Define and enforce password rules and changes• Implement single sign-on solution to minimize

passwords users need to track – each one is a vulnerability

• Implement Strong Authentication (token, certificate, smart card, biometrics) or Graded, Multifactor Authentication

Page 19: QTS: VPN Conclusion

04/10/23 19

Fundamentals of Internet Security: VPN Conclusion

Web Server Security• Lock Down IIS – numerous TIDs, or have us audit• Use SSL to encrypt• If eCommerce, purchase Digital Certificates from

a trusted CA• Only open necessary comm ports from web

server(s) back to the internal network

Page 20: QTS: VPN Conclusion

04/10/23 20

Fundamentals of Internet Security: VPN Conclusion

Secure Network Design

Server

Firewall

Router

Web Server Mail Server

Internet

Mail ServerCitrix Server

ServerServer

eCommerceWeb Server

eCommerceWeb Server

ACE Server

NFuse Server

IDS Sensor

IDS Sensor

IDS Sensor

IDS Sensor

Backup ACE Server

ManagementComputer

DB Server

Computer

Laptop

Router

Firewall

Page 21: QTS: VPN Conclusion

04/10/23 21

Fundamentals of Internet Security: VPN Conclusion

Best Practice Network Security Implementation

• Strong authentication for all users – not weak passwords!

• Multi-layer security perimeters to restrict access • Intrusion Detection to analyze traffic in critical areas• VPNs to cost-effectively extend connectivity and

ensure data privacy• Periodic network risk assessments • On-going policy development and training• Antivirus solution and strong email security & policy

Page 22: QTS: VPN Conclusion

04/10/23 22

Fundamentals of Internet Security: VPN Conclusion

Next Steps

• Do you have an information security plan for your business?

• Has that plan been communicated, implemented and tested?

• Do you have professional staff capable of managing and monitoring security?

• Do you need outside help?

Page 23: QTS: VPN Conclusion

04/10/23 23

Fundamentals of Internet Security: VPN Conclusion

For More Information• www.QTSnet.com/security

• www.checkpoint.com

• Xforce.iss.net

• www.microsoft.com/security

• www.novell.com/info/security

• securityfocus.com

• www.cert.org

• www.sans.org

• www.securityportal.com

• razor.bindview.com

Page 24: QTS: VPN Conclusion

04/10/23 24

Fundamentals of Internet Security: VPN Conclusion

Upcoming Events• Tuesday, Oct 23rd – MetaFrame XP• Thursday, Nov 15th – Fundamentals of Internet

Security Part III – Bandwidth Management and Content Management (with Aladdin)

• Tuesday, November 20th – Introduction to PKI and Digital Certificates (with RSA)

Page 25: QTS: VPN Conclusion

04/10/23 25

Fundamentals of Internet Security: VPN Conclusion

Questions & AnswersNeil Rosenberg

Quality Technology Solutions, Inc.76 South Orange AvenueSouth Orange, NJ 07079

(973)761-5400 x230Fax (973)761-1881

[email protected]