Network Security Roadmap. February 15, 2011

Similar documents
WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Internet Content Provider Safeguards Customer Networks and Services

Cisco & Big Data Security

Lunch & Learn Series Subscribe!

Overcoming PCI Compliance Challenges

McAfee Endpoint Protection Products

Analysis One Code Desc. Transaction Amount. Fiscal Period

How To Manage Security On A Networked Computer System

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Cisco IPS Tuning Overview

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Modular Network Security. Tyler Carter, McAfee Network Security

Continuous compliance through good governance

Miami University. Payment Card Data Security Policy

Module 1: Overview. Module 2: AlienVault USM Solution Deployment. Module 3: AlienVault USM Basic Configuration

Chapter 1 The Principles of Auditing 1

Accenture Cyber Security Transformation. October 2015

INCIDENT RESPONSE CHECKLIST

Current IBAT Endorsed Services

How To Secure Your Store Data With Fortinet

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

The SIEM Evaluator s Guide

Injazat s Managed Services Portfolio

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Achieving SOX Compliance with Masergy Security Professional Services

Smarter Security for Smarter Local Government. Craig Sargent, Solutions Specialist

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Section 12 MUST BE COMPLETED BY: 4/22

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES

CompTIA Security+ (Exam SY0-410)

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Out of the Frying Pan and Into the Fire: Protecting the Security of Research Data. Vice Chancellor for IT & CIO July 19, 2011 UNC Chapel Hill

Did you know your security solution can help with PCI compliance too?

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Payment Card Industry Data Security Standard

IBM Security Operations Center Poland! Wrocław! Daniel Donhefner SOC Manager!

The Education Fellowship Finance Centralisation IT Security Strategy

10 Key Things Your VoIP Firewall Should Do. When voice joins applications and data on your network

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Jort Kollerie SonicWALL

NASCIO 2015 State IT Recognition Awards

HTTPS Inspection with Cisco CWS

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

Introduction. PCI DSS Overview

Securing Virtual Applications and Servers

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Advanced Threats: The New World Order

Scalability in Log Management

The Five W's of SOC Operations. Kevin

Implementing Cisco Intrusion Prevention System 7.0 (IPS)

SANS Top 20 Critical Controls for Effective Cyber Defense

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Service Level Agreement LiIT Cloud Services Level Agreement SLA Version 2.0

PCI Solution for Retail: Addressing Compliance and Security Best Practices

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Client Security Risk Assessment Questionnaire

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

IBX Business Network Platform Information Security Controls Document Classification [Public]

Information Technology Solutions

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Who s Doing the Hacking?

Security Controls Implementation Plan

BYOzzzz: Focusing on the Unsolved Challenges of Mobility, An Industry Perspective

Achieving PCI Compliance Using F5 Products

DIR Contract Number DIR-TSO-2621 Appendix C Pricing Index

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Observations from the Trenches

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

External Supplier Control Requirements

LogRhythm and PCI Compliance

Cisco EXAM Implementing Cisco Threat Control Solutions (SITCS) Buy Full Product.

How To Buy Nitro Security

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Next Generation IPS and Reputation Services

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Kevin Hayes, CISSP, CISM MULTIPLY SECURITY EFFECTIVENESS WITH SIEM

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Maintaining Strong Security and PCI DSS Compliance in a Distributed Retail Environment

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

AgriLife Information Technology IT General Session January 2010

How To Secure An Extended Enterprise

Thoughts on PCI DSS 3.0. September, 2014

Attackers are highly skilled, persistent, and very motivated at finding and exploiting new vectors. Microsoft Confidential for internal use only

Information Security. Incident Management Program. What is an Incident Management Program? Why is it needed?

How To Manage Sourcefire From A Command Console

Transcription:

Network Security Roadmap February 15, 2011

Awareness Spyware The IT Security landscape Malware Stopit Global Threats DDoS cookies DMCA Notifications Forensics FERPA botnets Policy Laws & Regulation keystroke logger rootkit Law Enforcement Support WISP botnet Infoprotect Encryption 2/15/11 2

Many Dimensions of IT Security MIT Policy IS&T Policy Change Management Data Law/Regs Compliance DMCA / HEOA Compliance Identity Management Accounts Management Configuration Management Authorizations Management Risk Management Policy Strategy IT Security & Risk Management Roadmap Enterprise Backup Services Virtualization Recovery & Restoration Awareness Web sites Knowledge Base Security-FYI newsletter Education & Training Infoprotect Border Firewalls / IDS / IPS WIN Doman / epo Event Logging Network Traffic Analysis Incident Response Detection & Reaction Preparation & Prevention User Experience standards WIN Domain Virtual Desktops Data Protection Privacy Protection 2/15/11 3

Current Challenges IT Security approach today is reactive, one-off, labor intensive and lacking useful data Most incident detection re: MIT computers comes from 3 rd parties We have sparse data on MITnet s uses Computers are not adequately protected from attack from both inside and outside Compromises reduce productivity, put sensitive data and IP at risk, and lead to legal, financial and reputational harm 2/15/11 4

Traditional View The Public Internet is wonderful, we should do everything possible to ENABLE computers on MITnet to access anything and everything on the Public Internet, and vice versa, and to think of MIT and MITnet as if they were simply a subset of the Public Internet, particularly from a policy point of view. The Public Internet MITnet??? Service, Server or Data Resource Personal or Work Computer 2/15/11 5

Examples MIT does not comply with all provisions of MA Data Breach Law/Regulations, particularly in incident detection/response and forensics MIT complies with HEOA, but DMCA Notification volumes are soaring, so the measures used may not be enough, and we may need additional technological measures Isolating/protecting PCI computers (as well as other devices requiring VERY high protection) remains difficult. 2/15/11 6

Guiding Principles Provide for standards in a decentralized environment Academic freedom, privacy and choice Technically sound, providing high reliability Improve visibility of network needs and issues Granularity no more one size fits all Protect intellectual property Comply with laws and regulations Safer computing experience Fiscally prudent 2/15/11 7

Future View By providing a more managed connection at the border between MITnet and the Public Internet, we increase the visibility of and our understanding of the threats and risks that are present, and then how to protect MIT computers and work areas on a very granular level. The Public Internet B C Protected Admin Servers MITnet Service, Server or Data Resource A Personal or Work Computer IDS/Firewall/IPS Protected Work Areas Protected Computers 2/15/11 8

What is the plan? Border Protection Network Access Managed User Experience Intrusion Detection Intrusion Prevention Border Firewalls Remediation Authenticated Wireless & Wired Network Access Logging Policies DLC managed domains IS&T managed domains Desktop Virtualization The Cisco SCE 8000 Series Service Control Engine delivers highcapacity application and sessionbased classification and control of application-level IP traffic per subscriber. The Cisco ASA 5500 Series Adaptive Security Appliances deliver highly effective intrusion prevention capabilities using hardware-accelerated IPS modules. Adoption of the 802.1x standard for access to MITnet wireless, with default connections set to be secure, but offering choices for those who need them. Splunk collects, indexes and harnesses data generated by our applications, servers to troubleshoot problems and investigate security to avoid service degradation or outages. Correlate and analyze complex events spanning multiple systems. Continue support of an MITwide WIN domain for Windows computer; explore Casper for managing Macintosh computers in a similar way. Move ahead with pilot projects for desktop virtualization in early-adopter, high-risk areas of the Institute. 2/15/11 9

Managed Domain Wireless Border Protection NETWORK SECURITY MILESTONE TIMELINE CALENDAR YEAR 2011 Jan - Mar Apr - Jun Jul - Sep Oct - Dec Purchase & install border protection equipment Implement detection & protection for select network segments Increase breadth of protection, targeting highrisk services Install intelligent log management Initial tuning Phase 1 Integrate alerts and log management Integrate alert detection and enduser notification Increase rollout Phase 2 Integrate remediation Plan and communicate default secure wireless configuration Deploy default secure wireless configuration and guest wireless Continue Windows Domain deployments Pilot virtual desktop with high-risk groups Technology Legend Cisco ASA 5585 Secured wireless Cisco SCE 8000 2/15/11 WIN domain Splunk, RT, Moira 10 Virtual desktop

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information