BlackRidge Technology Transport Access Control: Overview



Similar documents
CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Networking for Caribbean Development

Introduction of Intrusion Detection Systems

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

Cybersecurity and internal audit. August 15, 2014

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

Chapter 9 Firewalls and Intrusion Prevention Systems

Lumeta IPsonar. Active Network Discovery, Mapping and Leak Detection for Large Distributed, Highly Complex & Sensitive Enterprise Networks

Total Cost of Ownership: Benefits of Comprehensive, Real-Time Gateway Security

On-Premises DDoS Mitigation for the Enterprise

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Internet Firewall CSIS Internet Firewall. Spring 2012 CSIS net13 1. Firewalls. Stateless Packet Filtering

Network Intrusion Prevention Systems Justification and ROI

Firewalls Overview and Best Practices. White Paper

External Supplier Control Requirements

Cisco Security Optimization Service

Chapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security

McAfee Security Architectures for the Public Sector

74% 96 Action Items. Compliance

Chapter 11 Cloud Application Development

Content-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.

Description: Objective: Attending students will learn:

Guideline on Auditing and Log Management

WildFire. Preparing for Modern Network Attacks

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

13 Ways Through A Firewall

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Secure Remote Monitoring of the Critical System Infrastructure. An Application Note from the Experts in Business-Critical Continuity

How To Protect A Web Application From Attack From A Trusted Environment

The Protection Mission a constant endeavor

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Fighting Advanced Threats

Chapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Advanced Threat Protection with Dell SecureWorks Security Services

CS5008: Internet Computing

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

Defending Against Cyber Attacks with SessionLevel Network Security

Recommended IP Telephony Architecture

Glasnost or Tyranny? You Can Have Secure and Open Networks!

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Cisco Cyber Threat Defense Solution: Delivering Visibility into Stealthy, Advanced Network Threats

How To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)

Basics of Internet Security

How To Buy Nitro Security

Introduction p. 2. Introduction to Information Security p. 1. Introduction

Unknown threats in Sweden. Study publication August 27, 2014

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

13 Ways Through A Firewall What you don t know will hurt you

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Managed Intrusion, Detection, & Prevention Services (MIDPS) Why Sorting Solutions? Why ProtectPoint?

Complete Protection against Evolving DDoS Threats

Seven Things To Consider When Evaluating Privileged Account Security Solutions

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Intrusion Defense Firewall

Did you know your security solution can help with PCI compliance too?

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs

Industrial Firewalls Endpoint Security

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Advantages of Managed Security Services

Secure Networking for Critical Infrastructure Using Service-aware switches for Defense-in-Depth deployment

Security Technology: Firewalls and VPNs

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Where every interaction matters.

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

Computer Security: Principles and Practice

Content-ID. Content-ID URLS THREATS DATA

Intro to Firewalls. Summary

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Game changing Technology für Ihre Kunden. Thomas Bürgis System Engineering Manager CEE

Securing Cisco Network Devices (SND)

Deploying Firewalls Throughout Your Organization

Network Defense Tools

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Sygate Secure Enterprise and Alcatel

CMPT 471 Networking II

Using Skybox Solutions to Achieve PCI Compliance

Computer Security DD2395

Enterprise Buyer Guide

Firewalls. ITS335: IT Security. Sirindhorn International Institute of Technology Thammasat University ITS335. Firewalls. Characteristics.

Firewalls. Contents. ITS335: IT Security. Firewall Characteristics. Types of Firewalls. Firewall Locations. Summary

Content Security: Protect Your Network with Five Must-Haves

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Transcription:

2011 BlackRidge Technology Transport Access Control: Overview 1

Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service (DDoS) attacks, which are designed to shut down systems, to elaborate stealth efforts, which are designed to live undetected in the infrastructure and steal intellectual property or other sensitive data. CLIENTS SERVICES Fig. 1 A social network is not a secure network. Threats are ever present for clients and services. Mobile Clients POS Terminals SCADA Controllers Supply Chain Providers Any Critical Endpoints THREATS VPN Vulnerabilities Certificate Substitution Hidden Proxies Scanning Data Centers Management Control Planes Proprietary Applications Critical Networks Cloud Resources Tactical Systems Any Critical Services Critical gaps in existing security systems allow unauthorized traffic to enter and compromise the computing ecosystem. Managing the sophisticated and dynamic methodologies employed in attacks today requires an innovative approach that can co-exist transparently with deployed security and network architectures. BlackRidge Technology s Transport Access Control (TAC) provides innovative, proactive protection to network resources by preventing attackers from performing reconnaissance of high-value and mission-critical network assets and by denying them the ability to communicate anonymously. BlackRidge Technology s TAC blocks unauthorized, anonymous traffic at the very first packet of TCP session, effectively disrupting an attacker s OODA (observe, orient, decide, act) loop by allowing only authorized and authenticated inbound and outbound network sessions. 2

Threat and Need Relying on existing security technologies to defend computing infrastructure has proven to be an ineffective decision to stop a determined, sophisticated attacker. Network reconnaissance, a key step in cyber attacks, uses vulnerability scanners to probe networks and the devices attached to them. Vulnerability scanners, also known as port scanners, attempt to establish TCP/IP connections to various network ports at various network addresses. Network-attached devices reveal information about their characteristics simply by responding to these TCP/IP connection requests. Current state-of-the-art for securing network-connected devices includes the use of firewalls, VPNs, IPS, and encryption. Each technology accomplishes a specific mission within the security regime. The demarcation point at each security layer exposes information about services and network applications provided when communications protocols are not specifically designed to prevent such information leakage. Information being leaked, even in the presence of firewalls, contains the existence and identity of servers and network applications. This information is exposed because each network-connected device must establish a TCP/IP connection before performing any client authentication. It is this design flaw of TCP/IP that enables vulnerability scanning tools to identify what network applications are present and, in many cases, develop signatures of the network-connected devices, which includes the operating system, network applications, and their release and patch levels. This information can then be used to develop strategies to attack the network-connected device. Requiring authentication before establishing a TCP/IP connection closes this security hole and denies attackers information. 3

BlackRidge Technology Transport Access Control (TAC) Transport Access Control (TAC) authenticates users and client applications on first packet receipt in a TCP/IP session. First Packet Authentication (FPA) protects data and network applications by concealing network applications from port scans, network reconnaissance, and intrusion, while allowing authenticated users to access network applications normally. Client Server { TCP Session Setup SYN SYN-ACK Transport Access Control Fig. 2 First Packet Authentication occurs BEFORE connection is established. { Data ACK DATA ACK Security Infrastructure TCP Packets TIME Managing a modern enterprise requires existing security technologies, like firewalls and intrusion prevention systems. But it is also clear that even with these systems, enterprises are being actively attacked and penetrated. Preventing attackers from anonymously gathering critical information, anonymously connecting to network resources, and anonymously removing intellectual property requires TAC. TAC inserts an identity token into a TCP/IP connection request. TAC extracts, authenticates and applies policy to the received TCP/IP connection requests. 4

TAC can provide both external and internal protection. Externally, TAC protects against unauthorized access, port scans, and network reconnaissance. Internally, TAC prevents viruses, malware, and rogue applications from calling home or contaminating adjacent networks. TAC is tolerant of network and port address translation and is designed to operate transparently, without introducing its own port or network translation complexity. TAC works with mobile and other devices that use dynamic addressing without requiring administrative updates. All TAC activities can be logged, enabling IT and security personnel to quickly identify and respond to rogue applications and hosts that attempt to infiltrate their networks. DATABASE Fig. 3 The architecture components of TAC provide a robust network security solution. Provisioning Rate - Bulk Provisioning IDENTITY & KEY MANAGEMENT POLICY MANAGEMENT POLICY ENGINE Packet Rate BLACKRIDGE GATEWAY TAC works by generating a single-use identity token for each TCP/IP session. TAC identity tokens are cryptographically generated tokens that communicate authentication information. TAC uses a steganographic overlay to insert the token into the first packet of a TCP/IP connection request. When TAC receives the connection request, it extracts and authenticates the inserted TAC identity token and then applies a security policy (forward, redirect, discard) for the connection request based on the received TAC identity. TCP/IP session establishment does not allow users to send any user (non-protocol) data, including authentication information. By using a steganographic overlay, TAC can be used during TCP/IP session establishment to provide FPA. Additionally, the size of TCP/IP headers is not increased, enabling TAC to function without consuming any network bandwidth. Each TAC identity token is individually generated, cannot be re-used, and expires after a short period of time. 5

TAC uses an innovative identity token cache to provide high scalability and low, deterministic latency. The token cache is tolerant of packet loss and enables TAC deployments in low bandwidth and high packet loss environments. The algorithms used in TAC are highly parallelizable, enabling high scalability to take advantage of today s multi-core and multi-processor systems. TAC clients and policy engines can be hosted on a wide variety of platforms, including network appliances, router blades, security blades, laptops, end point payment systems, PDAs, and cell phones. TAC works with IPv4 and IPv6, as well as a variety of network architectures, including client-server, server-server, cloud, and mesh networks. Identity and Key Management TAC is designed to integrate smoothly with existing identity and key management systems and requires no modification to existing network applications or servers. TAC is compatible with and complimentary to existing security and authentication technologies, including IPsec, SSL/TLS, and firewalls, providing additional protection not found in these solutions. Policy Management In addition to enforcing policy for TAC-authenticated traffic, TAC can also enforce policy to allow unauthenticated traffic to be forwarded, redirected, or discarded. These actions, like all actions performed by TAC, start with the first packet and are performed in real time, giving downstream remediation, analytic, and responsive systems the earliest possible access to live data streams. 6

Value Proposition TAC provides significant value to improve security, scalability and performance including: Reduced Network Traffic Load TAC is complementary to existing network and security topologies. It is lightweight, transparent, and does not add significantly to system latency. Using TAC can remove 99.999% of unauthenticated TCP/IP traffic, which in some cases can comprise 70% or more of all sessions being processed by a firewall. TAC also reduces the load on information protection and detection systems by reducing the amount of data that these systems are required to process and store, while still maintaining log data for evidence gathering. Reduced System Cost TAC reduces equipment acquisition costs by reducing the use of deep packet inspection and the expensive hardware deep packet inspection requires. Securing the transport layer with TAC results in the reduction of unauthenticated traffic and provides an additional security layer against malware, DDoS attacks, and unauthenticated users. TAC can greatly reduce the spread of malware and, most importantly, prevent data exfiltration through perimeter protection. TAC provides an additional layer of security to protect mission-critical and business-critical data and intellectual property. Reduced Compliance Cost TAC provides improved compliance to organizations. All requests can be logged. These logs can provide the data needed to support regulatory requirements and requirements associated with internal compliance audits. In addition, TAC authentication can be transparently added to devices and network applications that do not have the ability to perform authentication. The ability to add authentication and logging capabilities to legacy network applications enables corporations and agencies to meet their compliance and regulatory requirements. Legacy applications continue to operate as normal with TAC being transparently added to the security posture. Many compliance rules require that complete packet traces of all suspect traffic be maintained for a period of time. By using FPA security tagging, the amount of traffic being stored is greatly reduced, significantly decreasing the storage costs of compliance. 7

Summary Cyber war is happening. Cyber attacks are ever present. The rate at which the advanced persistent threat is escalating is surpassing all estimates. Adversaries are progressing much faster in their ability to successfully attack cyber infrastructure than has been forecast faster than the prepared defense of today s approaches and technologies. Firewalls, VPNs, and encryption methodologies are not keeping pace with the barrage of attacks that are being launched on a daily basis. Deep packet inspection-based solutions employed by most firewalls require too much processing power to keep up with the advances in offensive network attack capabilities that are available. Increases in network bandwidth only exacerbate this problem. BlackRidge Technology s TAC is a new cyber security technology that blocks network scans and other unauthenticated traffic. TAC compliments existing security with a strong value proposition that can reduce both capital and operational costs. TAC protects servers, critical assets, and network applications from unauthorized users, attackers, and malware. TAC can also be used for protection against data exfiltration, botnets, and other malware. Specifically, TAC: Authenticates the first packet of a session Filters and controls network access to resources while preserving existing investments in cyber security Blocks network scans (by cloaking TAC-protected systems from unauthorized users) Provides low, deterministic latency with highly scalable throughput Security must go beyond host-based and network-based information and far beyond simple anti-virus and network intrusion detection to stop reconnaissance and anonymous unauthorized connections. Enterprises must focus security resources to look inside the right packets, files, and email instead of ineffectively mulling through all data streams, including anonymous and unauthorized traffic. For more information please contact info@blackridge.us or visit us online at blackridge.us. 8

Reston, VA Santa Clara, CA Suwanee, GA info@blackridge.us www.blackridge.us 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information