Self defending networks?

Similar documents
Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Proven LANDesk Solutions

Chapter 1 The Principles of Auditing 1

Honeywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014

Bypassing Network Access Control Systems

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

Payment Card Industry Data Security Standard

Remote Vendor Monitoring

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

The Protection Mission a constant endeavor

Embracing Complete BYOD Security with MDM and NAC

Best Practices for Outdoor Wireless Security

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

Anomaly Detection and Vulnerability Management. Rolf Strehle, ditis Systeme Heidenheim

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Managed Security Services for Data

Internet Content Provider Safeguards Customer Networks and Services

Industrial Security for Process Automation

IT Security. Securing Your Business Investments

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Bypassing Network Access Control Systems

INCIDENT RESPONSE CHECKLIST

Securing BYOD With Network Access Control, a Case Study

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Netzwerkvirtualisierung? Aber mit Sicherheit!

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Securing the Service Desk in the Cloud

Enterprise Computing Solutions

Ovation Security Center Data Sheet

Cisco Remote Management Services for Security

Response to Questions CML Managed Information Security

Cisco Advanced Services for Network Security

Security Controls What Works. Southside Virginia Community College: Security Awareness

Did you know your security solution can help with PCI compliance too?

PCI Data Security Standards (DSS)

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Achieving SOX Compliance with Masergy Security Professional Services

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Högskolan i Halmstad Sektionen för Informationsvetenskap, Data- Och Elektroteknik (IDÉ) Ola Lundh. Name (in block letters) :

Network Security Administrator

Vulnerability management lifecycle: defining vulnerability management

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

H.I.P.A.A. Compliance Made Easy Products and Services

Vendor Audit Questionnaire

Mobile Device Strategy

Unified Threat Management, Managed Security, and the Cloud Services Model

Central Agency for Information Technology

ForeScout CounterACT. Continuous Monitoring and Mitigation

Building A Secure Microsoft Exchange Continuity Appliance

EMERGING THREATS & STRATEGIES FOR DEFENSE. Stephen Coty Chief Security

InfoExpress Cyber Gatekeeper. How to quote? Günter Neuleitner. März 2009

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Trusted Network Connect (TNC)

Introduction to Cyber Security / Information Security

BlackRidge Technology Transport Access Control: Overview

End-user Security Analytics Strengthens Protection with ArcSight

Document ID. Cyber security for substation automation products and systems

AppGuard. Defeats Malware

Section 12 MUST BE COMPLETED BY: 4/22

Potential Security Vulnerabilities of a Wireless Network. Implementation in a Military Healthcare Environment. Jason Meyer. East Carolina University

WHAT ARE THE BENEFITS OF OUTSOURCING NETWORK SECURITY?

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

NAC at the endpoint: control your network through device compliance

Goals. Understanding security testing

Security Services. 30 years of experience in IT business

Policy Management: The Avenda Approach To An Essential Network Service

Alcatel-Lucent Services

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

Chapter 9 Firewalls and Intrusion Prevention Systems

Total Defense Endpoint Premium r12

Driving Company Security is Challenging. Centralized Management Makes it Simple.

SUMMIT ASSET MANAGEMENT DATASHEET

Client Security Risk Assessment Questionnaire

How To Protect Your Network From Attack From A Network Security Threat

Modular Network Security. Tyler Carter, McAfee Network Security

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

ISS X-Force. IBM Global Services. Angel NIKOLOV Country Manager BG, CZ, HU, RO and SK IBM Internet Security Systems

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

ForeScout CounterACT Endpoint Compliance

Achieving PCI Compliance Using F5 Products

IP Telephony Management

Transcription:

Self defending networks? What we do @ Voith to protect our network. Troopers08, 23.-24.03.08 Munich, Germany

Content Author 2 Troopers08 Self Defending Networks 23.04.2008 Global Voith IT Organisation Self defending networks Best Practise @ Voith IT Security Organisation Technical Basis Security Processes Conclusion Rolf Strehle CEO ditis Systeme CISO Voith AG ISO27001 Auditor ditis Systeme The Security Company Carl-Schwenk-Str. 4-6 D-89522 Heidenheim Phone: +49 7321 91770 E-Mail: rolf.strehle@ditis.de Ein Unternehmen des Voith Konzerns

Scope of IT Security Global Voith IT Organisation Regional Support Center IT-Point Locations (example) VOIN Wilson VOIS Heidenheim VOIE St. Pölten VOIC Shanghai 3 Troopers08 Self Defending Networks 23.04.2008 VOIL Sao Paulo VOI VOII Hyderabad VOIS VOIE VOIN VOIL VOII VOIC West Europe East Europe North America South America India China VOHI ditis app. 62 M Revenue app. 320 Employees Virtual entity Legal entity Profit Center Cost Center

Self defending networks What and Why 4 Troopers08 Self Defending Networks 23.04.2008 Cisco: Self Defending Networks Network Admission Control (NAC) Microsoft: Network Access Protection (NAP) Source: Cisco

Self defending networks Goals of NAC Because NAC represents an emerging category of security products, its definition is both evolving and controversial. The overarching goals of the concept can be distilled to: Mitigation of zero-day attacks The key value proposition of NAC solutions is the ability to prevent end-stations that lack antivirus, patches, or host intrusion prevention software from accessing the network and placing other computers at risk of cross-contamination of network worms. 5 Troopers08 Self Defending Networks 23.04.2008 Policy enforcement NAC solutions allow network operators to define policies, such as the types of computers or roles of users allowed to access areas of the network, and enforce them in switches, routers, and network middleboxes. Identity and access management Where conventional IP networks enforce access policies in terms of IP addresses, NAC environments attempt to do so based on authenticated user identities, at least for user end-stations such as laptops and desktop computers. Source: Wikipedia

Self defending networks Concepts Pre-admission and post-admission There are two prevailing design philosophies in NAC, based on whether policies are enforced before or after endstations gain access to the network. In the former case, called pre-admission NAC, end-stations are inspected prior to being allowed on the network. A typical use case of pre-admission NAC would be to prevent clients with out-of-date antivirus signatures from talking to sensitive servers. Alternatively, post-admission NAC makes enforcement decisions based on user actions, after those users have been provided with access to the network. Agent versus agentless The fundamental idea behind NAC is to allow the network to make access control decisions based on intelligence about end-systems, so the manner in which the network is informed about end-systems is a key design decision. A key difference among NAC systems is whether they require agent software to report end-system characteristics, or whether they use scanning and network inventory techniques to discern those characteristics remotely. 6 Troopers08 Self Defending Networks 23.04.2008 Out-of-band versus inline In some out-of-band systems, agents are distributed on end-stations and report information to a central console, which in turn can control switches to enforce policy. In contrast the inline solutions can be single-box solutions which act as internal firewalls for access-layer networks and enforce the policy. Out-of-band solutions have the advantage of reusing existing infrastructure; inline products can be easier to deploy on new networks, and may provide more advanced network enforcement capabilities, because they are directly in control of individual packets on the wire. However, there are products that are agentless, and have both the inherent advantages of easier, less risky out-ofband deployment, but use techniques to provide inline effectiveness for non-compliant devices, where enforcement is required. Remediation, quarantine and captive portals Network operators deploy NAC products with the expectation that some legitimate clients will be denied access to the network (if users never had out-of-date patch levels, NAC would be unnecessary). Because of this, NAC solutions require a mechanism to remediate the end-user problems that deny them access.

Self defending networks Standards? 7 Troopers08 Self Defending Networks 23.04.2008 Cisco NAC and Microsoft NAP Interoperability Architecture

Self defending networks Best Practise @ Voith We do not use NAC As for today, there are a lot of good reasons not to rely on self defending networks: Expensive Incompatible Complex No mature technology The real thread is elsewhere (Social Engineering) We do defend our own network We use the combination of existing and proven technologies to defend our worldwide corporate network. 8 Troopers08 Self Defending Networks 23.04.2008 We enable people to think IT security The most complex thread is people so we have to enable our own staff to face this reality.. So how do we achieve this?

IT Security Overview 3 Tier Security Model IT Security Organisation Group Directive 01/03 Security Processes 9 Troopers08 Self Defending Networks 23.04.2008 Voith CERT Compliance ISO 27001 BDSG other national regulations IT Security Management Incident Management Change Management Systems Monitoring Security Audits Risk Management Awareness Technical Basis VOI Security Toolbox IT-Security Infrastructure ISMS Portal Security Portal Vulnerability Scanner

IT Security Technical Basis Voith Security Toolbox User Process 101 010 010 10 Troopers08 Self Defending Networks 23.04.2008 Group Directive 01/03 ISO 27001 IT-Risk Management Secure Communication Tools VOI E-Mail Security (PGP, S/Mime), Secure Data Exchange Portal SFTP, SAP-cFolders, Anomaly Detection System, Citrix Secure Gateway, Secure-Web Applications (Reverse Proxy), V-Key, VPN Secure Data Storage Tools VOIS File Security, File Encryption (PGP), Digital Rights Management, Notebook-Security (SafeGuard), CD-Encryption, USB-Stick with Fingerprint, PDA File-Encryption Basic Security Tools Firewall, SPAM-Filter, Anti-Virus, Web-Content Filer, WLAN-Encryption, VPN PSIP, ISMS Secure Administration, Anomaly-Detection-System, Public Key Infrastructure (PKI) Use on demand Implicit

IT Security Technical Basis Voith Anomaly Detector 11 Troopers08 Self Defending Networks 23.04.2008 Technology: OpenSource (Voith development)

IT Security Technical Basis Voith Monitoring Tool Monitoring Team 12 Troopers08 Self Defending Networks 23.04.2008

IT Security Technical Basis Voith Monitoring Tool Monitoring Team 13 Troopers08 Self Defending Networks 23.04.2008

IT Security Technical Basis Secure Communication Access Management Zugangs- Methode Authentifizierung Zugangsart Technik 14 Troopers08 Self Defending Networks 23.04.2008

IT Security Technical Basis Secure Data Storage Data Leakage Prevention 15 Troopers08 Self Defending Networks 23.04.2008

IT Security Overview Security Processes IT Security Organisation Group Directive 01/03 Security Processes 16 Troopers08 Self Defending Networks 23.04.2008 Voith CERT Legal Compliance ISO 27001 BDSG other national regulations IT Security Management Incident Management Change Management Systems Monitoring Security Audits Risk Management Technical Basis VOI Security Toolbox IT-Security Infrastructure ISMS Portal Security Portal Vulnerability Scanner

IT Security Processes Vulnerability Management Goal: Solution: Proactive health check of all network components in the Voith corporate net Vulnerability Scanning and Reporting 17 Troopers08 Self Defending Networks 23.04.2008 Regular network scan (appliance based) Regular password quality scan (AD based) Integration in existing ITIL and ITSM processes - Monthly Reporting - Central Monitoring inside IT Security Team Technology: Qualys, Nessus CERT

IT Security Processes Global Monitoring Global Support 18 Troopers08 Self Defending Networks 23.04.2008 24x7 hours monitoring in own global support organisation Incident management and trouble shooting Pro-active management of defined SLA s

IT Security Processes Awareness Campaign 19 Troopers08 Self Defending Networks 23.04.2008

Conclusion We have implemented a solid Security Basis for Voith IT worldwide We have a basic security framework in place (IT-Risk Management and ISMS according to ISO 27001) We have a very comprehensive Security Toolkit to support the business processes of our customers 20 Troopers08 Self Defending Networks 23.04.2008 The main task is to implement the toolkit and organizational directives in the business processes of our customers We do not trust self defending networks we defend our network! Security knowledge is very complex and rapidly changing, therefore we share the knowledge with other companies by outsourcing to www.ditis.de

Thank you! 21 Troopers08 Self Defending Networks 23.04.2008

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information