Transcript Network Perimeter Defense

Network Perimeter
Defense
Josef Pojsl, [email protected]
Martin Macháček, [email protected]
Trusted Network Solutions, Inc.
tns
Traditional techniques
• IP filtering gateways
• Proxy gateways
• Combinations (defense in depth)
Internal Network
Internet
tns
Perimeter expansion
Increased bandwidth
• Remote offices
• Telecommuters
• Roaming users
• Partners
Technology
• Cryptography
• VPNs
Internal Network
Internet
Internal Network
tns
Role of communication
• Growing dependence
on IT systems
• Paperwork replaced
with electronic data
As a consequence
• Greater potential of
attacks and
vulnerabilities
• Data integrity attacks
• Harder detection
• Automation
• Complexity
Technology
• Cryptography
• Content scaning
• Intrusion detection
• Vulnerability
scanning
tns
Complexity
Internal Network
Internal Network
Firewalls
Intrusion Vulnerability
detection scanner
Content
scanner
Internal Network
VPNs
Internal servers
Internet
Public servers
tns
Risk Assessment
Risk factors
• Worth
• Attraction
• Threat
• Vulnerability
• Probability
Countermeasures
• Prevention
• Detection
• Reaction
High-risk environments: risk factors are
relatively high
tns
Security processes
Every day
• New processes are
being transformed
into electronic forms
• New vulnerabilities
and patches emerge
• Event logs must be
analyzed
• Appropriate actions
must be taken
• Etc.
As a consequence
• Security is a
process
• Services serve
better than products
• Expert teams
specialized in
security are needed
• Some processes
may be (internally)
outsourced
tns
Fighting complexity
Minimalism
Modularity
• Rarely used in
software design
• Unusual parameter
combinations
• Number of
interactions
• Modules are more
easily verifiable
• Well-defined
interfaces between
modules
• Minimal design
• Customization
tns
Event logging
• Full, fine-grained event logs are vital
for detection
• Easy to process, human readable
• Log analysis: statistics, expert
systems, manual
Audit Logs
tns
Open architecture
• Not necessarily open-source
• Source code serves for
–Verification
–Documentation
• No “security through obscurity”
• No “breakthroughs”
• Compliance with open standards
tns
Conclusion
Design principles to follow when building
network security defense in high-risk
environments
Processes,
not solutions
Thorough
audit trails
and log
analysis
Minimalism
Modularity
Open
architecture
Expert
teams
Outsourcing
tns