Transcript Virtual Media Technologies

Internet Security…
…In The
Broadband Age
S45 – Marvin Christensen
Introduction
• Broadband Usage is Increasing
• Security Issues Associated With Broadband are
Becoming Clearer and More Complex
• Organizations Can Recognize Significant Savings
in Cost and Improved Efficiencies Through
Broadband Usage
• Security Costs Associated With Broadband May
Increase
• Objective: Reach An Acceptable Balance of
Security Costs Vs Business Benefits
2
S45 – Marvin Christensen
Agenda
• State of Security – Putting Broadband in Context
• Define Broadband Security Views
• Review Broadband Security Threats
• Means of Addressing Broadband Security Risks
• Looking Towards the Future for Broadband
Security
3
S45 – Marvin Christensen
The State of Security
4
S45 – Marvin Christensen
Widening Security Gap
10.8 million
Business Internet
Connections
The Security Gap:
Over 8.9 Million
Unprotected
Connections as of
Q2-2000
1.9 million Firewalls
Installed
Source: IDC
5
S45 – Marvin Christensen
Broadband Security Views
• Corporate Supported End Users
- Dedicated connection – 24x7 always on
- Multiple, consecutive connections
- Non-corporate computing assets outside the
organization
- Shared Network Resources
• Providers
- Liability and performance expectations
- Customer specific requirements
- Customer retention
6
S45 – Marvin Christensen
Common Broadband Threats
• Malicious logic – virus, trojan
• Active content
• Targeted attacks
• Collateral damage – site used as launch
point for attack on end victim
• Internal threat
- Intentional: malicious users or tech-savvy users
who don’t respect the boundaries of their
knowledge or privileges
- Technology services and solutions that aren’t
prepared or qualified to address non-traditional
technical vulnerabilities
7
S45 – Marvin Christensen
Security Approach Benefits
• Deny unauthorized access
• Deny or permit appropriate network
services and traffic
• Provide secure connections for on-site
and remote access (Virtual Private
Networks)
8
S45 – Marvin Christensen
Approaches to Broadband Security
• Application level security (Software)
• Network level solutions (Architecture)
• Security appliances
• Outsourced solutions
9
S45 – Marvin Christensen
Application Level Solutions
• Application level security solutions protect
specific server applications on your network.
• Application servers can be vulnerable to security
threats such as viruses and hacks.
• Company’s must maintain support contracts,
software subscriptions and be cognizant of
version upgrades to the software.
• Example of Application level security solution:
- Virus protection for your Exchange server
- Personal Firewall
- Applications with Built-in-Security
10
S45 – Marvin Christensen
Network Level Solutions
• Transport Security Level
- Allows users to access data securely
- Reliable connection
• Client side and lends itself to remote & mobile
users
• Examples include: VPN, SSL, IPSec, ssh
• Requires Authentication
- SecurID
- SafeWord
- Client side certificates
11
S45 – Marvin Christensen
Security Appliances
• Dedicated devices that provide front-line
protection and security features
• Multiple IP’s can share one visible IP address
- Network Address Translation
- DHCP
• Firewall security and control
• Stateful packet inspection and denial-of-service
protection
12
S45 – Marvin Christensen
Outsourced Solutions
• 24x7 Monitoring and Management by Security
Professionals
• Immediate Notification Upon Incident
• On-line reporting allows access to data and
information from the security devices. Reports
are generated and are presentable to Senior
Management
• Periodic Vulnerability Assessments to Maintain
Security
• 24x7 Access to Security Professionals
13
S45 – Marvin Christensen
Comprehensive Solution Includes…
• Virus Protection
• Firewall
• Content Filtering
• Monitoring
• Management
• Auditing for compliance
14
S45 – Marvin Christensen
Virtual Private Networks (VPN)
• Virtual Private Networks are a subset of
security.
• Security solutions should also provide VPN
capability for:
- Secure remote access to corporate
network.
- Communicate with business partners.
- Increase the span of the corporate
network.
15
S45 – Marvin Christensen
CPE Based Managed Security
T1
16
S45 – Marvin Christensen
The Next Generation- Network
• Centralized vs. distributed internet
security
• Implemented in the provider network, not
at end user.
• Full suite of managed security services
• Targeted toward the < 50 users network
• High-volume / High scalability
17
S45 – Marvin Christensen
Network Based Managed Security
18
S45 – Marvin Christensen
Enhanced IP Services Via the Public Internet
Public
IP
Network
Public
IP
Network
SP 2
SP 1
Business
Network based services
leverage high density
subscriber aggregation
for lower costs
Public
IP
Network
SP N
Network Based Managed Services
In contrast, CPE based
services require a truck roll
“ADD and DROP” type of
capability
19
Firewall
VPN
Bandwidth
Manager
Content
Filtering
$ / mo
$$ / mo
$ / mo
$ / mo
S45 – Marvin Christensen
Where Do You Turn?
• Look at what you really want to accomplish.
• How much are you willing to spend?
• Who’s going to implement and run it?
• Ask your connectivity provider.
20
S45 – Marvin Christensen
Balance
• Utopia vs. Reality
• Today vs. The Future
• What about the future?
- Everyone Always On
- Digital divide (remote areas lagging in service)
- Business vs. Home
- CPE Solutions vs. Network Solutions
• Data at Rest vs. Traffic Hacking
21
S45 – Marvin Christensen
Conclusion
• Security is a fast growing industry.
• More users, more complexity means more
threats.
• Security involves more than just a firewall.
• VPNs are a subset of security.
• Network based security will become
mainstream.
• Outsourcing security solutions saves money
and time.
22
S45 – Marvin Christensen
Questions
23
S45 – Marvin Christensen