Endpoint Security Endpoint Security Summit Seattle, Washington

1
Endpoint SecurityEndpoint Security Summit
Seattle, Washington
David Ferre DFerre_at_Novell.com Senior Product
Manager Endpoint Security and Network Access
Control October 21, 2008
2
Presentation Structure

• Section 1 Introduction
• Section 2 Endpoint Threats and Protection
• Section 3 Functionality and Added Value
• Section 4 Conclusion
• Section 5 Question and Answer

3
Section 1 Introduction
4
Todays Computing Environment

• The workforce has become mobile
• At the enterprise level, laptops have surpassed
  desktop deployments
• Wireless NICs are standard on new PCs and
  wireless networks have proliferated
• Mobility increases productivity and agility

• What is the key requirement to enable mobility?
• Remote access to data, which can be either
  locally stored or accessed via the Internet

• A Polar Relationship
• Increased agility and productivity requires
  moving data to the endpoint or providing remote
  access to the data, which increases risks and
  their associated costs.

5
Mobility Considerations

• Enabling safe mobile computing for your
  organizaiton's users and devices
• Secure access/communications (VPN usage,
  wireless, inbound connection attempts, Bluetooth,
  IrDA, USB, etc.)?
• Secure data (encryption, removable storage
  devices, CD/DVD, floppy drives)?
• Secure settings/states (Antivirus/spyware,
  patches)?
• Controlling users and devices accessing your
  organization's infrastructure
• Who/what can access the network
• Defined requirements, testing, and isolation

6
Problem Statement

• An organization's endpoint security policy needs
  to address seven key functional areas

Source IDC report Market Analysis - Worldwide
IT Security Software, Hardware, and Services
2006-2010 Forecast The Big Picture
7
Feature Considerations

• Antivirus/spyware
• Personal Firewall and Host Intrusion Prevention
• Wireless security (organization's infrastructure
  vs. mobile/remote)?
• VPN enforcement
• Host based firewall (NDIS, TDI, port/protocol
  rules, ACLs)?
• Communications port control (1394, IrDA,
  Bluetooth, serial/parallel)?
• Application control
• USB security
• Hardware device control
• Storage control (removable storage, CD/DVD,
  floppy, AutoPlay/AutoRun)?
• Data encryption
• Data at rest
• Data in motion
• Standard operating environment
• Integrity and remediation
• Patch management
• Network Access Control

8
IT Threats
9
Business Objectives
10
Goals

• Enable safe mobile computing
• Control access to the organization's
  infrastructure
• Compliance requirements (internal and
  regulatory)?
• Understand the risks and exposures
• Define and enforce best practice methodology to
  mitigate risk
• Leverage existing vendor relationships,
  solutions, and centralize/minimize management and
  TCO

11
Regulatory Requirements

• PCI, HIPAA, SOX, internal security policies
• Ensure data protection and integrity
• Customer data and intellectual property
• Key considerations
• Firewall
• Antivirus/spyware and patches up to date
• Don't use vendor supplied defaults for passwords,
  etc.
• Vulnerability management
• Access control (data and network)?
• Monitoring and testing
• Security policy for employees and contractors

12
Data Breach Sources2007
13
Best Practice Considerations

• Protect data on lost or stolen equipment
• Protect data shared with third parties
• Protect against malicious insiders
• Prevent hacking of the endpoint
• Extend protection outside of the office
• Ensure system health/up time

14
Section 2 Threats and Protection
15
Threat 1

• Breach Source(s) Lost or stolen equipment
• Threat(s) Lost or stolen laptop
• Considerations
• Full Disk Encryption
• BIOS password and prevent alternate boot methods
  (Linux EBCD)?
• Remote wipe
• Conclusion
• Largest single breach source (49) is mitigated
• Regulatory requirements Data is not accessible,
  protected customer records/intellectual property,
  no notification requirements (high cost)?

16
Threat 2

• Breach Source(s) Lost or stolen equipment
  (removable storage devices), lost or stolen files
  used by third parties, malicious insiders
• Threat(s) Lost or stolen thumb drive, lost or
  stolen files
• Considerations
• Encrypt data in motion, such as removable storage
• Encryption by password for file sharing with
  outside resources
• Reports/alerts on data flow (storage, email,
  network)?
• Least privilege (storage device access for
  removable storage, CD/DVD, network access) to
  prevent access or enforce read-only access, white
  listing and device controls
• Conclusion
• Significant risk from lost/stolen equipment,
  third party file sharing, and malicious insiders

17
Threat 3

• Breach Source(s) Hacked electronic systems
• Threat(s) Thumbsucking and pod slurping
• Considerations
• Thumb sucking and pod slurping.
• Disable/read-only removable storage to prevent
  automated threats
• White list/preferred devices
• Disable AutoPlay/AutoRun
• Encrypt data as it is written to devices
• Conclusion
• Address breaches from automated threats and also
  control users having uncontrolled access to
  removable storage devices

18
Threat 4

• Breach Source(s) Hacked electronic systems
• Threat(s) Man-in-the-middle attacks, ARP
  spoofing, eavesdropping, evil twin attacks,
  conference room data ports
• Considerations
• Spoofing techniques such as ARP poisoning or DNS
  spoofing
• Firewall enforcement to prevent protocol level
  attacks
• Require and enforce VPN usage. Data could still
  be eavesdropped, etc. but medium in encapsulated
  and encrypted
• Wireless controls to prevent accidental
  association, evil twin attacks, backdoor access
  to networks
• 802.1X authentication (wired and wireless) and
  Network Access Control (pre- 802.1X deployment)?
• Conclusion
• Prevent attempts of poisoning or spoofing. Since
  the entire network path is never secure, ensure
  data is encrypted with VPN (traditional or SSL)?

19
Threat 5

• Breach Source(s) Malicious code
• Threat(s) AV is not installed, not running, or
  not up to date. Patches or service pack levels
  are not up to date.
• Considerations
• Integrity tests need to extend to the
  organization's users and devices when remote or
  mobile
• Integrity tests for all devices accessing the
  organization's infrastructure
• Conclusion
• Ensure system health and up time by enforcing
  required applications are installed, running, and
  up to date and patches/service packs are at
  required levels. Extend protection for mobility
  and check access when devices connect to the
  infrastructure

20
Section 3 Functionality and Added Value
21
Functionality and Added Value

• Centralized management and control
• Single agent/single console
• Leverage existing directory services
• Reporting
• Client self defense to prevent circumvention
• Emergency access control
• No server required
• Time/user specific, one time overrides

22
Network Access Control Components
23
Other NAC Considerations

• Testing approaches
• Agents (light weight versus heavy agent)?
• Dissolvable
• Agentless (Nessus versus interrogation)?
• Enforcement options
• 802.1X
• DHCP
• In line
• ARP
• Frameworks
• Cisco Network Admission Control
• Microsoft NAP
• TCG/TNC
• Heterogeneous infrastructures (complete coverage
  for infrastructures and OSes)?
• Phased rollouts (reporting only and reporting per
  test/grace periods)?

24
Section 4 Conclusion
25
Conclusions

• Organization's need to consider multiple
  functional areas when they develop their security
  policies
• Compliance with external and internal regulatory
  standards
• Enable a mobile workforce to maximize agility and
  productivity, but need to consider security
  implications
• Adopt, execute, and require best practices
• Convergence of management and security extend
  management outside of the office and assure
  compliance with enforcement
• Reduce administrative overhead with central
  policy definitions, consolidated solutions, and
  adopt a standard operating environment

26
Section 5 Question and Answer
27
(No Transcript)
28
Unpublished Work of Novell, Inc. All Rights
Reserved. This work is an unpublished work and
contains confidential, proprietary, and trade
secret information of Novell, Inc. Access to this
work is restricted to Novell employees who have a
need to know to perform tasks within the scope of
their assignments. No part of this work may be
practiced, performed, copied, distributed,
revised, modified, translated, abridged,
condensed, expanded, collected, or adapted
without the prior written consent of Novell, Inc.
Any use or exploitation of this work without
authorization could subject the perpetrator to
criminal and civil liability. General
Disclaimer This document is not to be construed
as a promise by any participating company to
develop, deliver, or market a product. It is not
a commitment to deliver any material, code, or
functionality, and should not be relied upon in
making purchasing decisions. Novell, Inc. makes
no representations or warranties with respect to
the contents of this document, and specifically
disclaims any express or implied warranties of
merchantability or fitness for any particular
purpose. The development, release, and timing of
features or functionality described for Novell
products remains at the sole discretion of
Novell. Further, Novell, Inc. reserves the right
to revise this document and to make changes to
its content, at any time, without obligation to
notify any person or entity of such revisions or
changes. All Novell marks referenced in this
presentation are trademarks or registered
trademarks of Novell, Inc. in the United States
and other countries. All third-party trademarks
are the property of their respective owners.