Fundamentals of Internet Security

1

• Fundamentals of Internet Security
• VPN Conclusion
• Presented by Neil A. Rosenberg
• President CEO
• Quality Technology Solutions, Inc.

2
What is Computer Security?

• Intrusion Detection/Response?
• Confidentiality Protection Encryption?
• Single Sign-On?
• Network Firewall Configuration?
• Training Awareness?
• Secure Email?
• Virus Protection?
• Access Control?
• Electronic Records Management?
• eBusiness?
• Remote Access?
• Virtual Private Networks?
• Certificate Management?

• Identification Authentication?
• Packet Filters?
• Vulnerability Reduction?
• Disaster Recovery?
• Denial of Service Attacks?
• Risk Assessment?
• Quality of Service?
• Network Directory Service?
• Audits/Reviews?
• Policy-Based Management?
• Secure Messaging and Collaboration?
• Authentication Digital Identity

3
Content Management
MultiFactor Authentication
Penetration Attack Testing
Desktop IDS
Digital Certificates
Single Sign-On
Security Audit
Host IDS
Malicious Code
Strong Authentication
Network IDS
Directory LDAP
Antivirus
Security Policy
VPN
FIREWALL
4
Security is a Complete System,not a product

• Requires objectives and clear focus

5
Firewall

• Control inbound and outbound access
• Log traffic
• Deter and block attacks
• Generate alarms

6
Intrusion Detection

• Hackers
• Crackers
• Denial of Service, DDOS attacks
• Protection versus Internal External Attacks and
  Threats

7
VPN

• Authentication
• Encryption
• Client to Site
• Site to Site
• Extranet

8
Authentication Identity

• Passwords
• Tokens
• Biometrics Multifactor Authentication
• Digital Certificates
• SSL
• Directories LDAP
• Single Sign-On

9
Bandwidth Management

• Control prioritization of data through the pipe
• Assess needs for additional bandwidth
• Track and Enforce SLAs

10
Content Management

• Viruses
• Vandals (Java, ActiveX)
• Worms
• Trojan Horses
• Scripts

11
VPN Authentication Best Practices
12
Define Business Objectives

• Define Remote Access Needs specifically
• Define key applications and data access
• Define Goals cost reduction? user empowerment?

13
Management

• Get buy-in on objectives
• Get input on security versus access trade-off, in
  advance on a scale of 1-10, with 1 being most
  access, least secure, and 10 being minimal
  access, most secure, where should we be?
• Develop get sign-off on security policy

14
Keep It Simple

• Centralize Management
• Integrate Directories Authentication Leverage
  Your Directory!
• Seamless User Experience
• Minimize client side deployment of software
  (intrusiveness, licensing fees)

15
Leverage the Directory!

• LDAP
• RADIUS
• Manage one set of passwords please!

16
Client Side Setup

• Use Personal Firewall to defend at all
  vulnerability points, and lock down if not
• Standardize client install process (cookbook) and
  deploy with CD/diskettes with all required files
  (or from web server)
• Schedule Installation Appointments to proactively
  manage client PC setup issues

17
General Issues

• Ensure private addresses are non-conflicting
• Control synchronization (Domain, etc.) and
  similar traffic over low bandwidth lines
• Implement bandwidth management
• Dont span the WAN design similarly
• Centralize Management of VPN, remote resources
• Use NFuse and RSA ACE Server for browser based
  authentication access from non-VPN (Internet
  terminals)

18
Authentication

• Define and enforce password rules and changes
• Implement single sign-on solution to minimize
  passwords users need to track each one is a
  vulnerability
• Implement Strong Authentication (token,
  certificate, smart card, biometrics) or Graded,
  Multifactor Authentication

19
Web Server Security

• Lock Down IIS numerous TIDs, or have us audit
• Use SSL to encrypt
• If eCommerce, purchase Digital Certificates from
  a trusted CA
• Only open necessary comm ports from web server(s)
  back to the internal network

20
Secure Network Design
21
Best Practice Network Security Implementation

• Strong authentication for all users not weak
  passwords!
• Multi-layer security perimeters to restrict
  access
• Intrusion Detection to analyze traffic in
  critical areas
• VPNs to cost-effectively extend connectivity and
  ensure data privacy
• Periodic network risk assessments
• On-going policy development and training
• Antivirus solution and strong email security
  policy

22
Next Steps

• Do you have an information security plan for your
  business?
• Has that plan been communicated, implemented and
  tested?
• Do you have professional staff capable of
  managing and monitoring security?
• Do you need outside help?

23
For More Information

• www.QTSnet.com/security
• www.checkpoint.com
• Xforce.iss.net
• www.microsoft.com/security
• www.novell.com/info/security
• securityfocus.com
• www.cert.org
• www.sans.org
• www.securityportal.com
• razor.bindview.com

24
Upcoming Events

• Tuesday, Oct 23rd MetaFrame XP
• Thursday, Nov 15th Fundamentals of Internet
  Security Part III Bandwidth Management and
  Content Management (with Aladdin)
• Tuesday, November 20th Introduction to PKI and
  Digital Certificates (with RSA)

25
Questions AnswersNeil RosenbergQuality
Technology Solutions, Inc.76 South Orange
AvenueSouth Orange, NJ 07079(973)761-5400
x230Fax (973)761-1881nrosenberg_at_QTSnet.com www.Q
TSnet.com