Security

1
Security Trustworthy Computing

• Ralf M. Schnell
• Senior Operations Analyst

2
The IT Connectivity Evolution
IntellectualProperty Theft
UnauthorizedAccess
Intrusions
Internet
Home LANs
Criminal use of Online Services
E-mail gateways
PPTP/RAS Servers
Remote Users
Proxies
Direct Taps
Labs
Corporate Network Remote Sites
InternetData Centers
Campus
SPAM
Virus
Denial ofService
Malicious Code
3
What is Trustworthy Computing?

• 4 Pillars
• Security
• Privacy
• Reliability
• Business Integrity

4
Trustworthy Computing
Mitigate risk to the infrastructure through
implementation of four key strategies.
5
Enterprise Security Model
High
Security delivers initiatives, strategies,
services, or processes above the risk tolerance
level
Risk
Companies will assume some risk
Pre- 9/11 Risk Tolerance
Post-9/11 Risk Tolerance
Low
Asset Value
Low
High
Information
People
Property
(Clients, Data Servers, Infrastructure Servers,
Corp Network)
(Vendors, Employees, Key Executives)
(Tangible/Replaceable)
6
Virus

• General guidelines for protection against viruses
  include the following
• Educate users about the ways they can avoid
  introducing a virus on the network.
• Implement a multi-layered antivirus strategy.
• Install antivirus software on gateways, servers,
  and desktop computers.
• Use content scanners that work with gateway
  antivirus software. Content scanners can be
  configured to stop malicious file types at the
  perimeter.
• Ensure that all users use strong passwords and
  have up-to-date antivirus software and patches
  installed on their computers.
• Patch servers.
• Ensure that Internet-only computers do not
  connect to the corporate network.
• Secure Network Interior !!!
• Have an effective incident response plan.

7
Remote Access

• Threats
• malicious users
• malicious software
• Three approaches were identified
• Malicious users ? implement two factor user
  authentication
• Counter Threats ? implement configuration checks
• Provide alternative access for employee data used
  most frequently

8
Secure Remote User

• Unmanaged and unsecured computers connecting
  remotely to the Corpnet can compromise
  Microsofts overall network security

• All computers connecting remotely to the Corpnet
  must
• Use Windows XP with Internet Connection Firewall
  turned on
• Use Smart Cards for strong 2 factor
  authentication
• Use ITG Connection Manager to connect to the
  Corpnet
• Have the latest ITG-approved anti-virus software
  installed
• Have all ITG-required software patches installed

9
RAS Architecture
10
Logon Process
11
Logon Process
12
Products and Technologies

• Microsoft Windows Server 2003
• Certificate Services, Public Key Infrastructure
  (PKI) security,
• Cryptographic Service Provider (CSP),
• Extensible Authentication Protocol/Transport
  Layer Security (EAP/TLS)
• Remote Access Policy (RAP)
• RAS Quarantine service (RQS)
• Routing and Remote Access Service (RRAS)
• Internet Authentication Service (IAS)
• Microsoft Windows XP Professional
• Windows XP Professional Connection Manager
• Connection Manager Administration Kit (CMAK)
• The Active Directory directory service

13
Deployment Challenges

• Dispersed Employees
• Mobile users
• Device issues
• Home computers
• Product evolution
• RQS requires Windows Server 2003 RRAS and IAS
  (Radius) Servers

14
Secure Wireless Access

• Wireless network was based on shared WEP key
  which can be easily compromised for unauthorized
  access to Corpnet

• Disable the shared WEP key globally
• Upgrade firmware in existing access points to
  support 802.1x
• Uniquely authenticate each wireless user to the
  wireless network
• Uniquely authenticate each wireless device to the
  wireless network
• Create security policy that prohibits the use of
  rogue access points

15
Microsoft WLAN Technologies

• IEEE 802.11b
• IEEE 802.1X
• EAP-TLS Authentication
• RADIUS
• Active Directory
• Certificates

16
Recommendations and Best Practices

• Security
• PKI
• Wireless APs
• Wireless Network Adapters
• Active Directory
• RADIUS
• Performance
• Scalability

17
Extranet and Partner Connections

• EVN Retirement/Migration/Remediation
• Objective Board EVN services in the Extranet
• Eliminate Direct Vendor Connections
• Objective Secure existing connections and
  implement scan process
• External Security Audits
• Objective Audit partner space
• Partner Space Account Security and Smart Cards
  for Admins
• Objective Mitigate the security risks
  associated with accounts issued to partners and
  admin accounts in the partner space

18
Network Segmentation

• Unmanaged machines co-exist with managed machines
  on our network. Unmanaged machines increase
  exposure of managed assets to attacks and
  increase recovery time.

• Identify and segment managed assets from
  unmanaged assets
• SecureNet Subset of Corpnet that contains
  managed assets
• Use IPSec as a cost-effective, manageable, and
  scalable technology to segment the SecureNet from
  unmanaged machines

19
Network Intrusion Detection

• Monitoring and identifying network and host based
  intrusions to be able respond to them in an
  efficient and effective manner
• Gather and store evidence to help identify
  attackers take action

• Deploy a dual-layered intrusion detection system
• NIDS The external layer, monitors attacks from
  outside the network
• HIDS The internal layer detects and alerts to
  an outer shell breach

20
Thank You