Secure Networks Solutions Henrique Amaro
Problemas com as redes actuais As ameaças nos dias de hoje Evolução dos mecanismos de segurança Secure Networks
Problema 1. Mobilidade de utilizadores! Mover um utilizador implica tarefas complexas de reconfiguração CORE User Rosette Patch Panel Card or Battery Physical Port VLAN Priority
Problema 1. Mobilidade de Utilizadores! Adicionalmente, os utilizadores podem ter várias formas de acesso. Wireless VPN VPN CORE Ethernet
Problema 2. Segurança! Qualquer utilizador pode gerar qualquer tipo de tráfego e aplicações TELNET SNMP TFTP FTP Peer to Peer CORE
Problema 3. Disponibilidade Quem utiliza a rede? Guests Employees External Services CORE Consultants Auditors
Problemas com as redes actuais As ameaças nos dias de hoje Evolução dos mecanismos de segurança Secure Networks
O desafio da gestão de Segurança 2001 Code Red 2003 SQL Slammer Propagação taxa / hora 1.8 hosts 420 hosts Período para duplicar o número de PCs infectados 37 min 8.5 seg Período para infectar todos os ALVOS 24 horas 30 Minutos
Convergence Threats are Accelerating 250% increase in IM Threats IMlogic Threat Center reports that the quantity of instant messaging threats increased 250 percent in the first quarter of 2005, compared with the same period last year. IM threats have grown by a 271 percent this year. ZDNet News: April 5, 2005 Symbian bugged by Mosquito bite Users of mobile phones running the Symbian operating system are vulnerable to a Trojan contained in an illegally adapted version of the Mosquitos game, Symbian said Thursday. IDG News Service, 08/13/04 IP Phone conversation emailed The Vomit utility converts a Cisco IP phone conversation into a wave file that can be played with ordinary sound players and emailed to others. Vomit requires a tcpdump output file. Virus.org January 2004 The next virus threat: IP telephony Vendors have long recognized the potential for attacks via IP telephony networks. "Voice networks are juicy targets for hackers with ulterior motives," notes in a white paper on the topic. "The main issue with voice networks today is that they are generally wide open and require little or no authentication to gain access." By Angus Kidman, ZDNet Australia 18 June 2004
Problemas com as redes actuais As ameaças nos dias de hoje Evolução dos mecanismos de segurança Secure Networks
Redes Seguras Número de nós protegidos Nº de Utilizadores Nº de VLANS Escr. Remotos Nº DMZs NIVEL 1 FW NIVEL 1+ VPN + FW NIVEL 2 ACLs Router LAN NIVEL 3 Redes Personalizadas
Problemas com as redes actuais As ameaças nos dias de hoje Evolução dos mecanismos de segurança Secure Networks
Serviços de identificação Secure Networks Mapeamento de um Utilizador a uma Política Autenticação e associação com regras Disponibilidade Capacidade de idenfificar os serviços e aplicações mais importantes Esquema de prioridades por serviço e aplicação Segurança e controlo de aplicações Recursos alinhados com a Organização Alocação dinâmica de politicas Elimina a má utilização de serviços Identificação de Eventos Integração com sistema IPS / IDS Politicas de segurança em função das caracteristicas dos eventos
Secure Application Provisioning How Does it Work? Role-Based application provisioning policy definition using NetSight Atlas Policy Manager Policy distributed to network accessible points and server distribution points Sales Guest NetSight Atlas V2 Staff XSR1850 XSR3020 XSR1805 VPN XSR 3250 CORE X-Pedition ER-16 RADIUS Server DATA CENTER Engineer EDGE DISTRIBUTION
Secure Application Provisioning How Does it Work? User-Based authentication Access Control and Role- Based policy assignment based upon user to Role matching Guest NetSight Atlas V2 Staff XSR1850 XSR3020 XSR1805 VPN RADIUS Client to Server Authentication Client Authentication: - 802.1X (EAP) - Web-Based -MAC-Based XSR 3250 CORE Engineer EDGE X-Pedition ER-16 RADIUS Server DATA CENTER Access Control & Filter-ID DISTRIBUTION Attribute with Role Assignment
Secure Application Provisioning How Does it Work? Application usage policy Rules applied to traffic from authenticated end user based upon the identified organizational Role Guest NetSight Atlas V2 Staff XSR1850 XSR3020 XSR1805 VPN SAP Email HTTP SNMP Filtered High Priority Low Priority Rate Limited XSR 3250 CORE Video Voice Filtered Highest Priority & Rate Limited X-Pedition ER-16 RADIUS Server DATA CENTER Engineer EDGE DISTRIBUTION
Dynamic Intrusion Response A Secure Networks Solution Centrally administered network usage policy Acceptable Use Policy Organizational security and resource usage policy Threat Containment Strategy Pre-defined highly secure policy Role ( Quarantine ) Configurable for appropriate minimal services Threat Detection Dragon Intrusion Detection System Shared event log identifying threat Location Services NetSight Atlas Compass source location tool Automated Response Pre-defined custom response (NetSight Atlas Intrusion Response Manager ) Automated assignment of Containment policy ( Quarantine ) to located threat source
Dynamic Intrusion Response How Does it Work? Quarantine policy Role centrally configured with NetSight Atlas Policy Manager (Role contains restrictive security policy to limit network resource exposure) Policy distributed to network accessible points and server distribution points Sales Guest Quarantine Role - No Access to Business Services - No Access to Other Users - Highly Restricted Web Access - Security Scanning of Client System NetSight Atlas V2 XSR1805 Staff XSR1850 VPN XSR3020 XSR 3250 CORE X-Pedition ER-16 Dragon IDS RADIUS Server DATA CENTER Engineer EDGE DISTRIBUTION
Dynamic Intrusion Response How Does it Work? Network intrusion detected with Dragon IDS Quarantine Role - No Access to Business Services - No Access to Other Users - Highly Restricted Web Access - Security Scanning of Client System Intrusion event information dynamically sent to NetSight Atlas Console management platform Guest NetSight Atlas Staff V2 Sales XSR1850 XSR3020 XSR1805 VPN XSR 3250 CORE Hacker Dragon IDS X-Pedition ER-16 RADIUS Server DATA CENTER Engineer EDGE DISTRIBUTION
Dynamic Intrusion Response How Does it Work? Intruder location services launched from NetSight Atlas Console upon arrival of event information from Dragon Source of intrusion determined Sales Guest Quarantine Role - No Access to Business Services - No Access to Other Users - Highly Restricted Web Access - Security Scanning of Client System NetSight Atlas V2 Staff XSR1850 XSR3020 XSR1805 VPN XSR 3250 CORE Hacker Engineer EDGE X-Pedition ER-16 DISTRIBUTION Dragon IDS RADIUS Server DATA CENTER
Dynamic Intrusion Response How Does it Work? User causing security event is quarantined by the dynamic application of the Quarantine Policy Role to the network access port where the user is connected Guest Quarantine Role - No Access to Business Services - No Access to Other Users - Highly Restricted Web Access - Security Scanning of Client System NetSight Atlas Staff V2 Sales XSR1850 XSR3020 XSR1805 VPN XSR 3250 CORE Hacker Dragon IDS X-Pedition ER-16 RADIUS Server DATA CENTER Engineer EDGE DISTRIBUTION
Network Diagram Example Core Secure Data Center Distribution VLAN to Policy Mapping Edge Application Provisioning Access Wired Matrix X Core Router Matrix N-Series RoamAbout Wireless IMS Server, Host IDS Media Server, Host IDS Dragon C2 Stackable C2 Multi User Authentication Video Server, Host IDS VPN Wireless IP-PBX, Host IDS Regional Office Branch Office NetSight Dragon XSR XSR DIR XSR RoamAbout Wireless RoamAbout Wireless N1 with DFE blade
FIM!!