Joe BudzynJeff Goeke-Smith

Jeff Utter

Risk Analysis Match the technologies used with the security

need Spend time and resources covering the most

likely and most expensive risks

Firewalls What is a firewall?

A technology for the selective allowance of network traffic.

Types of firewallsStateful or StatelessSoftware or Hardware

Border or Intranet

Firewalls Rule Set Methodology

Mostly OpenMostly Closed

ZonesUntrustTrustDMZ

IDS / IPS Network Device that identifies and

optionally stops hostile network traffic Signature based detection

Signatures can match on packet contentSignatures can match on behavior

Deployed at network choke points Generally in conjunction with a firewallBorder of an office, a workgroup, a building,

or a campus

Encryption Encryption is the process of transforming

information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.

Public Key / Private Key Pre-shared Key Example Uses

Disk Encryption, File EncryptionSecure Email (i.e. PGP)

VPN Network tunnel over a more general

network Implies channel encryption,

authentication, authorization May be used to avoid firewalls and

IPS/IDS systems on the path of the tunnel Deployed next to firewalls for remote

access or administrative access.

Secure Remote Access Remote Desktop Client SSH Network Tunnels Two Factor Authentication Key Based Authentication

Tripwire Tripwire watches for changes to files for

monitored systems. Enterprise Tripwire runs with a server and

clients. Remote monitoring of changes, with alerts.Ability to approve or roll back some changes.

Useful in the detection of intentional and unintentional changes.

Network Flow Analysis Look for ‘odd’ behavior rather than ‘odd’

content. Traffic sent to an analysis engine via a

mirror, or summarized by the routers Multiple products exist with differing

emphasisArbor NetworksQ1 labs

Anti-Malware Malware is any piece of malicious code

or a program that embeds itself onto a computer without the user’s knowledge.

Examples

VirusSpamTrojanRoot kit

SpywareAdwareKey Logger

Anti-Malware What to do about it?

DON’T OPEN ATTACHMENTS THAT YOU ARE NOT EXPECTING.○ ESPECIALLY IF YOU DON’T TRUST THE

SOURCEKeep an up to date Anti-Malware application

(or suite) installed and running.○ Many different vendors and some free apps

do this.

Security Practices - Servers Patch Management

All systems are vulnerable, patching makes them less so

Log AnalysisLearn what is normal, then watch for the

abnormal Secure Configuration

Pick a standard and follow it

Security Practices - Users All users on the network are integral to

overall securityUser Education Campaigns

User Policy ToolsGroup Policy, reviewing logs

Denial of Service Protection Types of DoS

UDP flood, SYN flood, ICMP flood, backscatter, distributed, packet of death, BGP route injection

Type of protectionRouting infrastructureFirewallsSpecial adaptive devices

Advanced Network Tricks Honey Pots – a weakened computer

meant to attract attackers Tar Pits – a series of fake computers

meant to slow attackers down Dark Nets – a network of fake

computers meant to determine what attackers are doing

Managing Your Identities Common complaint: I have too many

passwords to remember!This may lead to sticky notes under

keyboards Password Wallet or Password Safe Public key / private key encryption Password generation algorithms