SlideShare a Scribd company logo

Securing your presence at the perimeter

Ben Rothke, profile picture
Ben Rothke

The document discusses the evolving nature of network security, emphasizing that while traditional perimeter defenses like firewalls and VPNs remain important, the boundary is increasingly blurred due to various threats like malicious insiders and cloud services. It highlights challenges in designing effective perimeter security, such as monitoring, compliance, and the need for stringent policies. Additionally, it advocates for the implementation of Data Loss Prevention (DLP) strategies to prevent data breaches and secure sensitive information.

Technology
Related topics:
Information Security
1 of 21
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Securing your presence at the perimeter Ben Rothke, CISSP CISA BT Global Services Senior Security Consultant
About me…. • • • • Ben Rothke (too many certifications) Senior Security Consultant – British Telecom Frequent writer and speaker Author - Computer Security: 20 Things Every Employee Should Know BT Americas Inc. 2
The perimeter is not necessarily dead • Firewalls and border routers are still the cornerstone for perimeter security • Always will be a place for VPNs • Attacks occur at the application layer – So ensure app security BT Professional Services 3
But the perimeter it is getting blurred… • VPNs • complicated network connections with multiple partners – contractors, consultants – 3rd party collaboration – vendors • wireless networks • laptops • malicious insiders – worms (compromised computers can be seen as malicious insiders) BT Professional Services 4
Ok, the perimeter is dead, the cloud proves it BT Professional Services 5
Perimeter challenges • • • • • • • • Determining proper firewall design access to resources for remote users effective monitoring and reporting need for enhanced packet inspection security standards compliance long-term maintenance ensuring attackers don’t find that single vulnerability data leakage BT Professional Services 6
Was your perimeter designed in 30 minutes? BT Professional Services 7
Key points • Perimeter security is popular – cheap, convenient, somewhat effective – firewalls and IDS most common tools for network security • Firewalls and IDS fighting an uphill battle – both attackers and legitimate users struggle to avoid/evade them • Security management is a key challenge BT Professional Services 8
Securing network perimeters • Goal is to provide adequate access without jeopardizing confidential or mission-critical areas • Elements: – firewalls, IDS, bastion host, Network Address Translation (NAT), proxy servers – combined with authentication mechanisms • Bastion host – provides Web, FTP, e-mail, or other services running on a specially secured server BT Professional Services 9
But the firewall is not a panacea • Malicious traffic that is passed on open ports and not inspected by the firewall • any traffic that passes through an encrypted tunnel or session • attacks after a network has been penetrated • traffic that appears legitimate • users and administrators who intentionally or accidentally install viruses • administrators who use weak passwords BT Professional Services 10
Policy is required to secure a perimeter • Firewall policies typically lists of allow or deny rules • what should the default rule be? • Default allow: – convenient since doesn’t interfere with legitimate activity • Default deny: – more secure, since every allowed use undergoes security review – if policy too restrictive, people complain and it gets fixed – if policy too permissive, only learn about it too late after an attack BT Professional Services 11
Other policy issues • Scale – Large organizations have thousands of rules – How do you process them efficiently? – How do you know they are correct? • Ingress vs. egress filtering – Ingress: filter packets from the Internet – Egress: filter traffic to the Internet (why?) BT Professional Services 12
Operational weaknessess • Technology – firewall rules not adequately maintained – system configurations and access not being monitored – passwords • Standards – – – – unpatched software/firmware no criteria for hiring outside auditors and IT pros no consistent security assessments production data being used for dev/QA apps BT Professional Services 13
Start thinking about DLP • Small data leaks lead to major damage – a minor water leak… – becomes major structural damage BT Professional Services 14
There is a lot DLP can do • Detect sensitive content in any combination of network traffic, data at rest or endpoint operations • Detect sensitive content using – sophisticated content-aware detection techniques, including partial/exact document matching, structured data fingerprinting, statistical analysis, extended regular expression matching, conceptual and lexicon analysis, and more • Support detection of sensitive data content in structured and unstructured data, using registered or described data definitions • Block email communication policy violations BT Professional Services 15
Do you have authority over your data? • DLP enables you to finally control your data: – – – – – – Identify: know where your data resides Monitor: what is happening, who did it, when Warning: user alerted when moving sensitive data Prevention: unauthorized actions are thwarted Control: only approved devices can be used Reporting: compliance reports (SoX, PCI, HIPAA / HITECH, GLBA, Euro-SoX, and more) BT Professional Services 16
Testing • Publicly-accessible systems – IP-hosts – all web apps – web services • Web interfaces: – routers – firewalls – email • Wireless BT Professional Services 17
Ask lots of questions and fill up whiteboards 1. What are we doing beyond vulnerability scans to find security flaws? 2. Are we looking at all of our critical perimeter systems? 3. When are we going to get to everything else? 4. What are the results of our latest external security assessment? 5. What’s being done to resolve these issues? 6. Even if nothing is turned up, when’s our next round of testing scheduled for? 7. Have we started thinking about the data? 8. Should we consider DLP? BT Professional Services 18
Use tools • There are myriad tools, use them judiciously – – – – – – – QualysGuard WebInspect Acunetix WVS CommView for WiFi Web browsers Google other exploit tools – Make sure your staff reads Security Strategy: From Requirements to Reality – http://amzn.to/fT2yG6 BT Professional Services 19
Creating and maintaining a strong perimeter • Good design • updated design • built and designed by engineers – with management oversight • risk-based • business needs understood • maintained – competent staff – maintained at an adequate level BT Professional Services 20
Contact info… • www.linkedin.com/in/benrothke • www.twitter.com/benrothke • www.slideshare.net/benrothke BT Professional Services 21

More Related Content

PPTX
Rothke rsa 2013 - deployment strategies for effective encryption
Ben Rothke
 
PPTX
Rothke rsa 2013 - the five habits of highly secure organizations
Ben Rothke
 
PPTX
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Ben Rothke
 
PPTX
E5 rothke - deployment strategies for effective encryption
Ben Rothke
 
PDF
System of security controls
S.E. CTS CERT-GOV-MD
 
PPTX
It and-cyber-module-2
Marneil Sanchez
 
PPTX
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 
PDF
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Rothke rsa 2013 - deployment strategies for effective encryption
Ben Rothke
 
Rothke rsa 2013 - the five habits of highly secure organizations
Ben Rothke
 
Rothke rsa 2012 what happens in vegas goes on youtube using social networks...
Ben Rothke
 
E5 rothke - deployment strategies for effective encryption
Ben Rothke
 
System of security controls
S.E. CTS CERT-GOV-MD
 
It and-cyber-module-2
Marneil Sanchez
 
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 
A Case Study of the Capital One Data Breach
Anchises Moraes
 

What's hot (17)

PDF
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
PPTX
A holistic approach to risk management 20210210 w acfe france & cyber rea...
Judith Beckhard Cardoso
 
PPTX
Architecting for Security Resilience
Joel Aleburu
 
PPTX
Soc
Mukesh Chaudhari
 
PPTX
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
PPSX
Next-Gen security operation center
Muhammad Sahputra
 
DOCX
SEC440: Incident Response Plan
Thomas Christopher Ty
 
PDF
Comptia security sy0 601 domain 4 operation and incident response
ShivamSharma909
 
PPTX
Security Operations Center
MDS CS
 
PPTX
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
PDF
From Business Architecture to Security Architecture
Priyanka Aash
 
PDF
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
PPTX
Cyber risks in supply chains
Aparajita Banerjee
 
PDF
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
PDF
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
PDF
Identifying Code Risks in Software M&A
Matt Tortora
 
PPTX
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
Judith Beckhard Cardoso
 
Architecting for Security Resilience
Joel Aleburu
 
Soc
Mukesh Chaudhari
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
Next-Gen security operation center
Muhammad Sahputra
 
SEC440: Incident Response Plan
Thomas Christopher Ty
 
Comptia security sy0 601 domain 4 operation and incident response
ShivamSharma909
 
Security Operations Center
MDS CS
 
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
From Business Architecture to Security Architecture
Priyanka Aash
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Cyber risks in supply chains
Aparajita Banerjee
 
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Identifying Code Risks in Software M&A
Matt Tortora
 
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
Ad

Viewers also liked (20)

PPT
1. security management practices
7wounders
 
PPTX
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
FRSecure
 
PPTX
Risk Management and Security in Strategic Planning
Keyaan Williams
 
PPTX
Purple Teaming - The Collaborative Future of Penetration Testing
FRSecure
 
PDF
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Par-Tec S.p.A.
 
PPTX
CISSPills #3.02
Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
PDF
Oss. Informaton Security & Privacy
Alessandro Piva
 
PPT
Cyber risk e assicurazioni
Giulio Coraggio
 
PDF
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
 
PPSX
AIS Lecture 1
Cheng Olayvar
 
PDF
Security Framework for Digital Risk Managment
Securestorm
 
PPTX
Metodology Risk Assessment ISMS
blodotaji
 
PPTX
Cissp- Security and Risk Management
Hamed Moghaddam
 
PDF
Information security management system (isms) overview
Julia Urbina-Pineda
 
PPTX
Iso27001 Audit Services
tschraider
 
PPSX
CIS Audit Lecture # 1
Cheng Olayvar
 
PPTX
Why ISO-27001 is a better choice?
Patten John
 
PPT
Rothke Patchlink
Ben Rothke
 
PPTX
Iso27001 Approach
tschraider
 
PDF
Slide Deck CISSP Class Session 3
FRSecure
 
1. security management practices
7wounders
 
Slide Deck – Class Session 1 – FRSecure CISSP Mentor Program
FRSecure
 
Risk Management and Security in Strategic Planning
Keyaan Williams
 
Purple Teaming - The Collaborative Future of Penetration Testing
FRSecure
 
Forum ICT Security 2016 - Regolamento EU 2016/679: le tecnologie a protezione...
Par-Tec S.p.A.
 
CISSPills #3.02
Pierluigi Falcone, CISSP, CISM, CCSK, SABSA Foundation
 
Oss. Informaton Security & Privacy
Alessandro Piva
 
Cyber risk e assicurazioni
Giulio Coraggio
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
 
AIS Lecture 1
Cheng Olayvar
 
Security Framework for Digital Risk Managment
Securestorm
 
Metodology Risk Assessment ISMS
blodotaji
 
Cissp- Security and Risk Management
Hamed Moghaddam
 
Information security management system (isms) overview
Julia Urbina-Pineda
 
Iso27001 Audit Services
tschraider
 
CIS Audit Lecture # 1
Cheng Olayvar
 
Why ISO-27001 is a better choice?
Patten John
 
Rothke Patchlink
Ben Rothke
 
Iso27001 Approach
tschraider
 
Slide Deck CISSP Class Session 3
FRSecure
 
Ad

Similar to Securing your presence at the perimeter (20)

PDF
Securing your presence at the perimeter
Ben Rothke
 
PDF
Locking down server and workstation operating systems
Ben Rothke
 
PPT
Information Security
Mohit8780
 
PPTX
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
Andris Soroka
 
PPTX
Enterprise IT Security| CIO Innovation and Leadership
RedZone Technologies
 
PPT
DLP
saurabh.sood
 
PPTX
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
PDF
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
PDF
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
DOC
Harsha CV
Harsha Siddartha Sarjapura
 
PDF
Privileged Access Control & Task Automation: A Win Double of Security and Bus...
Digital Transformation EXPO Event Series
 
PPTX
Check Point: Defining Your Security blueprint
Group of company MUK
 
PDF
Protect the data - Cyber security - Breaches - Brand/Reputation
Pa Al
 
PPTX
PaloAlto Ignite Conference 2015
Mike Spaulding
 
PDF
Secure Mobility from GGR Communications
GGR Communications
 
PDF
Barbed Wire Network Security Policy 27 June 2005 7
Khawar Nehal khawar.nehal@atrc.net.pk
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
PDF
Security Delivery Platform: Best practices
Mihajlo Prerad
 
PPTX
Securing your digital world cybersecurity for sb es
Sonny Hashmi
 
PPTX
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 
Securing your presence at the perimeter
Ben Rothke
 
Locking down server and workstation operating systems
Ben Rothke
 
Information Security
Mohit8780
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
Andris Soroka
 
Enterprise IT Security| CIO Innovation and Leadership
RedZone Technologies
 
DLP
saurabh.sood
 
Joint Presentation on The State of Cybersecurity ('15-'16) & Third Party Cyb...
Rishi Singh
 
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
Harsha CV
Harsha Siddartha Sarjapura
 
Privileged Access Control & Task Automation: A Win Double of Security and Bus...
Digital Transformation EXPO Event Series
 
Check Point: Defining Your Security blueprint
Group of company MUK
 
Protect the data - Cyber security - Breaches - Brand/Reputation
Pa Al
 
PaloAlto Ignite Conference 2015
Mike Spaulding
 
Secure Mobility from GGR Communications
GGR Communications
 
Barbed Wire Network Security Policy 27 June 2005 7
Khawar Nehal khawar.nehal@atrc.net.pk
 
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
Security Delivery Platform: Best practices
Mihajlo Prerad
 
Securing your digital world cybersecurity for sb es
Sonny Hashmi
 
Securing your digital world - Cybersecurity for SBEs
Sonny Hashmi
 

More from Ben Rothke (20)

PDF
Mobile security blunders and what you can do about them
Ben Rothke
 
PDF
Lessons from ligatt from national cyber security nationalcybersecurity com
Ben Rothke
 
PDF
Lessons from ligatt
Ben Rothke
 
PDF
Interop 2011 las vegas - session se31 - rothke
Ben Rothke
 
PDF
Infosecurity Needs Its T.J. Hooper
Ben Rothke
 
PDF
Rothke effective data destruction practices
Ben Rothke
 
PDF
Rothke computer forensics show 2010
Ben Rothke
 
PDF
The Cloud is in the details webinar - Rothke
Ben Rothke
 
PDF
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Ben Rothke
 
PDF
La nécessité de la dlp aujourd’hui un livre blanc clearswift
Ben Rothke
 
PDF
The Need for DLP now - A Clearswift White Paper
Ben Rothke
 
PDF
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
PDF
Infotec 2010 Ben Rothke - social networks and information security
Ben Rothke
 
PDF
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Ben Rothke
 
PDF
Rothke stimulating your career as an information security professional
Ben Rothke
 
PDF
Ben Rothke - Effective Data Destruction Practices
Ben Rothke
 
PDF
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke
 
PDF
Virtualization, Cloud Computing And The Pci Dss
Ben Rothke
 
PDF
Ben Rothke RSA PK 2010
Ben Rothke
 
PDF
Rothke Using Kazaa To Test Your Security Posture
Ben Rothke
 
Mobile security blunders and what you can do about them
Ben Rothke
 
Lessons from ligatt from national cyber security nationalcybersecurity com
Ben Rothke
 
Lessons from ligatt
Ben Rothke
 
Interop 2011 las vegas - session se31 - rothke
Ben Rothke
 
Infosecurity Needs Its T.J. Hooper
Ben Rothke
 
Rothke effective data destruction practices
Ben Rothke
 
Rothke computer forensics show 2010
Ben Rothke
 
The Cloud is in the details webinar - Rothke
Ben Rothke
 
Webinar - Getting a handle on wireless security for PCI DSS Compliance
Ben Rothke
 
La nécessité de la dlp aujourd’hui un livre blanc clearswift
Ben Rothke
 
The Need for DLP now - A Clearswift White Paper
Ben Rothke
 
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Infotec 2010 Ben Rothke - social networks and information security
Ben Rothke
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Ben Rothke
 
Rothke stimulating your career as an information security professional
Ben Rothke
 
Ben Rothke - Effective Data Destruction Practices
Ben Rothke
 
Ben Rothke Getting A Handle On Wireless Security For Pci Dss Compliance
Ben Rothke
 
Virtualization, Cloud Computing And The Pci Dss
Ben Rothke
 
Ben Rothke RSA PK 2010
Ben Rothke
 
Rothke Using Kazaa To Test Your Security Posture
Ben Rothke
 

Recently uploaded (20)

PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
A Presentation on Artificial Intelligence
memembruh336
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Approach and Philosophy of On baking technology
30anthuong17
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Teaching material agriculture food technology
LiaRayya
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 

Securing your presence at the perimeter

  • 1. Securing your presence at the perimeter Ben Rothke, CISSP CISA BT Global Services Senior Security Consultant
  • 2. About me…. • • • • Ben Rothke (too many certifications) Senior Security Consultant – British Telecom Frequent writer and speaker Author - Computer Security: 20 Things Every Employee Should Know BT Americas Inc. 2
  • 3. The perimeter is not necessarily dead • Firewalls and border routers are still the cornerstone for perimeter security • Always will be a place for VPNs • Attacks occur at the application layer – So ensure app security BT Professional Services 3
  • 4. But the perimeter it is getting blurred… • VPNs • complicated network connections with multiple partners – contractors, consultants – 3rd party collaboration – vendors • wireless networks • laptops • malicious insiders – worms (compromised computers can be seen as malicious insiders) BT Professional Services 4
  • 5. Ok, the perimeter is dead, the cloud proves it BT Professional Services 5
  • 6. Perimeter challenges • • • • • • • • Determining proper firewall design access to resources for remote users effective monitoring and reporting need for enhanced packet inspection security standards compliance long-term maintenance ensuring attackers don’t find that single vulnerability data leakage BT Professional Services 6
  • 7. Was your perimeter designed in 30 minutes? BT Professional Services 7
  • 8. Key points • Perimeter security is popular – cheap, convenient, somewhat effective – firewalls and IDS most common tools for network security • Firewalls and IDS fighting an uphill battle – both attackers and legitimate users struggle to avoid/evade them • Security management is a key challenge BT Professional Services 8
  • 9. Securing network perimeters • Goal is to provide adequate access without jeopardizing confidential or mission-critical areas • Elements: – firewalls, IDS, bastion host, Network Address Translation (NAT), proxy servers – combined with authentication mechanisms • Bastion host – provides Web, FTP, e-mail, or other services running on a specially secured server BT Professional Services 9
  • 10. But the firewall is not a panacea • Malicious traffic that is passed on open ports and not inspected by the firewall • any traffic that passes through an encrypted tunnel or session • attacks after a network has been penetrated • traffic that appears legitimate • users and administrators who intentionally or accidentally install viruses • administrators who use weak passwords BT Professional Services 10
  • 11. Policy is required to secure a perimeter • Firewall policies typically lists of allow or deny rules • what should the default rule be? • Default allow: – convenient since doesn’t interfere with legitimate activity • Default deny: – more secure, since every allowed use undergoes security review – if policy too restrictive, people complain and it gets fixed – if policy too permissive, only learn about it too late after an attack BT Professional Services 11
  • 12. Other policy issues • Scale – Large organizations have thousands of rules – How do you process them efficiently? – How do you know they are correct? • Ingress vs. egress filtering – Ingress: filter packets from the Internet – Egress: filter traffic to the Internet (why?) BT Professional Services 12
  • 13. Operational weaknessess • Technology – firewall rules not adequately maintained – system configurations and access not being monitored – passwords • Standards – – – – unpatched software/firmware no criteria for hiring outside auditors and IT pros no consistent security assessments production data being used for dev/QA apps BT Professional Services 13
  • 14. Start thinking about DLP • Small data leaks lead to major damage – a minor water leak… – becomes major structural damage BT Professional Services 14
  • 15. There is a lot DLP can do • Detect sensitive content in any combination of network traffic, data at rest or endpoint operations • Detect sensitive content using – sophisticated content-aware detection techniques, including partial/exact document matching, structured data fingerprinting, statistical analysis, extended regular expression matching, conceptual and lexicon analysis, and more • Support detection of sensitive data content in structured and unstructured data, using registered or described data definitions • Block email communication policy violations BT Professional Services 15
  • 16. Do you have authority over your data? • DLP enables you to finally control your data: – – – – – – Identify: know where your data resides Monitor: what is happening, who did it, when Warning: user alerted when moving sensitive data Prevention: unauthorized actions are thwarted Control: only approved devices can be used Reporting: compliance reports (SoX, PCI, HIPAA / HITECH, GLBA, Euro-SoX, and more) BT Professional Services 16
  • 17. Testing • Publicly-accessible systems – IP-hosts – all web apps – web services • Web interfaces: – routers – firewalls – email • Wireless BT Professional Services 17
  • 18. Ask lots of questions and fill up whiteboards 1. What are we doing beyond vulnerability scans to find security flaws? 2. Are we looking at all of our critical perimeter systems? 3. When are we going to get to everything else? 4. What are the results of our latest external security assessment? 5. What’s being done to resolve these issues? 6. Even if nothing is turned up, when’s our next round of testing scheduled for? 7. Have we started thinking about the data? 8. Should we consider DLP? BT Professional Services 18
  • 19. Use tools • There are myriad tools, use them judiciously – – – – – – – QualysGuard WebInspect Acunetix WVS CommView for WiFi Web browsers Google other exploit tools – Make sure your staff reads Security Strategy: From Requirements to Reality – http://amzn.to/fT2yG6 BT Professional Services 19
  • 20. Creating and maintaining a strong perimeter • Good design • updated design • built and designed by engineers – with management oversight • risk-based • business needs understood • maintained – competent staff – maintained at an adequate level BT Professional Services 20
  • 21. Contact info… • www.linkedin.com/in/benrothke • www.twitter.com/benrothke • www.slideshare.net/benrothke BT Professional Services 21