Скачать презентацию Information Security in Real Business MSIT 458 Information Скачать презентацию Information Security in Real Business MSIT 458 Information

ca4162f50298d864b64cddf6dc1b8705.ppt

  • Количество слайдов: 17

Information Security in Real Business MSIT 458: Information Security and Assurance Asian Connection and Information Security in Real Business MSIT 458: Information Security and Assurance Asian Connection and Craig

Secure Remote Access for Company XYZ • Provide remote users secure access to internal Secure Remote Access for Company XYZ • Provide remote users secure access to internal corporate network resources – 1000 user company • Remote users access the perimeter network from public Internet • Quantity of the threats are progressing and complexity is increasing – “Bot Nets” • The end-points are hard to secure and network security is a corporate standard • How do we trust the remote users while verify they are secure • Provide authenticated secure connection for remote users

Secure Remote Access for Company XYZ • Why this problem is a general one Secure Remote Access for Company XYZ • Why this problem is a general one that comes across multiple industry/education/government sectors? • Globalization – Companies have operations outside the US • Talent pool – No longer constrained by geographic limitations • Remote users - Increase in demand for users to work remotely

Global Setup Frankfort Chicago Singapore 4 Global Setup Frankfort Chicago Singapore 4

Secure Remote Access for Company XYZ • Remote Users • Asia - 9 countries Secure Remote Access for Company XYZ • Remote Users • Asia - 9 countries (100 users) • Europe – 10 countries (120 users) • Americas – 4 countries (780 users) • Security Verifications • Validate virus definitions files and active monitoring • Verify windows patches are current • Isolate worm virus from entering corporate network

Existing State for Company XYZ • Users login through the public Internet using VPN Existing State for Company XYZ • Users login through the public Internet using VPN client access • No Virus Checking • Patch Management is not verified • The user can use any computer with VPN client – no way to enforce corporate approved machines • No validation for malware or bot net infected machines

Business Applications • Email and Share. Point • Business Intelligence Tools • SAS & Business Applications • Email and Share. Point • Business Intelligence Tools • SAS & ETL Tools • Business Data • • • Structured Unstructured File Server Data Warehousing ERP Systems

User Landscape • Remote Users • Global Remote Offices DSL connections • Home Users User Landscape • Remote Users • Global Remote Offices DSL connections • Home Users – Broadband Connections • Partners • Local and Off Shore – DSL / Public Internet • Higher Level privileges – above guest access

Technical Solution • Symantec Network Admission Control • End Point Product is currently being Technical Solution • Symantec Network Admission Control • End Point Product is currently being used for Anti-Virus and Client security • “Single Pane of Glass” – One Management Interface is used to manage Anti-Virus, Client Firewall, Client Intrusion Prevention System and Network Admission Control • Microsoft Certificate Administration • Management is built into 2008 Active Directory

Technical Solution 1. User attempts to connect to vpn. xyz. com 2. Cisco ASA Technical Solution 1. User attempts to connect to vpn. xyz. com 2. Cisco ASA validates user Certificate with Windows 2008 Certificate Server VLAN 0 VLAN 1 Certific ate ASA Firewall 1 2 Server AD Symantec Endpoint Protection Intern et 3 - OK Antivir us Remote employees or partners 10 Symantec Gateway Enforcer Security Patterns Network Access Control (NAC)

Technical Solution 3. If Certificate is valid, information is passed back through the Cisco Technical Solution 3. If Certificate is valid, information is passed back through the Cisco ASA and the user is allowed access to VLAN 0 4. Computer information is passed to the Symantec Gateway Enforcer checks for policy information from Symantec Endpoint Protection Server VLAN 0 VLAN 1 Certificate ASA Firewa ll 1 Intern et 3 - OK Remote employees or partners 11 Server 2 AD Symantec Endpoint Protection 3 4 Symantec Gateway Enforcer 4 Antivir us Security Patterns Network Access Control (NAC)

Technical Solution 5. Gateway Enforcer compares remote computer security with policy from Symantec Endpoint Technical Solution 5. Gateway Enforcer compares remote computer security with policy from Symantec Endpoint Protection - If computer is not compliant information is presented to the user on steps needed to become compliant 6. When computer is compliant access is granted to internal VLAN 0 Certificate ASA Server Firewa ll 1 2 AD Intern et 3 - OK Remote employees or partners 12 5 – Policy Check VLAN 1 6 Symantec Endpoint Protection 3 4 Symantec Gateway Enforcer 4 Antiviru Security Patter s Network Access Control (NAC)

Technical Solution 7. Computer Connects locally to our network - Network Access Control performs Technical Solution 7. Computer Connects locally to our network - Network Access Control performs policy check 8. NAC will also determine what resources local users can access VLAN 0 Certific ate ASA Firewall 1 Intern et Remote employees or partners 13 5 – Policy Check Server 2 AD 3 - OK VLAN 1 6 Symantec Endpoint Protection 3 4 Symantec Gateway Enforcer 4 Antiviru Security s Patterns Network Access Control (NAC)

Research Findings • Cisco • NAC appliances are expensive • There is integration with Research Findings • Cisco • NAC appliances are expensive • There is integration with Microsoft’s Network Access Protection. (This can be utilized as we migrate to Windows 2008 and the next Desktop OS we roll-out) • Uses optional dissolvable or permanent agent or scanning function • Need to define how they will integrate 802. 1 x enforcement • Symantec • Uses the existing Endpoint infrastructure • Uses dissolvable agent or agentless scanning option for non-Symantec endpoints. • They have a separate model for 802. 1 x enforcement Source: Gartner Research 14

Cost Comparison Symantec One Time Cost Cisco One Time Cost On-Going Symantec On-Going Cisco Cost Comparison Symantec One Time Cost Cisco One Time Cost On-Going Symantec On-Going Cisco $27, 000 $125, 000 $2, 700 $22, 000 $25000 $46, 000 $2, 500 $9, 500 $5000 $65, 000 $57, 000 $236, 000 $5, 200 $31, 500 Hardware NAC Hardware Software Client Licensing and Microsoft SA Installation Consulting Total 15

Requirements Requirement Symantec Cisco $$$ (<200 K) Yes No Ease of Use Yes No Requirements Requirement Symantec Cisco $$$ (<200 K) Yes No Ease of Use Yes No Interoperability Yes Ease of Training Yes No Warranty Yes Customer Support Yes

Some of the Consequences • Better protection for corporate assets against: • Trade secret Some of the Consequences • Better protection for corporate assets against: • Trade secret leakage • Malwares, botnets, viruses, worms, etc • Ensuring proper usage of corporate resources • Trade off between additional security vs. additional operational overhead • Increasing IT support staff • 24 x 7 support availability • Initial time to establish connection is longer than the traditional VPN • Additional complexity requiring training for nontechnical users