1 / 22

ESP Technical Overview

ESP Technical Overview. Marty Lindner September 2000. Agenda. What is “ ESP ” Goals of the ESP ESP Technology Overview. What is the “ ESP ”. E xtranet for S ecurity P rofessional. What is the “ESP”.

elizabeth-santana
Download Presentation

ESP Technical Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ESP Technical Overview Marty Lindner September 2000

  2. Agenda • What is “ESP” • Goals of the ESP • ESP Technology Overview

  3. What is the “ESP” • Extranet for Security Professional

  4. What is the “ESP” • From a users perspective the ESP is a web site that is used by a group of people sharing a common interest or need

  5. What is the “ESP” • From an IT professionals perspective the ESP is a secure web environment created by using • Commercial Off The Shelf (COTS) products • Good Programming Practices • Strict network policies enforced by multiple firewalls and intrusion detection systems • Automated intrusion detection software developed for the ESP environment

  6. What is the “ESP” • A set of collaboration tools used thru a common web interface • Mail Tool • Calendar Tool • Document Collaboration Tool • Document Library

  7. Goals of the ESP • Minimal cost to the end users • Provide a mechanism for sharing FOUO/SBU information over the public internet • Maintain the highest level of security

  8. ESP Technology Overview

  9. ESP Infrastructure The Internet Firewall Router Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

  10. End User Workstation The Internet Firewall Router Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

  11. End User Workstation • One of the ESP goals is to minimize the cost to the end user • The only end user requirement is a web browser that supports U.S. domestic encryption (128 bits)

  12. The Internet The Internet Firewall Router Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

  13. The Internet • The ESP technology makes one assumption about the Internet • You can not trust it! • To overcome this lack of trust, the ESP uses the Secure Socket Layer (SSL) protocol and X.509 certificates to provide authenticity, integrity and confidentiality • www.ietf.org\rfc\rfc2246.txt

  14. SSL Security The Internet Firewall Router SSL provides a secure path through the Internet Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

  15. Firewall Strategy The Internet Firewall Router Multiple inline firewalls create more complex maze for intruders to navigate Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

  16. Firewall Strategy • Multiple firewalls randomly inserted into the network topology • Sidewinder 5.0 • www.securecomputing.com • Guardian • www.netguard.com • Cisco Secure PIX Firewall • www.cisco.com • Linux IPchains • www.linuxdocs.org

  17. Network Monitoring The Internet Firewall Router Passive network monitoring tools assist and automate the intrusion detection process Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

  18. Network Monitoring • Several passive network monitoring agents are used to detect signs of intrusion • Real Secure 3.2 • www.iss.net • Snort 1.6.3 • www.snort.org

  19. Web Server Security The Internet Firewall Router The middleware enhances security by incorporating additional authentication techniques Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

  20. Web Server Security • System is dedicated to web services only • No additional services offered • Software • Hardened Windows NT 4.0 • www.microsoft.com • Tripwire system integrity software 2.2.1 • www.tripwire.com • Netscape Enterprise Server 3.63 • home.netscape.com • Cold Fusion Server 4.5.1 • www.alliare.com

  21. Database Security The Internet Firewall Router The database only responds to authenticated requests from the Web servers Web Servers To: George Marty From: Steve Workstation Database Servers Firewall

  22. Database Security • Database servers only except communications from an authenticated IPsec session • www.ietf.org\rfc\rfc2401.txt

More Related