1 / 17

Network Security Overview

Network Security Overview. Tales from the trenches. Why security?. increasingly hostile public network cost of downtime value of the information. Increasingly hostile public network. Increasingly hostile public network(2). intruders are prepared and organized

jake
Download Presentation

Network Security Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Overview Tales from the trenches

  2. Why security? • increasingly hostile public network • cost of downtime • value of the information

  3. Increasingly hostile public network

  4. Increasingly hostile public network(2) • intruders are prepared and organized • Internet attacks are easy, low risk, and hard to trace • intruder tools are - increasingly sophisticated - easy to use, especially by novice intruders - designed to support large-scale attacks • source code is not required to find vulnerabilities • the complexity of the Internet, protocols, and applications are all increasing along with our reliance on them

  5. Increasingly hostile public network(3)

  6. Cost of downtime

  7. Value of the information • Large stores of Credit Card information stored on DB servers • Intellectual property valued in the Millions

  8. Basic Categories • Policy • Physical • IP based • Software/OS based

  9. Holistic approach

  10. Policy • Email usage • External services allowed • Acceptable use • User and resource architecture • Virus response

  11. IP based • Routers • Packet filtering • Firewalls • Packet inspection versus packet filter • Ability to build rulesets • Switches/VLAN • Isolating IP segments using VLANS

  12. Software • Proxy servers • Software firewalls vs. hardware • OS security Unix/MS • Patches and updates

  13. Patches and updates

  14. Remote access • security versus usability • P: drive access • options for remote access • extranet • web access • VPN • Private dial up

  15. Extranet • Secure web site with access to specific data • Requires login • Can provide access to all information available “on site”

  16. VPN • Virtual private network • Creates a Secure Tunnel between two points on a network • All data traveling on the tunnel is encrypted • Should use encryption for tunnel creation

  17. Physical security • Data center access • Multi-homed • Redundant utilities (power, HVAC) • Fire suppression

More Related