TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Corporate Security Issues and countering them using Unified Threat Management Systems and SSL VPN
1. Training on Unified Threat Management Systems & SSL VPN (SaaS) By - Amarjit Singh & RishabhDangwal Tulip Telecom Ltd.
2. Objectives Security awareness Latest trends in security Device Awareness Saving the world before bedtime, without worries :P The notion of providing Security as a Service
3. We as an ISP have a tough enough job already..But.. What about Security threats? How serious are they? Hackers are there..where are We ? What is the most effective and cost efficient way to handle them?
4. Current Trends Cyber-attacks are increasing in speed and sophistication exponentially Blended threats, hybrid attacks and APT’s.. Getting automated tools is easy, increase in skid culture Security costs money, Security problems cost money, time and lots of pain.
5. Intruders Attack Sophistication vs. Intruder Technical Knowledge Courtesy Emil on security Auto Coordinated Cross site scripting “stealth” / advanced scanning techniques High Staged packet spoofing denial of service distributed attack tools sniffers Intruder Knowledge sweepers www attacks automated probes/scans GUI back doors network mgmt. diagnostics disabling audits hijacking sessions burglaries Attack Sophistication exploiting known vulnerabilities password cracking self-replicating code password guessing Low 2011 1980 1985 1990 1995
6. Software Vulnerabilities “99% of intrusions result from exploitation of known vulnerabilities” Source: 2001 CERT, Carnegie Mellon University Cause: programming bugs, bad testers, short sighted development Threat: lack of patches for the above LizamoonSQLi exploited 1.5 million + hosts
7. E-mail Viruses Primary medium for distributing threats Trojans – Easy to create, quick to deliver, easy to install HTML viruses on email Innocent sounding Emails having malicious attachments containing: Macros, VB scripts, java scripts and html scripts
17. And we have got Spyware.. Program that uses Internet without the User’s knowledge Approximately 80% of computers have some form of Spyware (including corporate ones) Spread using shareware, pop ups,p2p,shareware..the usual suspects Gathering information: Browsing habits (sites visited, links clicked, etc.) Data entered into forms (including account names, passwords, text of Web forms and Web-based email, etc.) Key stokes and work habits
18. Spam Unsolicited Email Multiple techniques to send mails Spoof email address Image only mail Random text Text merging Token Manipulation URL hiding HTML Tag corruption Increase False positives Parse corruption Metamorphic Spam Trojans And much much more.. Leads to low productivity and server outages.
19. Network woes Label spoofing Core hiding Replay attacks Compromise of LIB Access to LER And other MPLS security issues..
21. And its just the Tip of Iceberg…(a.k.a Raising the Attack Standards by a Notch) Sophisticated DOS (Network, application) Advanced Persistent Threats Smartphone Abuse Certificate abuse (DigiNotar - PKIOverheid..) Key abuse (RSA, anyone ?) Kernel Rootkits/Bootkits
22. Obsolete Defenses Firewalls work on port blocking strategy Reactive approach Stateful Packet Inspection (SPI) : Provides source / destination / state intelligence Provides NAT Stateful firewalls cannot protect against multilayer threats Is limited in nature
23. How TULIP can provide security ? SaaS – Security as a Service SSL-VPN Unified Threat Management
24. What is SSL VPN TECHNOLOGY? Secure Sockets Layer (SSL) virtual private networks (VPN) provide secure remote access to an organization’s resources. A VPN is a virtual network, built on top of existing physical networks, that can provide a secure communications mechanism for data and other information transmitted between two endpoints. Because a VPN can be used over existing networks such as the Internet, it can facilitate the secure transfer of sensitive data across public networks. Concept - SSL VPN
26. Why SSL VPN SSL VPN solutions offer a flexible and highly secure way to extend network resources to virtually any remote user with access to the Internet and a web browser. Organizations can customize access and extend the reach of their corporate network to individuals based on their role, including the teleworker, contractor, or business partner.
29. Complete Client-side Cleanup Cleanup of end users system at end of session. Configurable options of cache cleanup includes. Cookies Temporary Internet Files Browser History Visited URL’s Downloaded Program Files Cleanup all traces of users access and data downloaded at the end of session.
30. Authentication Mechanisms Vast range of Authentication mechanisms to choose from Supported Authentication mechanisms Local Database RADIUS Active Directory (AD) LDAP RSA Secure ID Certificate based Authentication. Biometrics. SMS Two-Factor or Multi-Factor Authentication Support for One Time Password (OTP) and Public Key Infrastructure (PKI) Tokens
45. There are Three different access options with SSL VPN PHAT : Private Hyper Access Transport QAT : Quick Access Terminal WAT : Web Access Terminal Access options with SSL VPN
46. What is WAT Web Access Terminal (WAT) is clientless access modes where user needs just a browser to establish SSL VPN connection. Using WAT user can access web applications such as Outlook Web Access (OWA), Intranet, Share Point, web-based databases, etc from any location like Airport kiosk, Cyber Café, etc. What is PHAT Private Hyper Access Transport (PHAT) is one of the modes to access the Virtual Private Network (VPN). It’s small footprint web deployed software that gets installed on user’s machine. PHAT client provide IPSec like functionality to give full access to network. What is QAT Quick Access Terminal (QAT) is an intermediate client between the PHAT Client and the WAT Client. The users can access TCP based client applications without installing PHAT on their machines. Once configured by the Administrator for a particular group, QAT is started from the web portal. Access options with SSL VPN
47. Tunneling modes Split tunnel: Application traffic targeted specifically for VPN subnets is routed over SSL VPN tunnel to SSL VPN-Plus Gateway. Rest of the traffic flows follows normal LAN path. Full tunnel:All Application traffic is sent to SSL VPN-Plus Gateway over SSL VPN tunnel for routing. In this case, complete data from user’s machine can be monitored on SSL VPN-Plus Gateway. If local subnets are not excluded for user, the user won’t be able to access local LAN also.
48. Scenario 1Alternate Backup Link SSL Server www ADSL Link X Primary Link Tulip IDC Remote Location Tulip Connect MPLS Backbone ERP Servers Central Location
49. Scenario 2Instant Connectivity Remote Customer Location Tulip Connect Not yet Installed Or getting delayed (TNF) SSL Server www ADSL Link Primary Link Tulip IDC Remote Location Tulip Connect MPLS Backbone Customer Location Ready ERP Servers Central Location 30
50. Scenario 3Extranet Connectivity SSL Server www Tulip IDC Dealer Locations Primary Link Tulip Connect MPLS Backbone Remote Location ERP Servers Central Location 31
51. Scenario 4Enterprise Mobility SSL Server www Roaming Executives Tulip IDC User Moves Out Cyber Cafe Primary Link Tulip Connect MPLS Backbone Remote Location User ERP Servers Central Location 32
52. The New Standard - UTM Unified Threat Management / eXtensible Threat Management Integration of Firewall Deep Packet Inspection Intrusion Prevention for blocking network threats Anti-Virus for blocking file based threats Anti-Spyware for blocking Spyware Faster updates to the dynamic changing threat environment and elimination of False Positives Multilayered security Inhouse / Multivendor Approach
56. Application awarenessPRO Series as a Prevention Solution PS/GAV Dynamic Updates DPI DPI DPI DPI: Intrusion Prevention /Gateway AV/ Anti-Spy Server Zone Dept Zone User Zone Diagram courtesy Sonicwall
57.
58. Deep Packet Inspection with Intrusion Prevention can find and block, application vulnerabilities, worms or Trojans.Content Inspection Stateful PacketInspection Anti-Virus Content Filtering Service Deep PacketInspection Gateway Anti-Virus Anti-Spyware Firewall Traffic Path Diagram courtesy Sonicwall