Upload
egbert-foster
View
218
Download
2
Tags:
Embed Size (px)
Citation preview
2
Security Incidents are Increasing
The number of reported Virus incidents has grown from 21,000 in 2000 to 130,000 in 2003
The worldwide cost of Worms & Viruses is now estimated at $180 Billion per year
The Corporate IT Forum (UK) calculates that each security incident cost £122,000 (~ $230,00)0
500
1,000
1,500
2,000
2,500
3,000
3,500
4,000
4,500 Total Vulnerabilities Reported to CERT Coordination Center 1995 - 2003
Total Vulnerabilities Reported to CERT Coordination Center 1995 - 2003
Source: Carnegie Mellon University
•Reported Security Events have increased dramatically year over year
•Unreported events are many times more than this number
3
The Security Management Challenge
2001
Code Red
2003
SQL Slammer
Infection Rate / Hour 1.8 hosts 420 hosts
Time to Double # Infected PCs 37 mins 8.5 secs
Time to infect all targets 24 hours 30 minutes
• Speed and effectiveness of internet viruses has improved dramatically in just 2 years
• It is expected that massive Denial of Service will be possible in just minutes in 2005 and beyond
4
INTELLIGENCE
Escalating Concerns AreDemanding More of The Network
Capacity
Connectivity
Co
nti
nu
ity
Co
nte
xt
Co
ntr
ol
Co
mp
lian
ce
Co
nso
lidat
ion
Cost
21st Century Networking
TraditionalNetworkingFocus
Security
The 5C’s
5
The Challenge
Business Appliances
Household Appliances
Internet & Intranet
Sub-Contractors
Customers
Visitors
Suppliers
Partners
Viruses
Worms
Denial of Service
Intellectual Property Theft
Regulated Compliance
Reputation
TechnologyIs Converging
Users AreConverging
Threats Are Converging
Value Propositions Are Converging
MakeSecurityPervasive
Storage Over IP
Video Over IP
Voice Over IP
End systems
Appliances
Software
Network
Compliance
Consolidation
Control
Context
Continuity
Capacity
Connectivity
Cost
6
ProblemSpace
The Security Incident Problem Space
Known Unknown
Slow
Fast
Type of Attack
Sp
eed
of
Pro
pag
atio
n /
Sp
eed
of
Re
spo
ns
e
DetectionPrevention
Response
Minimize Problem Space via• Granular control• Automated Response• Risk mitigation• End to end visibility
The goal of Secure Networks is to minimize the “problem space”
8
Secure Networks
NetSight Policy Mgr
REMOTE OFFICE
BRANCH OFFICE
CORE
Matrix N7
Matrix N7
Matrix E1
RoamAbout R2
Matrix N7
NIDS
Dragon Server
XSR1800
RoamAbout R2
NIDS
XSR 3100NIDS
X-Pedition ER16
HIDS
GLOBAL DISTRIBUTION POLICY IDENTITY DRIVEN DYNAMIC RESPONSE
VPN
NetSight RSM Manager
CORE POLICY
Built in system-wide security
Hacker
9
“Inside Threats” Security Paradigm Shift
Internet
Enterprise Switches
WAN Router
Corporate Network
Servers
“Inside Threats” can Attack on Every Port in the Entire Network
“Outside Threats” can Attack only on a Single Known Port
10
Vulnerability of Present Day Networks
Branch/Remote Office
CORE
INTERNET
Data Center
VPN
DMZ
SOHO/Mobile Office
Anti-Virus/Personal Firewall VPN Firewall IDS
• CODE RED
• SO BIG .F
• NIMBDA
• BLASTER
• SLAMMER
11
Secure DNA: Enterasys Product Offerings
End-to-end product portfolio uniquely focused on building secure enterprise data networks
LAN EDGE LAN CORE NETWORK MANAGEMENT
REMOTE & BRANCH LOCATIONS
LAN DATA CENTER
MatrixN-Series & E-Series
StandaloneMatrix E-Series C & V-Series
WANStackableMatrix C & V-Series
RoamAboutWireless
X-Pedition
MatrixN-Series & E-Series
X-Pedition
MatrixN-Series & E-Series
RegionalXSR
MatrixN-Series & E-Series
StandaloneMatrix E-SeriesC & V-Series
StackableMatrix C & V-Series
RoamAboutWireless
Dragon ServerNetSight AtlasPolicy ManagerInventory ManagerSecurity ManagerConsole
VPN
NIDS
NIDS
Branch XSR
Servers
Anti-Virus/Personal Firewall VPN Firewall IDS
12
Value of Enterasys Secure Networks
Branch/Remote Office
CORE
INTERNET
Data Center
VPN
DMZ
SOHO/Mobile Office
Anti-Virus/Personal Firewall VPN Firewall IDS • CODE RED
• SO BIG .F
• NIMBDA
• BLASTER
• SLAMMER
13
Challenges with Traditional Access Control
Extended Edge
Core
Servers
Edge
Distribution
“Blue” VLAN
“Green” VLAN
“Red” VLAN
ACLs are complex to configure, are tied to “interfaces”, and are typically “permit/deny” only*
VLANs are complex to configure and troubleshoot, and provide no
protection within VLAN * Separate configuration is required for authentication, QoS, rate limiting, etc.
14
Enterasys’ Policy-based Network Overview
Dramatically reduces the time/resources required to implement infrastructure security (versus ACLs and
VLANs) at the network edge
The foundation of Enterasys’ Secure Networks™
Core
Servers
Edge
Distribution
Policy
Bill
15
Secure Networks™ Solutions
Acceptable Use Policy
• A security policy solution for
acceptable use of network resources
Secure Application Provisioning
• A Role-based security policy solution for
business application usage
Secure Guest Access
• A security driven visitor networking solution
Single Sign-On
• A consolidated user credential solution for network and application access
Dynamic Intrusion Response
• An automated security response solution for identified threats to the enterprise network
16
A Process for Dynamic Intrusion Response
Introducing Dynamic Intrusion Response
BusinessService
NetworkInfrastructure
Martix™Access DeviceClient SystemUser
Response – The specific response for the security breach is enforced at the exact source (Disable port, enforce Quarantine policy, etc.)
NetSight Atlas™Policy Manager
Quarantine Policy Creation – Central administration of a quarantine security policy role and distribution to the enterprise network infrastructure.
Dragon™Intrusion Detection
Intrusion Detection – A Security event that penetrates the network infrastructure is immediately identified.
NetSight Atlas™Console
WithAutomated Security
Manager
Event Notification – The security breach event is passed to the Automated Security Manager application where pre-defined actions are configured.
Location and Enforcement – The exact physical source of the security event is located, and the pre-defined response is enforced to the source network port.
17
Enterasys’ Flow Setup Throttling
Core
Servers
Edge
Flow Setup Throttling (FST) provides an alarm and then disables a port as a result of a spike in new flows caused by network threats
Matrix N-Series is the Only Enterprise Switch based on a Flow-based Design
Matrix N-Series
Distribution
18
Solution: Dynamic Intrusion Response
Enterasys’ Dynamic Intrusion Response provides UNC with:
• Sensors throughout the network to identify and alert UNC of any suspicious activity or intrusion
• Centralized management to quickly apply security policies across the entire campus network with a single click
• Role-based policy management to prevent unauthorized use of network resources by students, faculty and staff
• A network that provides the highest level of security---without negatively impacting productivity
Challenge:
Enterasys Solution:
Value Impact:
University of North Carolina, Chapel Hill
Ensure high network availability and information assurance—campus wide—in the face of emerging known and unknown security threats
UNC needs to provide continuity to support a complex user community of students, faculty and staff. It also required the control and context to identify any suspect user, application or device, and quickly isolate the problem before it affects the rest of the network
Secure Network Requirements:
UNC’s network must be able to handle the outbreak of various viruses and worms (e.g., Blaster and Slammer) through centralized management and real-time intrusion defense to minimize downtime, protect assets and ensure users have access to the appropriate resources
When the Blaster worm hit, Dynamic Intrusion Response alerted UNC of the attack and enabled them to quickly apply Layer 4 filters to the edge, containing the threat before it spread – realized through Matrix N-Series switches – Dragon intrusion defense system – NetSight Atlas management
21
Secure Network Attributes
Deployable Today Across Entire Product Line
- People- Security Events
- Network
Total Visibility
- Who, What, When, Where, Why?
- Users, Devices, Departments, Protocols, Applications
- Deploy and Enforce Security Policy Throughout Enterprise
- Simple Management of Complex Tasks
- Automated Assessment, Detection, Response and Prevention
- Entire network infrastructure
- Complements existing security measures
Identity & Context Intelligence
Distributed Policy Enforcement
Centralized, Granular Control
Open Interoperability
Single Action System-LevelManagement
Dynamic Response and Protection
- Standards based