1 / 17

Information Security in Real Business

MSIT 458: Information Security and Assurance. Information Security in Real Business. Asian Connection and Craig. Secure Remote Access for Company XYZ. Provide remote users secure access to internal corporate network resources – 1000 user company

whittakerr
Download Presentation

Information Security in Real Business

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MSIT 458: Information Security and Assurance Information Security in Real Business Asian Connection and Craig

  2. Secure Remote Access for Company XYZ • Provide remote users secure access to internal corporate network resources – 1000 user company • Remote users access the perimeter network from public Internet • Quantity of the threats are progressing and complexity is increasing – “Bot Nets” • The end-points are hard to secure and network security is a corporate standard • How do we trust the remote users while verify they are secure • Provide authenticated secure connection for remote users

  3. Secure Remote Access for Company XYZ • Why this problem is a general one that comes across multiple industry/education/government sectors? • Globalization – Companies have operations outside the US • Talent pool – No longer constrained by geographic limitations • Remote users - Increase in demand for users to work remotely

  4. Global Setup Frankfort Chicago Singapore

  5. Secure Remote Access for Company XYZ • Remote Users • Asia - 9 countries (100 users) • Europe – 10 countries (120 users) • Americas – 4 countries (780 users) • Security Verifications • Validate virus definitions files and active monitoring • Verify windows patches are current • Isolate worm virus from entering corporate network

  6. Existing State for Company XYZ • Users login through the public Internet using VPN client access • No Virus Checking • Patch Management is not verified • The user can use any computer with VPN client – no way to enforce corporate approved machines • No validation for malware or bot net infected machines

  7. Business Applications • Email and SharePoint • Business Intelligence Tools • SAS & ETL Tools • Business Data • Structured • Unstructured • File Server • Data Warehousing • ERP Systems

  8. User Landscape • Remote Users • Global Remote Offices - DSL connections • Home Users – Broadband Connections • Partners • Local and Off Shore – DSL / Public Internet • Higher Level privileges – above guest access

  9. Technical Solution • Symantec Network Admission Control • End Point Product is currently being used for Anti-Virus and Client security • “Single Pane of Glass” – One Management Interface is used to manage Anti-Virus, Client Firewall, Client Intrusion Prevention System and Network Admission Control • Microsoft Certificate Administration • Management is built into 2008 Active Directory

  10. Technical Solution Symantec Endpoint Protection Antivirus Security Patterns Symantec Gateway Enforcer • User attempts to connect to vpn.xyz.com • 2. Cisco ASA validates user Certificate with Windows 2008 Certificate Server VLAN 0 VLAN 1 Certificate Server ASA Firewall 1 2 AD Internet 3 - OK Network Access Control (NAC) Remote employees or partners

  11. TechnicalSolution Symantec Endpoint Protection Antivirus Security Patterns Symantec Gateway Enforcer 3. If Certificate is valid, information is passed back through the Cisco ASA and the user is allowed access to VLAN0 4.Computer information is passed to the Symantec Gateway Enforcer Gateway Enforcer checks for policy information from Symantec Endpoint Protection Server VLAN 0 VLAN 1 Certificate Server ASA Firewall 1 2 AD 3 Internet 3 - OK 4 4 Network Access Control (NAC) Remote employees or partners

  12. Technical Solution Symantec Endpoint Protection Antivirus Security Patterns Symantec Gateway Enforcer 5 . Gateway Enforcer compares remote computer security with policy from Symantec Endpoint Protection - If computer is not compliant information is presented to the user on steps needed to become compliant 6. When computer is compliant access is granted to internal VLAN VLAN 0 VLAN 1 Certificate Server ASA Firewall 1 2 AD 3 Internet 3 - OK 4 4 6 Network Access Control (NAC) 5 – Policy Check Remote employees or partners

  13. Technical Solution Symantec Endpoint Protection Antivirus Security Patterns Symantec Gateway Enforcer • Computer Connects locally to our network - Network Access Control performs policy check • 8. NAC will also determine what resources local users can access VLAN 0 VLAN 1 Certificate Server ASA Firewall 1 2 AD 3 Internet 3 - OK 4 4 6 Network Access Control (NAC) 5 – Policy Check Remote employees or partners

  14. Research Findings • Cisco • NAC appliances are expensive • There is integration with Microsoft’s Network Access Protection. (This can be utilized as we migrate to Windows 2008 and the next Desktop OS we roll-out) • Uses optional dissolvable or permanent agent or scanning function • Need to define how they will integrate 802.1x enforcement • Symantec • Uses the existing Endpoint infrastructure • Uses dissolvable agent or agentless scanning option for non-Symantec endpoints. • They have a separate model for 802.1x enforcement Source: Gartner Research

  15. Cost Comparison

  16. Requirements

  17. Some of the Consequences • Better protection for corporate assets against: • Trade secret leakage • Malwares, botnets, viruses, worms, etc • Ensuring proper usage of corporate resources • Trade off between additional security vs. additional operational overhead • Increasing IT support staff • 24x7 support availability • Initial time to establish connection is longer than the traditional VPN • Additional complexity requiring training for non-technical users

More Related