Network Security Basic (Two Types of Networks)

1
Network Security Basic (Two Types of Networks)
Trusted
2
TRUSTED Co. Owned/Leased Bldg. (Fenced) Badge/Phys
ical Access Controls Locked Data
Closets Multi-factor Authentication
Intranet
UN-TRUSTED Lack of Controls
3
Security Perimeters/DMZs circa late 1990s
early 2000s
Partners, Suppliers,Vendors,
CustomersIntl. Co. Sites
Public Internet
Proxy Servers
Application
Servers
Firewall
T1 line
Eth 0
192.44.21.1
192.44.21.13
Firewall
i.e. 133.33.0.0
133.33.47.0 Server Farm subnet
Company
Intranet
4
Why So Simple ?? What Were Major Drivers ??
Partners, Suppliers,Vendors,
CustomersIntl. Co. Sites
Public Internet
Proxy Servers
Application
Servers
Firewall
T1 line
Firewalls 101
Eth 0
192.44.21.1
192.44.21.13
Firewall
i.e. 133.33.0.0
133.33.47.0 Server Farm subnet
Company
Intranet
5
1990s-2000s Major IT Business Drivers ??
WWW/HTTP
Maintenance Manuals Advertising Marketing
(Cookies)
E-mail/SMTP
Customer Contact/Service
What are 2007 Major IT Business Drivers ??
6
2007 Major IT Business Drivers ??
Accounting Cheaper/Better/Faster
SOx Sarbanes Oxley (Corp. Governance)
IT Value to Core Business ? Or Commodity ?
Mergers/Acquisitions/Divestitures
Security (Information Protection/Info. Assurance)
Mobility/Telecommuting/Virtual Office
Globalization
Technologies WLAN/802.11, VoIP, Video, 802.1X
Virtualization, Imaging, RFID
Cellular, WiMax, Provisioning Tools
7
Partners, Suppliers,Vendors,
CustomersIntl. Co. Sites
Starbucks
Proxy Servers
CorporateCampus
Intranet
LANSwitch
Perimeter
Server Farm subnet
8
AAAA Security Policy
Access - controlling the physical access,
encryption, data closet/server room
access. Authentication knowing you indeed are
who I think you are. Multi-factor
authentication. Authorization limiting this
access to specific resources. Audit
maintaining logs of unauthorized access attempts.
9
What are limitations what is missing ??
Partners, Suppliers,Vendors,
CustomersIntl. Co. Sites
Public Internet
Proxy Servers
Application
Servers
Firewall
T1 line
Eth 0
192.44.21.1
192.44.21.13
Firewall
i.e. 133.33.0.0
133.33.47.0 Server Farm subnet
Company
Intranet
10
Security Perimeters/DMZs circa 2007
Starbucks
Remote Access SOHO
802.11 WLAN
ISP
Partner/Supplier/Customer
ISP
Proxy Server VPN Server (terminate client
VPNs) Authentication Server (WPA/WPA2)
802.1X FTP/TFTP Server DHCP Server (External) DNS
Server (External) Directory Server (Trusts)
10/100/1000 Ethernet
Perimeter Core
Prevent spoofing
Router Terminating LAN to LAN VPN Tunnels
WPA
802.11 WLAN users
Intranet
Internal Co. Users
WEP
Onsite Partners
11
Firewall (allows everything outbound controls
inbound by ACL)
Security Perimeter
Authentication Server
Ethernet trunks containing (Ext VLAN) Along
with all campus traffic
LAN Switches
Internal User Flow
Servers
Data Center
Inter Campus OC48 (2 Gbps)
LAN Switches Access Switch
Hub Switch
Internal VLAN 27
External VLAN 924
VLAN to Perimeter
12
Why Do I Care ???? Its just zeros ones ! ! ! !
Business - Adding Value
13
Intelligent Wireless Systems
Management/Provisioning/Visibility
Network Location Services
14
AP Redundancy Failover
WLAN Controller
Access Point
Coverage Zone
Dynamic power adjustment to compensate for
offline AP
15
WLAN Controller Dynamic Channel Allocation
16
WLAN Controller Dynamic Channel Allocation
17
WLAN Controller Dynamic Channel Allocation
18
WLAN Controller Dynamic Channel Allocation
19
WLAN Controller RF Interference Detection
Avoidance
20
WLAN Controller Dynamic Channel Allocation
21
Factory 802.11 Wireless Infrastructure
Local Area Network
X
X
X
Local Area Network
22
Factory 802.11 Wireless AP Failover
Migration to Intelligent WLAN Controllers
23
IT Industry
Sense of Urgency
IT Viewed as Commodity Bean Counter World
Delivery System Mentality
LEAN
Value Add What Skills You Bring to Table
Similar Students Journey