QTS: VPN Conclusion

04/10/23 1

Fundamentals of Internet Security: VPN Conclusion

Fundamentals of Internet Security

VPN Conclusion

Presented by Neil A. Rosenberg

President & CEO

Quality Technology Solutions, Inc.

04/10/23 2

What is Computer Security?• Intrusion Detection/Response?• Confidentiality Protection &

Encryption?• Single Sign-On?• Network & Firewall Configuration?• Training & Awareness?• Secure Email?• Virus Protection?• Access Control?• Electronic Records Management?• eBusiness?• Remote Access?• Virtual Private Networks?• Certificate Management?

• Identification & Authentication?• Packet Filters?• Vulnerability Reduction?• Disaster Recovery?• Denial of Service Attacks?• Risk Assessment?• Quality of Service?• Network Directory Service?• Audits/Reviews?• Policy-Based Management?• Secure Messaging and

Collaboration?• Authentication & Digital Identity

04/10/23 3

Network IDS

ContentManagement

MultiFactorAuthentication

SingleSign-On

Penetration &Attack Testing

SecurityAudit

Desktop IDS

Host IDS

Directory & LDAP

Malicious Code

AntivirusSecurityPolicy

FIREWALL

Strong Authentication

DigitalCertificates

04/10/23 4

Security is a Complete System,not a product

Requires objectives and clear focus

04/10/23 5

Firewall• Control inbound and outbound access• Log traffic• Deter and block attacks• Generate alarms

04/10/23 6

Intrusion Detection• Hackers• Crackers• Denial of Service, DDOS attacks

Protection versus Internal & External Attacks and Threats

04/10/23 7

VPN• Authentication• Encryption

• Client to Site• Site to Site• Extranet

04/10/23 8

Authentication & Identity• Passwords• Tokens• Biometrics & Multifactor Authentication• Digital Certificates• SSL• Directories & LDAP• Single Sign-On

04/10/23 9

Bandwidth Management• Control prioritization of data through the pipe• Assess needs for additional bandwidth• Track and Enforce SLAs

04/10/23 10

Content Management• Viruses• Vandals (Java, ActiveX)• Worms• Trojan Horses• Scripts

04/10/23 11

VPN & Authentication Best Practices

04/10/23 12

Define Business Objectives• Define Remote Access Needs – specifically• Define key applications and data access• Define Goals – cost reduction? user

empowerment?

04/10/23 13

Management• Get buy-in on objectives• Get input on security versus access trade-off, in

advance – “on a scale of 1-10, with 1 being most access, least secure, and 10 being minimal access, most secure, where should we be?”

• Develop & get sign-off on security policy

04/10/23 14

Keep It Simple• Centralize Management• Integrate Directories & Authentication – Leverage

Your Directory!• Seamless User Experience• Minimize client side deployment of software

(intrusiveness, licensing fees)

04/10/23 15

Leverage the Directory!• LDAP• RADIUS• Manage one set of passwords – please!

04/10/23 16

Client Side Setup• Use Personal Firewall to defend at all

vulnerability points, and lock down if not• Standardize client install process (cookbook) and

deploy with CD/diskettes with all required files (or from web server)

• Schedule Installation Appointments to proactively manage client PC setup issues

04/10/23 17

General Issues• Ensure private addresses are non-conflicting• Control synchronization (Domain, etc.) and

similar traffic over low bandwidth lines• Implement bandwidth management• “Don’t span the WAN” – design similarly• Centralize Management of VPN, remote resources• Use NFuse and RSA ACE Server for browser

based authentication & access from non-VPN (Internet terminals)

04/10/23 18

Authentication• Define and enforce password rules and changes• Implement single sign-on solution to minimize

passwords users need to track – each one is a vulnerability

• Implement Strong Authentication (token, certificate, smart card, biometrics) or Graded, Multifactor Authentication

04/10/23 19

Web Server Security• Lock Down IIS – numerous TIDs, or have us audit• Use SSL to encrypt• If eCommerce, purchase Digital Certificates from

a trusted CA• Only open necessary comm ports from web

server(s) back to the internal network

04/10/23 20

Secure Network Design

Server

Firewall

Router

Web Server Mail Server

Internet

Mail ServerCitrix Server

ServerServer

eCommerceWeb Server

ACE Server

NFuse Server

IDS Sensor

Backup ACE Server

ManagementComputer

DB Server

Computer

Laptop

Router

Firewall

04/10/23 21

Best Practice Network Security Implementation

• Strong authentication for all users – not weak passwords!

• Multi-layer security perimeters to restrict access • Intrusion Detection to analyze traffic in critical areas• VPNs to cost-effectively extend connectivity and

ensure data privacy• Periodic network risk assessments • On-going policy development and training• Antivirus solution and strong email security & policy

04/10/23 22

Next Steps

• Do you have an information security plan for your business?

• Has that plan been communicated, implemented and tested?

• Do you have professional staff capable of managing and monitoring security?

• Do you need outside help?

04/10/23 23

For More Information• www.QTSnet.com/security

• www.checkpoint.com

• Xforce.iss.net

• www.microsoft.com/security

• www.novell.com/info/security

• securityfocus.com

• www.cert.org

• www.sans.org

• www.securityportal.com

• razor.bindview.com

04/10/23 24

Upcoming Events• Tuesday, Oct 23rd – MetaFrame XP• Thursday, Nov 15th – Fundamentals of Internet

Security Part III – Bandwidth Management and Content Management (with Aladdin)

• Tuesday, November 20th – Introduction to PKI and Digital Certificates (with RSA)

04/10/23 25

Questions & AnswersNeil Rosenberg

Quality Technology Solutions, Inc.76 South Orange AvenueSouth Orange, NJ 07079

(973)761-5400 x230Fax (973)761-1881

nrosenberg@QTSnet.comwww.QTSnet.com

QTS: VPN Conclusion

Documents

Transcript of QTS: VPN Conclusion

QNAP QTS 4.0 Bali.ppt

QTS Realty Trust, Inc.filecache.investorroom.com/mr5ir_qualitytech/382...QTS Realty Trust, Inc. 10 QTS - Alinda Joint Venture Overview Joint Venture Overview Partner Alinda Capital

QTS INSERT 8

QTS Literacy Booster

QTs IIIb: “miraculous” and “missing” heritability

QTS Presentation

ABAP Real Qts

Brant Radiant Heaters, Ltd. QTS Serieshydronichvac.com/wp-content/uploads/QTS-Manaul_BRH_9-12.pdf · 1.0 Introduction 2 QTS Series 3 Overview The intent of this manual is to provide

Provincial Programming & Updates - Swim Ontario · 2017. 12. 12. · Bonus structure. 1 QT = 3 Bonus. 2 QTs= 2 Bonus: 3 QTs = 1 Bonus. 4 or more QTs = 0 Bonus . 1 QT = 3 Bonus. ...

Encrypting Wireless Data with VPN Techniques. Topics Objectives VPN Overview Common VPN Protocols Conclusion.

QTS User Guide

BA(Hons) Primary Teaching (QTS) with Sports & …kis.hope.ac.uk/KIS/BAPrimaryTeachingwithSportsandPE.pdfBA(Hons) Primary Teaching (QTS) with Sports & Physical Education Programme Specification

QTS Class Action Complaint & Summons

Gain Qualified Teacher Status (QTS)

QTS User Manual SMB Esp 4.2

Alter Ego of QTS - QNAP Systems

QTS Information David Wright

QTS Trade Information: Lauren Mcdonald

teradata qts

PRIMARY AND EARLY YEARS TEACHER TRAINING IN PARTNERSHIP ... · PRIMARY AND EARLY YEARS TEACHER TRAINING IN PARTNERSHIP WITH BCU ... Wk. W/C BA QTS YR1 BA QTS YR2 BA QTS YR3 PGCE 1