1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.
-
Upload
carla-sheard -
Category
Documents
-
view
215 -
download
0
Transcript of 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.
![Page 1: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/1.jpg)
1
Endpoint Security ConsiderationsEndpoint Security Considerations
![Page 2: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/2.jpg)
2
Agenda
Open NetworksPROs & CONsChallengesAlternatives
![Page 3: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/3.jpg)
3
Open Networks are … Open
P2P applications
Wireless
Net Meeting
Instant Messenger
Internet access
Outsourcing
Wireless
Partners/Consultants
Telecommuting
Traveling Employees
Website access
Inside Outside
PE
RIM
ET
ER
![Page 4: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/4.jpg)
4
Information Security Challenges
Know When you are Finished ?
Missing protection Security investment
not at work
Misconfiguration Solve ‘solved’ problems
again and again
Misuse/Misbehavior Tradeoff Protection
for productivity
Missing in action Chasing the unknown
What to do ?...
![Page 5: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/5.jpg)
5
Challenge
Finished when you Stop Rogues
OpenNetworks
ValidDevice
ValidDevice
ValidDeviceValid
Device
RogueDevice
RogueDevice
![Page 6: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/6.jpg)
6
Challenge
and…Prevent valid devices from becoming Rogues
OpenNetworks
ValidDevice
ValidDevice
ValidDeviceValid
Device
RogueDevice
RogueDevice
![Page 7: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/7.jpg)
7
Open Network
What is a Rogue?
Gartner Vulnerabilities
Old PatchOld Patch
Recent PatchRecent Patch
New VulnerabilityNew Vulnerability
MisconfigurationMisconfiguration
Customer experience
Rogues
![Page 8: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/8.jpg)
8
Compliance Models
Voluntary Compliance Model
Turning the crank faster doesn’t help
![Page 9: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/9.jpg)
9
Process
Discover –missing in action
Protect
- mis-configuration,
- missing protection,
- misuse and misbehavior.
Enforce
- endpoints,
- access points
- all of the time.
Remediate – to reconnect
![Page 10: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/10.jpg)
10
Know when you’re finished
![Page 11: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/11.jpg)
11
Requirements
Devices – managed, unmanaged, unmanageable
Roles – educate software not people
Processes - network, security, operations
Plumbing – switches, wireless, VPN, SSL
Relentless – always, everywhere
![Page 12: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/12.jpg)
12
Managed Unmanaged
Corporate-owned devices
Computers owned by
partners, suppliers, customers,
outsourcers, employees or public
kiosks
Network Dark Matter
rogue computers, network
infrastructure, and embedded
devices
Unmanageable
Devices
![Page 13: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/13.jpg)
13
Educate software not people
Security policies must adapt from HQ to hotel to home to hotspot
Policies must change by role, device type, location and connection
Without transparency, CSOs must choose between good security or productive users
Adaptive PoliciesRole Device Type Network Location Policy
Executive Corporate Owned Enterprise LAN Trusted, file sharing on, full application access
Sales person Employee Owned Home wireless HI, file sharing off, IM off, print sharing off, limited application access
Outsourcer Unknown Public Internet VD, HI, SSL VPN access only and webmail only with data sanitization
![Page 14: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/14.jpg)
15
NAC * NAP * TNC Comparison
![Page 15: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/15.jpg)
16
Trusted Computing Group Standards
TCG –a thought leading organization working together to help enterprises ensure a trusted computing environment
Trusted Network Connect Sub-Group is creating a standard for interoperability to prevent untrustworthy devices from connecting to enterprise networks.
Leverage existing standards – current consideration- IEEE 802.1x protocol and the IETF EAP RFC 3748 protocol for
host access negotiation with network devices. - RADIUS [RFC 2865] for making access verification decisions
and defining network access privileges.
Ability to leverage the Trusted Platform Module (TPM) microchip for hardware based level of assurance.
![Page 16: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/16.jpg)
17
Summary – Requirements
Devices – managed, unmanaged, unmanageable
Roles – educate software not people
Process – security, network, operations
Plumbing – switches, wireless, VPN, SSL
Relentless – always, everywhere
![Page 17: 1 Endpoint Security Considerations. 2 Agenda Open Networks PROs & CONs Challenges Alternatives.](https://reader035.fdocuments.us/reader035/viewer/2022081515/56649c6e5503460f949203de/html5/thumbnails/17.jpg)
Thank you for your time