managed security vikas khanduri ccie#13516,ccsp,ccdp,ccnp,mcse
TRANSCRIPT
Managed Security
Vikas Khanduri CCIE#13516,CCSP,CCDP,CCNP,MCSE
22Page Page 22
Security
• Security Challenges Security Challenges
• Security FailureSecurity Failure
• Verizon Managed Security OfferingVerizon Managed Security Offering
• Why VerizonWhy Verizon
33Page Page 33
State of the Internet
• Today 18% of the Internet bandwidth is attack traffic
• 30,000 hi-jacked computers waiting to attack systems
• Rapid expansion of regulatory requirements 1998 600 laws 2004 1,400 and growing
• Speedy updates are essential now 2004 it takes 10 days from known vulnerability to attack 2002 it was 180 days. MIT study showed that an un-patched NT system can be compromised in
only 55 seconds
• Computer viruses and hacking took a $1.6 trillion toll on the worldwide economy - $266 Billion in the US
44Page Page 44
Regulatory Challenges
• Each of the Regulatory Requirements focus on different data elements :Each of the Regulatory Requirements focus on different data elements : HIPAA – Medical Information GLBA – Client Financial Records Sarbanes-Oxley – Financial Records SB-1386 – Personally Identifiable Client Information
• Regulatory compliance requires:Regulatory compliance requires: Confidentiality Data Integrity Identification and Authentication (I&A) Authorization, Access Control and Audit (AAA) Monitoring and Incident Response Availabiilty Training
55Page Page 55
Operational Challenges
Expanding Perimeters?
Remote Access
Secure Storage
Wireless LANs
VoIP
Multi-platform management?
Disparate Networks
Multiple Vendors
Multiple SW License
Multiple staff skill sets
Change Management?
Inventory Control
Latest Patches
Virus Updates
Threat awareness?
Latest Vulnerabilities
Zero-day Attacks
66Page Page 66
• Firewalls and anti-virus don’t provide 100% Firewalls and anti-virus don’t provide 100% protectionprotection
• Every year, 50% of all organizations suffer from Every year, 50% of all organizations suffer from a serious security breacha serious security breach
• 99%99% of organizations who suffered had both of organizations who suffered had both firewalls and anti-virus in place firewalls and anti-virus in place
Existing Technology
Source: 2003 CSI/FBI Computer Crime & Research Survey
77Page Page 77
A False Sense of SecurityFirewalls and anti-virus
were not capable of stopping any of the last 4 major
internet attacks(Add Phishing, Blaster, Sasser, etc.)
88Page Page 88
Corporate Security Process Failure
Poor Solution
Design
Lack of
Policy
Lack of training
Limited Monitoring
No 24x7
No escalation
No Appliance health Check
No Auditing or
App Verification
No Management
Or Reporting
No Hardening
Or Fine Tuning
99Page Page 99
Verizon Managed Security OfferingVerizon Managed Security Offering
Router
IDS
Firewall IPS
VPN
WWW, DNS,
Telnet, FTP,
SMTP, RADIUS, Etc
Dial-in
DMZ
Internet
Corporate
VendorFirst Line
of Defense
2 Defense
Stateful InspectionMonitor
3 DefenseIPS
Monitor
4 Defense
Remote
Access
Firewall
Remote Users
1010Page Page 1010
Internal SecurityInternal Security
Outside INSIDE Switch
Cache
CSA
AS400
RouterMobile
AAAContent Filter
DirectUn
AccessProtected
1111Page Page 1111
Internal SecurityInternal Security
Outside INSIDE Switch
Cache
SSL VPN
CSA
MonitorAS400
RouterMobile
AAAContent Filter
Secured
AccessProtected
DirectUn
AccessProtected
1212Page Page 1212
VPN Premise WatchVPN Premise Watch
VZ GSOC
VPN Tunnel
VP
N Tunnel
VPN Tunnel
VPN Tun
nel
VPN Tunnel
VPN Tunnel
VPN Tunnel VPN Tunnel VPN Tunnel
VPN Tunnel
VPN Tunnel
Data Center
Remote Access
VPN Tunnel
1313Page Page 1313
Value Added Data Services (VADS)Value Added Data Services (VADS)
MPLS Non MPLS
Remote Access
VADS Server
Site3
Site1 Site4
Site2
HQ
1414Page Page 1414
Managed Security ProcessManaged Security Process
1515Page Page 1515
Why Verizon?
• Financially stable companyFinancially stable company
• Verizon CommitmentVerizon Commitment
• Comprehensive security solution set Comprehensive security solution set
• Account reachAccount reach
• Trusted PartnerTrusted Partner
• Technical Expertise Technical Expertise CISSP,CCIE,CCSP,CCDP,CCNP,CCDA,CCNA,MCSECISSP,CCIE,CCSP,CCDP,CCNP,CCDA,CCNA,MCSE
• Financially stable companyFinancially stable company
• Verizon CommitmentVerizon Commitment
• Comprehensive security solution set Comprehensive security solution set
• Account reachAccount reach
• Trusted PartnerTrusted Partner
• Technical Expertise Technical Expertise CISSP,CCIE,CCSP,CCDP,CCNP,CCDA,CCNA,MCSECISSP,CCIE,CCSP,CCDP,CCNP,CCDA,CCNA,MCSE