Managed Security

Vikas Khanduri CCIE#13516,CCSP,CCDP,CCNP,MCSE

22Page Page 22

Security

• Security Challenges Security Challenges

• Security FailureSecurity Failure

• Verizon Managed Security OfferingVerizon Managed Security Offering

• Why VerizonWhy Verizon

33Page Page 33

State of the Internet

• Today 18% of the Internet bandwidth is attack traffic

• 30,000 hi-jacked computers waiting to attack systems

• Rapid expansion of regulatory requirements 1998 600 laws 2004 1,400 and growing

• Speedy updates are essential now 2004 it takes 10 days from known vulnerability to attack 2002 it was 180 days. MIT study showed that an un-patched NT system can be compromised in

only 55 seconds

• Computer viruses and hacking took a $1.6 trillion toll on the worldwide economy - $266 Billion in the US

44Page Page 44

Regulatory Challenges

• Each of the Regulatory Requirements focus on different data elements :Each of the Regulatory Requirements focus on different data elements : HIPAA – Medical Information GLBA – Client Financial Records Sarbanes-Oxley – Financial Records SB-1386 – Personally Identifiable Client Information

• Regulatory compliance requires:Regulatory compliance requires: Confidentiality Data Integrity Identification and Authentication (I&A) Authorization, Access Control and Audit (AAA) Monitoring and Incident Response Availabiilty Training

55Page Page 55

Operational Challenges

Expanding Perimeters?

Remote Access

Secure Storage

Wireless LANs

VoIP

Multi-platform management?

Disparate Networks

Multiple Vendors

Multiple SW License

Multiple staff skill sets

Change Management?

Inventory Control

Latest Patches

Virus Updates

Threat awareness?

Latest Vulnerabilities

Zero-day Attacks

66Page Page 66

• Firewalls and anti-virus don’t provide 100% Firewalls and anti-virus don’t provide 100% protectionprotection

• Every year, 50% of all organizations suffer from Every year, 50% of all organizations suffer from a serious security breacha serious security breach

• 99%99% of organizations who suffered had both of organizations who suffered had both firewalls and anti-virus in place firewalls and anti-virus in place

Existing Technology

Source: 2003 CSI/FBI Computer Crime & Research Survey

77Page Page 77

A False Sense of SecurityFirewalls and anti-virus

were not capable of stopping any of the last 4 major

internet attacks(Add Phishing, Blaster, Sasser, etc.)

88Page Page 88

Corporate Security Process Failure

Poor Solution

Design

Lack of

Policy

Lack of training

Limited Monitoring

No 24x7

No escalation

No Appliance health Check

No Auditing or

App Verification

No Management

Or Reporting

No Hardening

Or Fine Tuning

99Page Page 99

Verizon Managed Security OfferingVerizon Managed Security Offering

Router

IDS

Firewall IPS

VPN

WWW, DNS,

Telnet, FTP,

SMTP, RADIUS, Etc

Dial-in

DMZ

Internet

Corporate

VendorFirst Line

of Defense

2 Defense

Stateful InspectionMonitor

3 DefenseIPS

Monitor

4 Defense

Remote

Access

Firewall

Remote Users

1010Page Page 1010

Internal SecurityInternal Security

Outside INSIDE Switch

Cache

CSA

AS400

RouterMobile

AAAContent Filter

DirectUn

AccessProtected

1111Page Page 1111

Internal SecurityInternal Security

Outside INSIDE Switch

Cache

SSL VPN

CSA

MonitorAS400

RouterMobile

AAAContent Filter

Secured

AccessProtected

DirectUn

AccessProtected

1212Page Page 1212

VPN Premise WatchVPN Premise Watch

VZ GSOC

VPN Tunnel

VP

N Tunnel

VPN Tunnel

VPN Tun

nel

VPN Tunnel

VPN Tunnel

VPN Tunnel VPN Tunnel VPN Tunnel

VPN Tunnel

VPN Tunnel

Data Center

Remote Access

VPN Tunnel

1313Page Page 1313

Value Added Data Services (VADS)Value Added Data Services (VADS)

MPLS Non MPLS

Remote Access

VADS Server

Site3

Site1 Site4

Site2

HQ

1414Page Page 1414

Managed Security ProcessManaged Security Process

1515Page Page 1515

Why Verizon?

• Financially stable companyFinancially stable company

• Verizon CommitmentVerizon Commitment

• Comprehensive security solution set Comprehensive security solution set

• Account reachAccount reach

• Trusted PartnerTrusted Partner

• Technical Expertise Technical Expertise CISSP,CCIE,CCSP,CCDP,CCNP,CCDA,CCNA,MCSECISSP,CCIE,CCSP,CCDP,CCNP,CCDA,CCNA,MCSE

• Financially stable companyFinancially stable company

• Verizon CommitmentVerizon Commitment

• Comprehensive security solution set Comprehensive security solution set

• Account reachAccount reach

• Trusted PartnerTrusted Partner

• Technical Expertise Technical Expertise CISSP,CCIE,CCSP,CCDP,CCNP,CCDA,CCNA,MCSECISSP,CCIE,CCSP,CCDP,CCNP,CCDA,CCNA,MCSE