paul tatum director systems engineering secure your data center: from the infrastructure to the...
TRANSCRIPT
Paul TatumDirectorSystems Engineering
Secure Your Data Center: From the Infrastructure to the Operating System
> The IT Challenge> Threats and Vulnerabilities> Evaluating Your Security Posture> Mitigating the Risk> Monitoring the Threat> Secure and Open
Agenda
DrivesInfrastructure
Demand.On the
Network...New Consumers.
New Content.
New Devices.New Services.New Missions.
Sun Infrastructure Powersthe Network Economy
What is Driving Infrastructure Demand?
1995 2000 2005 2010TIME
Our Vision:
TheNetworkis the Computer
Internet Users
• 1.5+ billion people on the Net today• 390 gigabytes of data created every second• 50% new data growth
1.5 Billion
Everyone and everything participates on the network
Why does Security Matter?
FBI's 'human firewall' warns of computer crimes - 3/2/09, WorldNews
FAA suffers massive data breach;More than 45,000 affected -2/10/09 - FCW
Shawn Henry of the FBI calls computer crimes "the most critical threat to our way of life other than weapons of mass destruction."
The FAA has notified employees that one of its computers was hacked, and the personally identifiable information of more than 45,000 employees and retirees was stolen electronically.
IE security breach spurs emergency fix - 12/27/08 - AP
Microsoft Corp. is taking the unusual step of issuing an emergency fix for a security hole in its Internet Explorer software that has exposed millions of users to having their computers taken over by hackers.
http://www.sans.org/2008menaces
• Sophisticated Web Attacks (i.e. Conficker)• Botnets (i.e. Storm Worm)• Cyber Espionage (Military & Economic)• Mobile Phones / VOIP• Insider Attacks• Identity Theft from Persistent Bots (collectors)• Malicious Spyware• Web Applications• Blended Phishing• Supply Chain (thumb drives, CDs, GPS)
Top 10 Cyber Security Menaces
Security @ Sun
• 30,000 Employees• 10,000 Consultants• 100+ Countries• 5 Data Centers• 1000's of Suppliers• 6000 IT Servers• 5,800 Subnets• 130,000 ports
Reduce Costs
Web Services
ExtranetsPortals
DynamicUser Base
Operations
Help Desk DevelopmentIntegration
CorporateGovernance Internal
Threats
ExternalThreats
LegalMandates
Improve Access and
Service
Become More
Secure
Evaluating Your Security PostureBalancing Multiple, Competing Business Priorities
Security Control Best Practice Guide- ISO 27002• Risk Assessment• Security Policy• Assessment Management• HR Security• Physical Security• Communications • Access Control• IT Acquisition
Policy• Data Classification/Handling• Least Privileged• Separation of Duties• Data Encryption• Device Shredding• Strong Authentication• Session Logging, Auditing• User Provisioning• Patch Management
Establish theBoundary
Gather andAnalyze
Requirements
Securethe
Architecture
Perform aThreat Risk
Analysis
Validatethe
Architecture
Develop andExecute the
Plan
On Ramp
Process
Process – Auditor's Top Violations“Show me processes for prevention AND show me proof”
• Unidentified segregation of duties• OS/DB access to critical apps or portal not secure• Staff can run business transactions in production• Unauthorized access to “super user” • Previous employees have system access• Custom programs are not secured• Procedures for manual processes do not exist• System docs do not match actual process
Source: Ken Vander Wal, Partner, National Quality Leader, E&YISACA Sarbanes Conference, 4/6/04
People - Importance of Roles
Who is accessingwhat data and
which applications?
Who approved the access assigned
to users?
How can we enforce access control policies?
EMPLOYEES APPS & DATAACCESS MANAGEMENT
Product – Avoiding the Threat
• Display and manipulate sensitive data without it ever leaving the server
• Data is never cached• No hard disk or
addressable flash memory• No intellectual property risk
if a client is lost or stolen• No local operating system,
no client virus issues
SunRay Thin Client - No Local Data, Nothing Cached, No Viruses
Software Vulnerability Data
Sun Solaris
Xen
MySQL
Java
Microsoft Windows
VMWare
Oracle
0 200 400 600 800 1000 1200 1400
Distribution #
Less Vulnerabilities
=More Security
480
Only 10
Sun Solaris
Xen
MySQL
Java
Microsoft Windows
VMWare
Oracle
> 1M
> 110M
> 6B
> 500M
> 13M
> 10M
> 14M
75
Only 7
1280
68
580
# Vulnerabilities
OP
EN
SO
UR
CE
PR
OP
RIE
TA
RY
0 500 1000 1500 http://nvd.nist.gov/nvd.cfm
• Sun Security Home>http://www.sun.com/security
• Sun Inner Circle>http://www.sun.com/newsletters/
• Sun Security BluePrints>http://www.sun.com/blueprints
More Information
Categorize your Data & People Develop Sound Processes & Procedures Comprehensive Identity Management Think Thin Client Go Open Source, It's More Secure Use Multiple Layers in Securing
Everything
Ensuring Datacenter Security