-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
1/41
NEXT GENERATION NETWORK
INSECURITY
Anupam Tiwar i CCCSP,CEH
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
2/41
Ek din bik jayega,
Matee ke molJag me reh jayengepyare tere bol
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
3/41
Ek din bik jayega,
Matee ke molJag me reh jayengepyare tere bol AUR..
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
4/41
ye bh i delete kar de!!!!!
A Good fr iendwill be at your funeral.
The Bes t fr iendwill miss it because he will be too busy
breaking into your houseand t ry ing to clean your b rowser h is to ry and al l t races!!!!!!
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
5/41
NEXT GENERATION NETWORKINSECURITY
Mostly OverEstimated / UnderEstimated
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
6/41
CUTTING THROUGH THE
HYPE : WHAT IS TRUE NEXTGENERATION SECURITY ?
.t he number of t rans is to rs on
IC doub les approx every 18 mo nths! !!
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
7/41
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
8/41
Why is Securing the ITEnvironment getting
DIFFICULT by day?
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
9/41
LETS GET BACK BY FEW YEARS!!!!When securing the IT environment was easier than it is today.
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
10/41
Basic information such asusers locations,
the applicationsthey were running and thetypes of devicesthey were using wereknown variables.
LETS GET BACK BY FEW YEARS!!!!
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
11/41
In addition, thisinformation
was fairly static, so securitypolicies scaled reasonably well
LETS GET BACK BY FEW YEARS!!!!
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
12/41
Applications ran on dedicated serversinthe data center
LETS GET BACK BY FEW YEARS!!!!
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
13/41
The IT organization controlledaccessto those applications andestablished boundaries toenforcesecurity policies
LETS GET BACK BY FEW YEARS!!!!
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
14/41
for the most partthe network experienced
predictable traffic patterns
LETS GET BACK BY FEW YEARS!!!!
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
15/41
HAPPY CISO!!!!!!
TOUCHING MOMENT
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
16/41
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
17/41
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
18/41
Changing the way the network is Arch i tected
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
19/41
Appl icat ions/Datamay move betweenserversor
evendata cen tersorcountr ies
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
20/41
Mult ip le diversemobi ledevicesconnectto the corpo rate
netwo rk f rom var iouslocat ions
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
21/41
At the same time, users are
extending the corporate network
by going to the cloud for
collaborative applications likeDropbox or Google
IT no longer knows which
devices may connect to the
network or their location.
Data isnt just safely resting in the
data center; it is traversing
the countries.
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
22/41
BOTNETS
40% of the computers
are Botted
A botnet is a collection of internet-
connected programs
communicating with other
similar programs in order toperform tasks.
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
23/41
S ll thi
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
24/41
So all thisalong withthese two
CurrentGiants make
a great
AttackSurface
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
25/41
CRIMEWAREas aSERVICE
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
26/41
PRISMi s a mass elec t ron i c survei ll ance data min ing program known to havebeen op erated by the Uni ted States Nat ional Secur i ty Ag ency (NSA) since 2007
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
27/41
The Centra l Moni tor ing System is amass elec t ron ic
survei l lanceprogram instal led by C-DOT, an Ind ian
Government owned agency .
The CMS gives Ind ia's securi ty agenc ies and income tax
off ic ialscentral ized access to Ind ia's
telecommunications netwo rkand th e abi l i ty to
l isten inon & record mobi leland l ine and satell it ecal ls and ) , and readp r ivate ema il s, SMS and MMS and t rack the geog raph ical
locat ion of ind iv iduals , al l in real t ime.
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
28/41
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
29/41
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
30/41
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
31/41
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
32/41
Identify and control
Applications onany Port
Application developers no longer adhere
to standard port, protocol, or application
mapping.
Applications such as instant messaging,
peer-to-peer file sharing or Voice over IPare capable of operating on non-standard
ports or can hop ports.
Additionally, users are increasingly
savvy enough to force applications to run
over non-standard ports.
In order to enforce application specific
policies where ports are increasingly
irrelevant, the next gen future firewall
must assume that any application can
run on any port.
future firewall must classify traffic,
by application, on all portsall the time.
Firewall mustMost organizations have security
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
33/41
Firewall must
identify and control
circumventors
Most organizations have security
Policies and controls designed to enforce
security policies.
Proxies, remote access, and encrypted
tunnel applications are specifically usedto circumvent security controls like
firewalls, URL filtering, IPS, and secure
web gateways.
The future firewall requires specific techniques
to deal with all of these applications, regardless
of port, protocol, encryption, or other evasive tactic.
One more consideration: these applications are
regularly updated to make them harder to detect
and control. So it is important the future firewallcan identify these circumvention applications,
and will also ensure that your firewalls application
intelligence is updated and maintained on an
ongoing basis.
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
34/41
Decrypt
outbound SSL
Today, more than 30% of network traffic
is SSL-encrypted
Given the increasing adoption of
HTTPS for many popular applicationsthat end-users employ (e.g., Gmail,
Facebook), and users ability to force
SSL on many websites, network
security teams have a large and
growing blind spot without decrypting,
classifying, controlling, and scanningSSL-encrypted traffic.
Certainly, the future firewall must be
flexible enough that certain types of
SSL-encrypted traffic can be left
alone (e.g., web traffic from financial
services or health
care organizations) while other types
(e.g., SSL on nonstandard ports, HTTPS
from unclassified websites can be
decrypted via policy.
Scan f viruse
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
35/41
Scan forviruses
and malware in
allowedcollaborativeapplications
Enterprises continue to adopt
collaborative applications hosted outside
their physical locations.
Microsoft SharePoint, Google Docs,
Box.net orMicrosoft Office 365, or an
extranet application hosted by a contractor or
business partner,
These applications are considered to be a
high-risk threat vector
Furthermore, applications like Microsoft
SharePoint rely on supporting
technologies that are regular targets for
exploits including Microsoft SQL Server or
IIS.
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
36/41
Deal with
unknown traffic
by policy
There will always be unknown traffic
and it will always represent significant
risks to any organization.
Forcustom developed applications, there should
be a way to develop a custom identifierso that
traffic is counted as known.
The future firewall should attempt to
classify all traffic.
Positive (default deny) vs Negative
(default allow)
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
37/41
Identify and control
applications sharing
the same connection
Gmail which has the ability to spawn a Google Talk
session from within the Gmail session. Gmail andGoogle Talk are fundamentally different
applications, and your future firewall should
recognize that, and enable the appropriate policy
response for each.
Applications share sessions.
WHAT DO WE DO TODAY?
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
38/41
TAKE CONTROLLED RISK
WHAT DO WE DO TODAY?
NO TWO ORG orUSERS CAN HAVE SAME
MODEL OF SECURITY IMPLEMENTATION
THE NEED IS CUSTOMISED MODELFOR EVERYONE
KEEP YOUR EYES OPEN
Know EAL of your product
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
39/41
Stringent
Security
Policies
Monitoringtools
Analysistools
Firewalls/UTMs
Cryptography
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
40/41
-
7/30/2019 IT SUMMIT : Next Generation Network security at AMITY,NOIDA,INDIA
41/41
Contact me at : [email protected]
I blog at http://anupriti.blogspot.com
mailto:[email protected]:[email protected]