importance of a multi-layered approach to cyber security
DESCRIPTION
Importance of a Multi-Layered Approach to Cyber Security. Ian Whiting, CEO Titania. What do we do?. We develop advanced security auditing software. Our products:. Awards & Memberships (2012). Won 2 Prestigious Security Awards in 2012. ISO 9001 Accredited in 2012 . Our Customers. - PowerPoint PPT PresentationTRANSCRIPT
w: www.titania.come: [email protected]
Importance of a Multi-LayeredApproach to Cyber Security
Ian Whiting, CEO Titania
w: www.titania.come: [email protected]
What do we do?
• We develop advanced security auditing software.
• Our products:
w: www.titania.come: [email protected]
Awards & Memberships (2012)
ISO 9001 Accredited in 2012
Won 2 Prestigious Security Awards in 2012
w: www.titania.come: [email protected]
Why Multi-Layered?
• Examples of single layer failures– Anti-Virus– Application Firewalls– State Subverted Code
w: www.titania.come: [email protected]
Anti-Virus (Weakness)
• All Vendors are Susceptible• Optimization Weaknesses:– Large Files– Virus Definition Databases– Pattern Intelligence– Encryption (Email and File)
w: www.titania.come: [email protected]
Anti-Virus (Defence)
• Use Multiple Anti-Virus Vendors• Virus Scanners:– E-Mail Server– Gateways– Server File Scanning– Client Machines
w: www.titania.come: [email protected]
Application Firewalls (Overview)
• These are firewall devices that understand application communications and is able to allow or disallow access based on configured rules.
w: www.titania.come: [email protected]
Application Firewalls (OSI)
Layer 7 Examples: HTTP, SMTP
Layer 4 Examples: TCP, UDP
Layer 3 Examples: IP, ICMP
Open Systems Interconnection (OSI) model (ISO/IEC 7498-1)
w: www.titania.come: [email protected]
Application Firewalls (Layers 1-6)
• What about the earlier OSI layers?• For a web server, TCP/IP connections must be
made.
w: www.titania.come: [email protected]
Application Firewalls (Performance)
• Once it has been established that network traffic is HTTP (for a web server), why keep checking?– Significant optimizations can be made once
assumptions are made by an application firewall.– It has already been checked once, why check
again?
w: www.titania.come: [email protected]
Application Firewalls (Encryption)
• If the application firewall cannot read the traffic, how can it make allow / deny decisions?
w: www.titania.come: [email protected]
Application Firewalls (Defence)
• Employ Traditional Firewall Technology to Supplement Application Firewalls.
• Decrypt the Network Traffic before the Application Firewall.
w: www.titania.come: [email protected]
State Subverted Code
• Huawei– Cheap Enterprise Network Devices– Some are Modified Cisco or 3COM / HP Clones– Manufactured in China– Security Issues Not Present In Original Hardware
w: www.titania.come: [email protected]
State Subverted Code
• BSD Crypto : FBI Backdoor - Gregory Perry– Used in VPN Connections.
• Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG)– Recommended by NIST SP 800-90– Output can be Predicted After Collecting 32 Bytes
of Data (http://rump2007.cr.yp.to/15-shumow.pdf)
w: www.titania.come: [email protected]
State Subverted Code (Defence)
• Firewalls– Use multiple devices from different
manufacturers.• Services– Use application firewalling, monitoring, IPS and
Anti-Virus / Anti-Malware.• Everything– Keep the software up-to-date.
