Professional Documents
Culture Documents
Anupam Tiwari
CCCSP,CEH
Ek din bik jayega, Matee ke mol Jag me reh jayenge pyare tere bol
A Good friend will be at your funeral. The Best friend will miss it because he will be too busy breaking into your house and trying to clean your browser history and all traces!!!!!!
GENERATION SECURITY ?
users locations,
applications they were running and the types of devices they were using were
known variables.
dedicated servers
in
IT organization controlled access to those applications and established boundaries to enforce security policies
The
TOUCHING MOMENT
HAPPY CISO!!!!!!
IT no
data center; it
BOTNETS
Attack Surface
CRIMEWARE as a SERVICE
access to India's telecommunications network and the ability to listen in on & record mobile landline and satellite calls and ) , and read
private emails, SMS and MMS and track the geographical
in real time.
Most organizations have security Policies and controls designed to enforce security policies. Proxies, remote access, and encrypted tunnel applications are specifically used to circumvent security controls like firewalls, URL filtering, IPS, and secure web gateways.
circumventors
The future firewall requires specific techniques to deal with all of these applications, regardless of port, protocol, encryption, or other evasive tactic. One more consideration: these applications are regularly updated to make them harder to detect and control. So it is important the future firewall can identify these circumvention applications , and will also ensure that your firewalls application intelligence is updated and maintained on an ongoing basis.
Decrypt
outbound SSL
Given the increasing adoption of HTTPS for many popular applications that end-users employ (e.g., Gmail, Facebook), and users ability to force SSL on many websites, network security teams have a large and growing blind spot without decrypting, classifying, controlling, and scanning SSL-encrypted traffic. Certainly, the future firewall must be flexible enough that certain types of SSL-encrypted traffic can be left alone (e.g., web traffic from financial services or health care organizations) while other types (e.g., SSL on nonstandard ports, HTTPS from unclassified websites can be decrypted via policy.
Enterprises continue to adopt collaborative applications hosted outside their physical locations.
Microsoft SharePoint, Google Docs, Box.net or Microsoft Office 365, or an extranet application hosted by a contractor or business partner,
collaborative
applications
These applications are considered to be a high-risk threat vector Furthermore, applications like Microsoft SharePoint rely on supporting technologies that are regular targets for exploits including Microsoft SQL Server or IIS.
There will always be unknown traffic and it will always represent significant risks to any organization.
For custom developed applications, there should be a way to develop a custom identifier so that traffic is counted as known.
Gmail which has the ability to spawn a Google Talk session from within the Gmail session. Gmail and Google Talk are fundamentally different applications, and your future firewall should recognize that, and enable the appropriate policy response for each.
WHAT DO WE DO TODAY?
NO TWO ORG or USERS CAN HAVE SAME MODEL OF SECURITY IMPLEMENTATION
MODEL
KEEP YOUR
EYES OPEN
Cryptography
Monitoring tools
Contact me at : anupamtiwari@fedoraproject.org
I blog at http://anupriti.blogspot.com