尊敬的 微信汇率:1円 ≈ 0.046166 元 支付宝汇率:1円 ≈ 0.046257元 [退出登录]
SlideShare a Scribd company logo

Eximbank security presentation

laonap166
laonap166

This document discusses network security solutions for Eximbank. It begins with an overview of network security and the need for an integrated defense-in-depth approach using firewalls, intrusion detection systems, antivirus software, vulnerability scanners, and centralized management. It then outlines types of attacks and provides a security blueprint. Specific solutions discussed include the Cisco PIX firewall, CheckPoint firewall, intrusion detection systems, antivirus systems, vulnerability scanners, and identity and policy management solutions. The document concludes with an overview of the proposed security design for Eximbank incorporating these various solutions.

Technology
1 of 65
Download to read offline
Thangns
Agenda SECURITY OVERVIEW TYPES OF ATTACK SECURITY BLUEPRINT FIREWALL AND IDS ANTIVIRUS SYSTEM SECURITY SCANNER SYSTEM SECURITY CENTRAL MANAGEMENT SYSTEM IDENTITY SECURITY DESIGN SOLUTION FOR EXIMBANK
SECURITY OVERVIEW
What is Network Security?  A process, not a product  An integrated system  Network security requires defense in depth, which includes:  Firewalls and router access control lists (ACLs)  Network- and host-based intrusion detection systems (NIDS and HIDS)  Scanners  Centralized security and policy management  Authentication, authorization, and accounting (AAA), access control servers, and certificate authorities  Encryption and virtual private networks (VPNs)
Why Integrated Network Security?  Everything is a target  Routers, switches, hosts, networks, applications, information, management tools  New breed of network attacks have multiple vectors that cannot be blocked by one device  Network security requires an integrated system  Layers of security are required  Embedded security throughout the network  Integrated security in network devices  Network management and reporting must be secure
Network Security Evolution— From Detection to ProtectionOperationalcapability Applications to services and complexity of network security Adaptive networks - Self-managing, self-healing - Security-aware networks Protection from threats - Comprehensive, integrated solutions Detection of threats - Reactive point products, some automation Block and hide - Manual, crypto solves all 1995 1985 Future Today Detection Protection
Complete Content Protection Network Security Must Evolve 1990 2000 Email Spam Viruses Trojans Worms Inappropriate Web Content INTELLIGENCE&THREATCOVERAGE 1995 2005 Denial of Service Attacks Deep Packet Inspection Sophisticated Intrusions Simple intrusions Stateful Inspection
0 5000 10000 15000 20000 25000 1988 1990 1992 1994 1996 1998 2000 Number of Intrusions Sophistic ation of hacker tools Source: CERT, Carnegie Mellon University Sweepers Disabling Audits Packet Forging/ Spoofing Password Guessing Self Replicating Code Password Cracking Back Doors Sniffers Stealth Diagnostics DDOS Technical knowledge required of hacker Exploiting Known Vulnerabilities Security Threats— On the rise, more dangerous, easier to launch
Service Name Port Number 30 day history Explanation epmap 135 DCE endpoint resolution nterm 1026 remote_login network_terminal icq 1027 icq instant messanger ms-sql-m 1434 Microsoft-SQL-Monitor netbios-ns 137 NETBIOS Name Service microsoft-ds 445 Win2k+ Server Message Block dabber 9898 [trojan] Dabber Worm backdoor sasser-ftp 5554 [trojan] Sasser Worm FTP Server mydoom 3127 W32/MyDoom, W32.Novarg.A backdoor netbios-ssn 139 NETBIOS Session Service Microsoft Security Bulletins for June 2004 Source: The SANS Institute Last update June 08, 2004 21:43 pm GMT
TYPES OF ATTACK
 Attack the listeners  Exploit bugs and misconfigurations  Buffer Overflow  Spoof the Client  Attack the Stack  Packet Mangling • Oversize, Fragmentation  Flooding
Who might attack you?  Hackers  A few talented people provide tools for thousands of kids  rootshell.com, insecure.org contain hundreds of tools  Opportunity targets  Customers  Themselves  Through stolen/guessed passwords
Who might attack you? (2)  Insiders  Through malice  Carelessness  Overwork  Competitors  “Denial of Service” attacks make you look bad  Customer lists for marketing
How Outsiders Attack  Look for known weaknesses  Misconfigured Software  Lots of sw has “more secure” configuration which is not turned on out of the box  Outdated software with known problems  Bad passwords
How outsiders attack (2)  Scanning tools (SATAN, sscan)  Make finding problems easy  Exploit tools  Make taking advantage of problems easy  Stealth tools  Make erasing logs easy
How insiders attack  Exactly the same as outsiders  Except that they are more effective
SECURITY BLUEPRINT
The Security Wheel Corporate Security Policy Monitor and Respond Audit/Test Manage and Improve Proactive Network Vulnerability Assessment Real-Time Intrusion Detection Secure Firewall, Encryption, Authentication Network Operations and Security Professionals
Deploy Security as an Integrated System Secure transport Card readers Security room CCTV Secured doors and vaults Surveillance and alarms Patrolling security guard Firewalls and router ACLs Network- and host-based intrusion detection Scanner Centralized security and policy management Identity, AAA, access control servers, and certificate authorities Encryption and virtual private networks (VPNs) Extended perimeter security Intrusion protection Intrusion protection Security management and policy Secure connectivityIdentity services II
FIREWALL
The types of Firewall  Dedicated Firewall Appliance  Cisco PIX Firewall  CrossBeam Security Service Switch  Application Firewall  CheckPoint Software  Microsoft ISA Server
The types of Firewall  Stateless Firewall  Stateful Firewall
Perimeter Networks Inside Network WWW DNS Email NT RAS Cisco Secure Java ActiveX URL Block Proxy Server Outside Network Internet PIX Firewall Topology
Cisco PIX Firewall 525  Supports up to eight 10/100 Fast Ethernet interfaces or three Gigabit Ethernet interfaces  More than 330 Mbps of firewall throughput  Handle more than 280,000 simultaneous sessions  High-availability services  Integrated hardware VPN acceleration  Up to 155 Mbps of Triple Data Encryption Standard (3DES) VPN throughput  170 Mbps of Advanced Encryption Standard-256 (AES) VPN throughput
CheckPoint Express
SmartCenter SmartDashboard
 Support 16 10/100 Ethernet interfaces and 2 fiber or copper Gigabit Ethernet interfaces  High speed Ethernet backplane with stack ports to guarantee high bandwidth between the Network Interface Module and Application Module  02 Gbps of firewall throughput  02 10/100 management ports  Broadcom BCM 1250 Network Processor and Pentium III 1.26 GHz Crossbeam Security Service Switch C30
Accelerated, Integrated Depth-of-Defense
Intrusion Detection Systems
 Anomaly vs. Signature Detection  Anomaly detection: Define normal, authorized activity, and consider everything else to be potential malicious  Misuse/signature detection: Explicitly define what activity should be considered malicious  Most commercial IDS products are signature- based  Host vs. Network-Based  Host- based: “Agent” software monitoring activity on hosts  Network-based: Collects and analyzes data from the network Intrusion Detection Systems
IDS Sensor Placement 31 Remote Office Corporate Network IDS Director Web Server Email Server Security Sensor Internet Engineering Finance Network Operation Center Hacker Inside Router Alert Encrypted VPN Pix Firewall Router Security Sensor Security Sensor Security Sensor Service Provider
ANTIVIRUS SYSTEM
$12.1 billion Melissa: $385m $17.5 Billion ILOVEYOU: $6.7 billion Sources: Total cost 1999: $12.1B, Computer Economics; Melissa various sources Total cost 2000: $1.5 T, Information Week Research fielded w/PricewaterhouseCoopers ; 10 billion, Computer Economics Annual Estimated Costs Computer Virus Damage 2000: 1999: Need an effective way to protect your corporate assets
E-mail is now the biggest virus threat! 87% of viruses come from email! *Source: ICSA (International Computer Security Association) Computer Virus Prevalence Survey 2000
Firewall’s functions Firewall STOP! Stop illegal entry 1. Authentication 2. Permission Check
What firewall can not do FireWall doesn’t check contents How can you find the bomb?
Stop malicious code at the gateway Firewall Interscan Viruswall STOP!
SECURITY SCANNER SYSTEM
 Automated network vulnerability assessment across servers, desktops, and infrastructure devices.  Integration with Enterprise Protection Platform for distributed vulnerability assessment and IDS/IPS correlation.  X-Force Security Intelligence ISS Internet Scanner
 Identifying security exposures in leading database applications.  Run independently of the database and quickly generates detailed reports with all the information needed to correctly configure and secure databases.  Automated Penetration Testing ISS Database Scanner
SECURITY CENTRAL MANAGEMENT SYSTEM
Solsoft Security Designer  Security Policy Definition by drag-and-drop of rules and objects instead of manual, complex coding.  Visual, object-oriented interface for creating firewall, firewall clusters, anti-spoofing, NAT, and VPN policies.  Importing of existing maps, objects and policies  Single security management application for all network security devices (switches, routers, firewalls, VPNs)  Class and Meta Class definitions  Security review on any network object
Solsoft Policy Server  Policy Based Management  Firewall and configuration including PKI and Pre-shared key support  Support for cluster configurations  Automatic validation and deployment of security rules  Policy versioning  Strong Auditing capabilities  Simple import and migration between devices of different brands including import from HP OpenView NAT rules generation  IPsec VPN
Solsoft Policy Server (Cont)  Centralized repository  User roles, privileges and workflow management  Support for all major security device vendors including Cisco, Check Point Systems, NetScreen and Nortel Networks as well as a number of challengers  Compatibility and interoperability with other network management systems  IPsec VPN
Solsoft Policy Server (Cont) Solsoft offers a true open platform for multi-vendor and multi-product support.
IDENTITY
The Expanding Access Environment
What is AAA? AUTHENTICATION – Who is allowed access? AUTHORIZATION – What are they allowed to do? ACCOUNTING – What did they do?
Cisco Access Control Server (ACS)
Cisco Secure ACS GUI
Putting All Together: THE SECURITY DESIGN SOLUTION FOR EXIMBANK
Catalyst 4003 Router 3620 with IOS Firewall Router 3620 CHỢ LỚN HÀ NỘI ĐÀ NẴNG CẦN THƠ VPN VPN VPN VPN Router 3620 with IOS Firewall Router 3620 with IOS Firewall 2 x Router 3640 Router 3620 with IOS Firewall HÒA BÌNH VPN VPN PIX Firewall 525 Web Server Mail Relay Proxy Antivirus Server WEB SenseWeb Cache Database Server Server Storage CA Server Aplication ServerMail Server IDS 4235 CrossBeam Firewall X45 Security Scanner HỘI SỞ Central Management Server URL filter and Antivirus Module DMZ Module APPLICATION SERVER MODULE DATABASE SERVER & STORAGE MODULE MANAGEMENT MODULE
FUTURE PLAN
How Is TRUST Achieved? A handshake meant trust. But now in an e-Business world... How do you build an infrastructure of trust?
Two-Factor Authentication Applications in Healthcare Intranet Mainframe Enterprise Unix Web Server Applications & Resources RAS RSA Agent Remote Access RSA ACE/Server Internet RSA Agent Internet Access VPN or Firewall E-Business Enterprise Access
The Expanding RSA SecurID Family  RSA SecurID hardware tokens  RSA SecurID software tokens  RSA SecurID smart cards  RSA SecurID for the Palm Computing Platform
Instrustion Prevention System  Assure the availability and security of desktops, application servers, and web service engines  Real-time detection and prevention of network intrusions against networks  Intelligent attack detection Identifying threats to business and blocking them Network Activity Example Overall Activity Approx 2.5 Gbytes/day Noise - Below the Radar One Effort – Looking Inside the Noise
CiscoWorks Security Information Management Solution (CW SIMS) Provides:  Complete Event Monitoring for SAFE  Real-time Event Correlation  Advanced Visualization  Integrated Threat Assessment  Comprehensive Reporting & Forensics  netForensics is a Primary Component of CW SIMS
netForensics SIM Technology Powerful and flexible 3-Tier architecture scales to any enterprise size  All netForensics components are fully distributable from one server to many  Console for Centralized configuration, reporting & maintenance of software  Agents Perform Event Collection & Normalization  Engines Aggregate & Correlate Events  Integrated database facilitates reporting, auditing & analysis  Master Engine supports Visualization of Correlated Events
Eximbank security presentation

Recommended

The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
GulshanAra14
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICES
webhostingguy
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Symantec
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network License
Robb Boyd
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control DesignIoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control Design
Priyanka Aash
 

Recommended

The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
Wireless Networking
Wireless NetworkingWireless Networking
Wireless Networking
GulshanAra14
 
SKIRE HOSTING SERVICES
SKIRE HOSTING SERVICESSKIRE HOSTING SERVICES
SKIRE HOSTING SERVICES
webhostingguy
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Symantec
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
gaurav koriya
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network License
Robb Boyd
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Roshan Ranabhat
 
IoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control DesignIoT Hardware Teardown, Security Testing & Control Design
IoT Hardware Teardown, Security Testing & Control Design
Priyanka Aash
 
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Hassan EL ALLOUSSI
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
IRJET Journal
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Devil's Cafe
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
Robb Boyd
 
A hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsA hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environments
Mohamed Jelidi
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
Priyanka Aash
 
Ids & ips
Ids & ipsIds & ips
Ids & ips
Lan & Wan Solutions
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
Priyanka Aash
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Mustafash79
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
Shah Sheikh
 
Double guard
Double guardDouble guard
Double guard
Divya Gowda
 
NIDS ppt
NIDS pptNIDS ppt
NIDS ppt
Mahendar Reddy
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEM
Apoorv Pandey
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
Network-Based Intrusion Detection System
Network-Based Intrusion Detection SystemNetwork-Based Intrusion Detection System
Network-Based Intrusion Detection System
johnb0118
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Nikhil Singh
 
Part 37 exchange server - recipient configuration - room mailbox -www.key4_...
Part 37 exchange server - recipient configuration - room mailbox -www.key4_...Part 37 exchange server - recipient configuration - room mailbox -www.key4_...
Part 37 exchange server - recipient configuration - room mailbox -www.key4_...laonap166
 
Goi y dap an on tap tot nghiep
Goi y dap an on tap tot nghiepGoi y dap an on tap tot nghiep
Goi y dap an on tap tot nghiep
laonap166
 

More Related Content

What's hot

Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Hassan EL ALLOUSSI
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
IRJET Journal
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
Devil's Cafe
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
Robb Boyd
 
A hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsA hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environments
Mohamed Jelidi
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
Priyanka Aash
 
Ids & ips
Ids & ipsIds & ips
Ids & ips
Lan & Wan Solutions
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Priyanka Aash
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Sweta Sharma
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
Priyanka Aash
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
Mustafash79
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
mmiznoni
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
Nikhil Raj
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
Shah Sheikh
 
Double guard
Double guardDouble guard
Double guard
Divya Gowda
 
NIDS ppt
NIDS pptNIDS ppt
NIDS ppt
Mahendar Reddy
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEM
Apoorv Pandey
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
Okehie Collins
 
Network-Based Intrusion Detection System
Network-Based Intrusion Detection SystemNetwork-Based Intrusion Detection System
Network-Based Intrusion Detection System
johnb0118
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
Nikhil Singh
 

What's hot (20)

Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
Cloud-based IDS architectures : APPLYING THE IDS APPROACHES INTO THE CLOUD EN...
 
IRJET - IDS for Wifi Security
IRJET - IDS for Wifi SecurityIRJET - IDS for Wifi Security
IRJET - IDS for Wifi Security
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
 
A hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environmentsA hybrid intrusion detection system for cloud computing environments
A hybrid intrusion detection system for cloud computing environments
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
Ids & ips
Ids & ipsIds & ips
Ids & ips
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 
Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security Overview of Google’s BeyondCorp Approach to Security
Overview of Google’s BeyondCorp Approach to Security
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
 
Sourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPSSourcefire Webinar - NEW GENERATION IPS
Sourcefire Webinar - NEW GENERATION IPS
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting DTS Solution - Wireless Security Protocols / PenTesting
DTS Solution - Wireless Security Protocols / PenTesting
 
Double guard
Double guardDouble guard
Double guard
 
NIDS ppt
NIDS pptNIDS ppt
NIDS ppt
 
AN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEMAN INTRUSION DETECTION SYSTEM
AN INTRUSION DETECTION SYSTEM
 
Intrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise NetworkIntrusion Detection and Prevention System in an Enterprise Network
Intrusion Detection and Prevention System in an Enterprise Network
 
Network-Based Intrusion Detection System
Network-Based Intrusion Detection SystemNetwork-Based Intrusion Detection System
Network-Based Intrusion Detection System
 
Intrusion detection system
Intrusion detection systemIntrusion detection system
Intrusion detection system
 

Viewers also liked

Part 37 exchange server - recipient configuration - room mailbox -www.key4_...
Part 37 exchange server - recipient configuration - room mailbox -www.key4_...Part 37 exchange server - recipient configuration - room mailbox -www.key4_...
Part 37 exchange server - recipient configuration - room mailbox -www.key4_...laonap166
 
Goi y dap an on tap tot nghiep
Goi y dap an on tap tot nghiepGoi y dap an on tap tot nghiep
Goi y dap an on tap tot nghiep
laonap166
 
Part 37 exchange server - email address policies -www.key4_vip.info
Part 37 exchange server - email address policies -www.key4_vip.infoPart 37 exchange server - email address policies -www.key4_vip.info
Part 37 exchange server - email address policies -www.key4_vip.infolaonap166
 
Bao cao14 bai thực tập công nhân DH BK DN
Bao cao14 bai thực tập công nhân DH BK DNBao cao14 bai thực tập công nhân DH BK DN
Bao cao14 bai thực tập công nhân DH BK DN
laonap166
 
Virtualization and high availability
Virtualization and high availabilityVirtualization and high availability
Virtualization and high availabilityHeo Gòm
 
Raid trong-windows-server
Raid trong-windows-serverRaid trong-windows-server
Raid trong-windows-server
laonap166
 
Full hướng dẫn cấu hình gns3 1.1
Full hướng dẫn cấu hình gns3 1.1Full hướng dẫn cấu hình gns3 1.1
Full hướng dẫn cấu hình gns3 1.1
laonap166
 
Co che bao_dong_virus_máy tính
Co che bao_dong_virus_máy tínhCo che bao_dong_virus_máy tính
Co che bao_dong_virus_máy tính
laonap166
 
Part 37 exchange server - recipient configuration - group -www.key4_vip.info
Part 37 exchange server - recipient configuration - group -www.key4_vip.infoPart 37 exchange server - recipient configuration - group -www.key4_vip.info
Part 37 exchange server - recipient configuration - group -www.key4_vip.infolaonap166
 
Backlink link exchange
Backlink link exchangeBacklink link exchange
Backlink link exchange
Nguyen Thi Thuy Duong
 
Software inventory
Software inventorySoftware inventory
Software inventory
laonap166
 
Part 37 exchange server - anti spam -www.key4_vip.info
Part 37 exchange server - anti spam -www.key4_vip.infoPart 37 exchange server - anti spam -www.key4_vip.info
Part 37 exchange server - anti spam -www.key4_vip.infolaonap166
 
Quản lý học sinh cấp 2
Quản lý học sinh cấp 2Quản lý học sinh cấp 2
Quản lý học sinh cấp 2
laonap166
 
Watch guard solution
Watch guard solutionWatch guard solution
Watch guard solution
laonap166
 
CHIA SẺ TÀI NGUYÊN TRONG LAN TRÊN NHIỀU HỆ ĐIỀU HÀNH
CHIA SẺ TÀI NGUYÊN TRONG LAN TRÊN NHIỀU HỆ ĐIỀU HÀNHCHIA SẺ TÀI NGUYÊN TRONG LAN TRÊN NHIỀU HỆ ĐIỀU HÀNH
CHIA SẺ TÀI NGUYÊN TRONG LAN TRÊN NHIỀU HỆ ĐIỀU HÀNH
laonap166
 
Bang so sanh cac dich vu email server
Bang so sanh cac dich vu email serverBang so sanh cac dich vu email server
Bang so sanh cac dich vu email server
laonap166
 
Báo cáo thực tập công nhân ghostcast server
Báo cáo thực tập công nhân ghostcast serverBáo cáo thực tập công nhân ghostcast server
Báo cáo thực tập công nhân ghostcast server
laonap166
 
Cài đặt exchange server 2013
Cài đặt exchange server 2013Cài đặt exchange server 2013
Cài đặt exchange server 2013
laonap166
 
Tạo User-Group-OU bằng PowerShell
Tạo User-Group-OU bằng PowerShellTạo User-Group-OU bằng PowerShell
Tạo User-Group-OU bằng PowerShell
laonap166
 
Vnpt meeting aver true_conf_vidyo
Vnpt meeting aver true_conf_vidyoVnpt meeting aver true_conf_vidyo
Vnpt meeting aver true_conf_vidyo
laonap166
 

Viewers also liked (20)

Part 37 exchange server - recipient configuration - room mailbox -www.key4_...
Part 37 exchange server - recipient configuration - room mailbox -www.key4_...Part 37 exchange server - recipient configuration - room mailbox -www.key4_...
Part 37 exchange server - recipient configuration - room mailbox -www.key4_...
 
Goi y dap an on tap tot nghiep
Goi y dap an on tap tot nghiepGoi y dap an on tap tot nghiep
Goi y dap an on tap tot nghiep
 
Part 37 exchange server - email address policies -www.key4_vip.info
Part 37 exchange server - email address policies -www.key4_vip.infoPart 37 exchange server - email address policies -www.key4_vip.info
Part 37 exchange server - email address policies -www.key4_vip.info
 
Bao cao14 bai thực tập công nhân DH BK DN
Bao cao14 bai thực tập công nhân DH BK DNBao cao14 bai thực tập công nhân DH BK DN
Bao cao14 bai thực tập công nhân DH BK DN
 
Virtualization and high availability
Virtualization and high availabilityVirtualization and high availability
Virtualization and high availability
 
Raid trong-windows-server
Raid trong-windows-serverRaid trong-windows-server
Raid trong-windows-server
 
Full hướng dẫn cấu hình gns3 1.1
Full hướng dẫn cấu hình gns3 1.1Full hướng dẫn cấu hình gns3 1.1
Full hướng dẫn cấu hình gns3 1.1
 
Co che bao_dong_virus_máy tính
Co che bao_dong_virus_máy tínhCo che bao_dong_virus_máy tính
Co che bao_dong_virus_máy tính
 
Part 37 exchange server - recipient configuration - group -www.key4_vip.info
Part 37 exchange server - recipient configuration - group -www.key4_vip.infoPart 37 exchange server - recipient configuration - group -www.key4_vip.info
Part 37 exchange server - recipient configuration - group -www.key4_vip.info
 
Backlink link exchange
Backlink link exchangeBacklink link exchange
Backlink link exchange
 
Software inventory
Software inventorySoftware inventory
Software inventory
 
Part 37 exchange server - anti spam -www.key4_vip.info
Part 37 exchange server - anti spam -www.key4_vip.infoPart 37 exchange server - anti spam -www.key4_vip.info
Part 37 exchange server - anti spam -www.key4_vip.info
 
Quản lý học sinh cấp 2
Quản lý học sinh cấp 2Quản lý học sinh cấp 2
Quản lý học sinh cấp 2
 
Watch guard solution
Watch guard solutionWatch guard solution
Watch guard solution
 
CHIA SẺ TÀI NGUYÊN TRONG LAN TRÊN NHIỀU HỆ ĐIỀU HÀNH
CHIA SẺ TÀI NGUYÊN TRONG LAN TRÊN NHIỀU HỆ ĐIỀU HÀNHCHIA SẺ TÀI NGUYÊN TRONG LAN TRÊN NHIỀU HỆ ĐIỀU HÀNH
CHIA SẺ TÀI NGUYÊN TRONG LAN TRÊN NHIỀU HỆ ĐIỀU HÀNH
 
Bang so sanh cac dich vu email server
Bang so sanh cac dich vu email serverBang so sanh cac dich vu email server
Bang so sanh cac dich vu email server
 
Báo cáo thực tập công nhân ghostcast server
Báo cáo thực tập công nhân ghostcast serverBáo cáo thực tập công nhân ghostcast server
Báo cáo thực tập công nhân ghostcast server
 
Cài đặt exchange server 2013
Cài đặt exchange server 2013Cài đặt exchange server 2013
Cài đặt exchange server 2013
 
Tạo User-Group-OU bằng PowerShell
Tạo User-Group-OU bằng PowerShellTạo User-Group-OU bằng PowerShell
Tạo User-Group-OU bằng PowerShell
 
Vnpt meeting aver true_conf_vidyo
Vnpt meeting aver true_conf_vidyoVnpt meeting aver true_conf_vidyo
Vnpt meeting aver true_conf_vidyo
 

Similar to Eximbank security presentation

Day4
Day4Day4
Day4
Jai4uk
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochure
George Wainblat
 
Network and web security
Network and web securityNetwork and web security
Network and web security
Nitesh Saitwal
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
Cisco Security
 
Network security
Network securityNetwork security
Network security
Sidiq Dwi Laksana
 
Intercept product
Intercept productIntercept product
Intercept product
David Pereira
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
Rishabh Dangwal
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
technext1
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
Uditha Bandara Wijerathna
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
ArjayBalberan1
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
NCCOMMS
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
Burak DAYIOGLU
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
Microsoft
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile Services
Miguel Ponce de Leon @ TSSG / Waterford Institute of Technology
 
unit 2 IT security solution.pptx
unit 2 IT security solution.pptxunit 2 IT security solution.pptx
unit 2 IT security solution.pptx
lochanrajdahal
 
Proactive Security That Works
Proactive Security That WorksProactive Security That Works
Proactive Security That Works
Brett L. Scott
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
CCG
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Security
xsy
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
TravarsaPrivateLimit
 
Firewall
FirewallFirewall
Firewall
trilokchandra prakash
 

Similar to Eximbank security presentation (20)

Day4
Day4Day4
Day4
 
Light sec for service providers brochure
Light sec for service providers brochureLight sec for service providers brochure
Light sec for service providers brochure
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Pervasive Security Across Your Extended Network
Pervasive Security Across Your Extended NetworkPervasive Security Across Your Extended Network
Pervasive Security Across Your Extended Network
 
Network security
Network securityNetwork security
Network security
 
Intercept product
Intercept productIntercept product
Intercept product
 
Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...Corporate Security Issues and countering them using Unified Threat Management...
Corporate Security Issues and countering them using Unified Threat Management...
 
Microsoft Platform Security Briefing
Microsoft Platform Security BriefingMicrosoft Platform Security Briefing
Microsoft Platform Security Briefing
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
 
Week Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptxWeek Topic Code Access vs Event Based.pptx
Week Topic Code Access vs Event Based.pptx
 
CSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri DiogenesCSF18 - Incident Response in the Cloud - Yuri Diogenes
CSF18 - Incident Response in the Cloud - Yuri Diogenes
 
Redefining Endpoint Security
Redefining Endpoint SecurityRedefining Endpoint Security
Redefining Endpoint Security
 
How to protect your corporate from advanced attacks
How to protect your corporate from advanced attacksHow to protect your corporate from advanced attacks
How to protect your corporate from advanced attacks
 
Euro mGov Securing Mobile Services
Euro mGov Securing Mobile ServicesEuro mGov Securing Mobile Services
Euro mGov Securing Mobile Services
 
unit 2 IT security solution.pptx
unit 2 IT security solution.pptxunit 2 IT security solution.pptx
unit 2 IT security solution.pptx
 
Proactive Security That Works
Proactive Security That WorksProactive Security That Works
Proactive Security That Works
 
Azure Fundamentals Part 3
Azure Fundamentals Part 3Azure Fundamentals Part 3
Azure Fundamentals Part 3
 
Essentials Of Security
Essentials Of SecurityEssentials Of Security
Essentials Of Security
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
Firewall
FirewallFirewall
Firewall
 

More from laonap166

Huong dan xu ly cac loi khi su dung phan mem reset may in
Huong dan xu ly cac loi khi su dung phan mem reset may inHuong dan xu ly cac loi khi su dung phan mem reset may in
Huong dan xu ly cac loi khi su dung phan mem reset may in
laonap166
 
Huong dan reset muc l200 epson
Huong dan reset muc l200 epsonHuong dan reset muc l200 epson
Huong dan reset muc l200 epson
laonap166
 
NEC Server Documents
NEC Server DocumentsNEC Server Documents
NEC Server Documents
laonap166
 
Mtcv giám đốc tt cntt
Mtcv giám đốc tt cnttMtcv giám đốc tt cntt
Mtcv giám đốc tt cntt
laonap166
 
Nếu bạn làm it bạn cần biết
Nếu bạn làm it bạn cần biếtNếu bạn làm it bạn cần biết
Nếu bạn làm it bạn cần biết
laonap166
 
Nhạp mon lap trinh khong code
Nhạp mon lap trinh khong code Nhạp mon lap trinh khong code
Nhạp mon lap trinh khong code
laonap166
 
Ha active active bang gfs2
Ha active active bang gfs2Ha active active bang gfs2
Ha active active bang gfs2
laonap166
 
Hướng dẫn cài đặt phần mềm turnoffmonitor
Hướng dẫn cài đặt phần mềm turnoffmonitorHướng dẫn cài đặt phần mềm turnoffmonitor
Hướng dẫn cài đặt phần mềm turnoffmonitor
laonap166
 
Bao cao web cake php
Bao cao web cake phpBao cao web cake php
Bao cao web cake php
laonap166
 
He 74 a-thltht-lãxuântâm-11tlt
He 74 a-thltht-lãxuântâm-11tltHe 74 a-thltht-lãxuântâm-11tlt
He 74 a-thltht-lãxuântâm-11tlt
laonap166
 
Quản lý cua hang giai khat lxt
Quản lý cua hang giai khat lxtQuản lý cua hang giai khat lxt
Quản lý cua hang giai khat lxt
laonap166
 
Ve ngoi nha lap trinh do hoa bang c
Ve ngoi nha lap trinh do hoa bang cVe ngoi nha lap trinh do hoa bang c
Ve ngoi nha lap trinh do hoa bang c
laonap166
 
Don xin thanh lap doanh nghiep lien doanh
Don xin thanh lap doanh nghiep lien doanhDon xin thanh lap doanh nghiep lien doanh
Don xin thanh lap doanh nghiep lien doanh
laonap166
 
Thu cam on khach hang
Thu cam on khach hangThu cam on khach hang
Thu cam on khach hang
laonap166
 
Cai dat su_dung_acronis_snapdeployforpc_debungfilebackuphangloat
Cai dat su_dung_acronis_snapdeployforpc_debungfilebackuphangloatCai dat su_dung_acronis_snapdeployforpc_debungfilebackuphangloat
Cai dat su_dung_acronis_snapdeployforpc_debungfilebackuphangloat
laonap166
 
Xd email server zimbra
Xd email server zimbraXd email server zimbra
Xd email server zimbra
laonap166
 
Tom tat ly thuyet thi bằng lái xe b2
Tom tat ly thuyet thi bằng lái xe b2Tom tat ly thuyet thi bằng lái xe b2
Tom tat ly thuyet thi bằng lái xe b2
laonap166
 
Policy Based Assignment DHCP – Windows Server 2012
Policy Based Assignment DHCP – Windows Server 2012Policy Based Assignment DHCP – Windows Server 2012
Policy Based Assignment DHCP – Windows Server 2012
laonap166
 
How to backup active directory domain services database in windows server 201...
How to backup active directory domain services database in windows server 201...How to backup active directory domain services database in windows server 201...
How to backup active directory domain services database in windows server 201...
laonap166
 
Dns backup and recovery in windows server 2012 r2
Dns backup and recovery in windows server 2012 r2Dns backup and recovery in windows server 2012 r2
Dns backup and recovery in windows server 2012 r2
laonap166
 

More from laonap166 (20)

Huong dan xu ly cac loi khi su dung phan mem reset may in
Huong dan xu ly cac loi khi su dung phan mem reset may inHuong dan xu ly cac loi khi su dung phan mem reset may in
Huong dan xu ly cac loi khi su dung phan mem reset may in
 
Huong dan reset muc l200 epson
Huong dan reset muc l200 epsonHuong dan reset muc l200 epson
Huong dan reset muc l200 epson
 
NEC Server Documents
NEC Server DocumentsNEC Server Documents
NEC Server Documents
 
Mtcv giám đốc tt cntt
Mtcv giám đốc tt cnttMtcv giám đốc tt cntt
Mtcv giám đốc tt cntt
 
Nếu bạn làm it bạn cần biết
Nếu bạn làm it bạn cần biếtNếu bạn làm it bạn cần biết
Nếu bạn làm it bạn cần biết
 
Nhạp mon lap trinh khong code
Nhạp mon lap trinh khong code Nhạp mon lap trinh khong code
Nhạp mon lap trinh khong code
 
Ha active active bang gfs2
Ha active active bang gfs2Ha active active bang gfs2
Ha active active bang gfs2
 
Hướng dẫn cài đặt phần mềm turnoffmonitor
Hướng dẫn cài đặt phần mềm turnoffmonitorHướng dẫn cài đặt phần mềm turnoffmonitor
Hướng dẫn cài đặt phần mềm turnoffmonitor
 
Bao cao web cake php
Bao cao web cake phpBao cao web cake php
Bao cao web cake php
 
He 74 a-thltht-lãxuântâm-11tlt
He 74 a-thltht-lãxuântâm-11tltHe 74 a-thltht-lãxuântâm-11tlt
He 74 a-thltht-lãxuântâm-11tlt
 
Quản lý cua hang giai khat lxt
Quản lý cua hang giai khat lxtQuản lý cua hang giai khat lxt
Quản lý cua hang giai khat lxt
 
Ve ngoi nha lap trinh do hoa bang c
Ve ngoi nha lap trinh do hoa bang cVe ngoi nha lap trinh do hoa bang c
Ve ngoi nha lap trinh do hoa bang c
 
Don xin thanh lap doanh nghiep lien doanh
Don xin thanh lap doanh nghiep lien doanhDon xin thanh lap doanh nghiep lien doanh
Don xin thanh lap doanh nghiep lien doanh
 
Thu cam on khach hang
Thu cam on khach hangThu cam on khach hang
Thu cam on khach hang
 
Cai dat su_dung_acronis_snapdeployforpc_debungfilebackuphangloat
Cai dat su_dung_acronis_snapdeployforpc_debungfilebackuphangloatCai dat su_dung_acronis_snapdeployforpc_debungfilebackuphangloat
Cai dat su_dung_acronis_snapdeployforpc_debungfilebackuphangloat
 
Xd email server zimbra
Xd email server zimbraXd email server zimbra
Xd email server zimbra
 
Tom tat ly thuyet thi bằng lái xe b2
Tom tat ly thuyet thi bằng lái xe b2Tom tat ly thuyet thi bằng lái xe b2
Tom tat ly thuyet thi bằng lái xe b2
 
Policy Based Assignment DHCP – Windows Server 2012
Policy Based Assignment DHCP – Windows Server 2012Policy Based Assignment DHCP – Windows Server 2012
Policy Based Assignment DHCP – Windows Server 2012
 
How to backup active directory domain services database in windows server 201...
How to backup active directory domain services database in windows server 201...How to backup active directory domain services database in windows server 201...
How to backup active directory domain services database in windows server 201...
 
Dns backup and recovery in windows server 2012 r2
Dns backup and recovery in windows server 2012 r2Dns backup and recovery in windows server 2012 r2
Dns backup and recovery in windows server 2012 r2
 

Recently uploaded

Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to SuccessMongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
ScyllaDB
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
Larry Smarr
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
Overkill Security
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
manji sharman06
 
Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0
Neeraj Kumar Singh
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
NTTDATA INTRAMART
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
Knoldus Inc.
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
ThousandEyes
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
Enterprise Knowledge
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
ScyllaDB Real-Time Event Processing with CDC
ScyllaDB Real-Time Event Processing with CDCScyllaDB Real-Time Event Processing with CDC
ScyllaDB Real-Time Event Processing with CDC
ScyllaDB
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
dipikamodels1
 
Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2
DianaGray10
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
AlexanderRichford
 

Recently uploaded (20)

Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to SuccessMongoDB to ScyllaDB: Technical Comparison and the Path to Success
MongoDB to ScyllaDB: Technical Comparison and the Path to Success
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
From NCSA to the National Research Platform
From NCSA to the National Research PlatformFrom NCSA to the National Research Platform
From NCSA to the National Research Platform
 
Fuxnet [EN] .pdf
Fuxnet [EN] .pdfFuxnet [EN] .pdf
Fuxnet [EN] .pdf
 
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
Call Girls Chandigarh🔥7023059433🔥Agency Profile Escorts in Chandigarh Availab...
 
Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0Chapter 5 - Managing Test Activities V4.0
Chapter 5 - Managing Test Activities V4.0
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
intra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_Enintra-mart Accel series 2024 Spring updates_En
intra-mart Accel series 2024 Spring updates_En
 
Facilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptxFacilitation Skills - When to Use and Why.pptx
Facilitation Skills - When to Use and Why.pptx
 
APJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes WebinarAPJC Introduction to ThousandEyes Webinar
APJC Introduction to ThousandEyes Webinar
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
Building a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data PlatformBuilding a Semantic Layer of your Data Platform
Building a Semantic Layer of your Data Platform
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
ScyllaDB Real-Time Event Processing with CDC
ScyllaDB Real-Time Event Processing with CDCScyllaDB Real-Time Event Processing with CDC
ScyllaDB Real-Time Event Processing with CDC
 
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
Call Girls Kochi 💯Call Us 🔝 7426014248 🔝 Independent Kochi Escorts Service Av...
 
Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2Communications Mining Series - Zero to Hero - Session 2
Communications Mining Series - Zero to Hero - Session 2
 
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...
 

Eximbank security presentation

  • 2. Agenda SECURITY OVERVIEW TYPES OF ATTACK SECURITY BLUEPRINT FIREWALL AND IDS ANTIVIRUS SYSTEM SECURITY SCANNER SYSTEM SECURITY CENTRAL MANAGEMENT SYSTEM IDENTITY SECURITY DESIGN SOLUTION FOR EXIMBANK
  • 4. What is Network Security?  A process, not a product  An integrated system  Network security requires defense in depth, which includes:  Firewalls and router access control lists (ACLs)  Network- and host-based intrusion detection systems (NIDS and HIDS)  Scanners  Centralized security and policy management  Authentication, authorization, and accounting (AAA), access control servers, and certificate authorities  Encryption and virtual private networks (VPNs)
  • 5. Why Integrated Network Security?  Everything is a target  Routers, switches, hosts, networks, applications, information, management tools  New breed of network attacks have multiple vectors that cannot be blocked by one device  Network security requires an integrated system  Layers of security are required  Embedded security throughout the network  Integrated security in network devices  Network management and reporting must be secure
  • 6. Network Security Evolution— From Detection to ProtectionOperationalcapability Applications to services and complexity of network security Adaptive networks - Self-managing, self-healing - Security-aware networks Protection from threats - Comprehensive, integrated solutions Detection of threats - Reactive point products, some automation Block and hide - Manual, crypto solves all 1995 1985 Future Today Detection Protection
  • 7. Complete Content Protection Network Security Must Evolve 1990 2000 Email Spam Viruses Trojans Worms Inappropriate Web Content INTELLIGENCE&THREATCOVERAGE 1995 2005 Denial of Service Attacks Deep Packet Inspection Sophisticated Intrusions Simple intrusions Stateful Inspection
  • 8. 0 5000 10000 15000 20000 25000 1988 1990 1992 1994 1996 1998 2000 Number of Intrusions Sophistic ation of hacker tools Source: CERT, Carnegie Mellon University Sweepers Disabling Audits Packet Forging/ Spoofing Password Guessing Self Replicating Code Password Cracking Back Doors Sniffers Stealth Diagnostics DDOS Technical knowledge required of hacker Exploiting Known Vulnerabilities Security Threats— On the rise, more dangerous, easier to launch
  • 9. Service Name Port Number 30 day history Explanation epmap 135 DCE endpoint resolution nterm 1026 remote_login network_terminal icq 1027 icq instant messanger ms-sql-m 1434 Microsoft-SQL-Monitor netbios-ns 137 NETBIOS Name Service microsoft-ds 445 Win2k+ Server Message Block dabber 9898 [trojan] Dabber Worm backdoor sasser-ftp 5554 [trojan] Sasser Worm FTP Server mydoom 3127 W32/MyDoom, W32.Novarg.A backdoor netbios-ssn 139 NETBIOS Session Service Microsoft Security Bulletins for June 2004 Source: The SANS Institute Last update June 08, 2004 21:43 pm GMT
  • 11.  Attack the listeners  Exploit bugs and misconfigurations  Buffer Overflow  Spoof the Client  Attack the Stack  Packet Mangling • Oversize, Fragmentation  Flooding
  • 12. Who might attack you?  Hackers  A few talented people provide tools for thousands of kids  rootshell.com, insecure.org contain hundreds of tools  Opportunity targets  Customers  Themselves  Through stolen/guessed passwords
  • 13. Who might attack you? (2)  Insiders  Through malice  Carelessness  Overwork  Competitors  “Denial of Service” attacks make you look bad  Customer lists for marketing
  • 14. How Outsiders Attack  Look for known weaknesses  Misconfigured Software  Lots of sw has “more secure” configuration which is not turned on out of the box  Outdated software with known problems  Bad passwords
  • 15. How outsiders attack (2)  Scanning tools (SATAN, sscan)  Make finding problems easy  Exploit tools  Make taking advantage of problems easy  Stealth tools  Make erasing logs easy
  • 16. How insiders attack  Exactly the same as outsiders  Except that they are more effective
  • 18. The Security Wheel Corporate Security Policy Monitor and Respond Audit/Test Manage and Improve Proactive Network Vulnerability Assessment Real-Time Intrusion Detection Secure Firewall, Encryption, Authentication Network Operations and Security Professionals
  • 19. Deploy Security as an Integrated System Secure transport Card readers Security room CCTV Secured doors and vaults Surveillance and alarms Patrolling security guard Firewalls and router ACLs Network- and host-based intrusion detection Scanner Centralized security and policy management Identity, AAA, access control servers, and certificate authorities Encryption and virtual private networks (VPNs) Extended perimeter security Intrusion protection Intrusion protection Security management and policy Secure connectivityIdentity services II
  • 21. The types of Firewall  Dedicated Firewall Appliance  Cisco PIX Firewall  CrossBeam Security Service Switch  Application Firewall  CheckPoint Software  Microsoft ISA Server
  • 22. The types of Firewall  Stateless Firewall  Stateful Firewall
  • 23. Perimeter Networks Inside Network WWW DNS Email NT RAS Cisco Secure Java ActiveX URL Block Proxy Server Outside Network Internet PIX Firewall Topology
  • 24. Cisco PIX Firewall 525  Supports up to eight 10/100 Fast Ethernet interfaces or three Gigabit Ethernet interfaces  More than 330 Mbps of firewall throughput  Handle more than 280,000 simultaneous sessions  High-availability services  Integrated hardware VPN acceleration  Up to 155 Mbps of Triple Data Encryption Standard (3DES) VPN throughput  170 Mbps of Advanced Encryption Standard-256 (AES) VPN throughput
  • 27.  Support 16 10/100 Ethernet interfaces and 2 fiber or copper Gigabit Ethernet interfaces  High speed Ethernet backplane with stack ports to guarantee high bandwidth between the Network Interface Module and Application Module  02 Gbps of firewall throughput  02 10/100 management ports  Broadcom BCM 1250 Network Processor and Pentium III 1.26 GHz Crossbeam Security Service Switch C30
  • 30.  Anomaly vs. Signature Detection  Anomaly detection: Define normal, authorized activity, and consider everything else to be potential malicious  Misuse/signature detection: Explicitly define what activity should be considered malicious  Most commercial IDS products are signature- based  Host vs. Network-Based  Host- based: “Agent” software monitoring activity on hosts  Network-based: Collects and analyzes data from the network Intrusion Detection Systems
  • 31. IDS Sensor Placement 31 Remote Office Corporate Network IDS Director Web Server Email Server Security Sensor Internet Engineering Finance Network Operation Center Hacker Inside Router Alert Encrypted VPN Pix Firewall Router Security Sensor Security Sensor Security Sensor Service Provider
  • 33. $12.1 billion Melissa: $385m $17.5 Billion ILOVEYOU: $6.7 billion Sources: Total cost 1999: $12.1B, Computer Economics; Melissa various sources Total cost 2000: $1.5 T, Information Week Research fielded w/PricewaterhouseCoopers ; 10 billion, Computer Economics Annual Estimated Costs Computer Virus Damage 2000: 1999: Need an effective way to protect your corporate assets
  • 34.
  • 35. E-mail is now the biggest virus threat! 87% of viruses come from email! *Source: ICSA (International Computer Security Association) Computer Virus Prevalence Survey 2000
  • 36. Firewall’s functions Firewall STOP! Stop illegal entry 1. Authentication 2. Permission Check
  • 37. What firewall can not do FireWall doesn’t check contents How can you find the bomb?
  • 38. Stop malicious code at the gateway Firewall Interscan Viruswall STOP!
  • 39.
  • 41.  Automated network vulnerability assessment across servers, desktops, and infrastructure devices.  Integration with Enterprise Protection Platform for distributed vulnerability assessment and IDS/IPS correlation.  X-Force Security Intelligence ISS Internet Scanner
  • 42.  Identifying security exposures in leading database applications.  Run independently of the database and quickly generates detailed reports with all the information needed to correctly configure and secure databases.  Automated Penetration Testing ISS Database Scanner
  • 43.
  • 45. Solsoft Security Designer  Security Policy Definition by drag-and-drop of rules and objects instead of manual, complex coding.  Visual, object-oriented interface for creating firewall, firewall clusters, anti-spoofing, NAT, and VPN policies.  Importing of existing maps, objects and policies  Single security management application for all network security devices (switches, routers, firewalls, VPNs)  Class and Meta Class definitions  Security review on any network object
  • 46.
  • 47. Solsoft Policy Server  Policy Based Management  Firewall and configuration including PKI and Pre-shared key support  Support for cluster configurations  Automatic validation and deployment of security rules  Policy versioning  Strong Auditing capabilities  Simple import and migration between devices of different brands including import from HP OpenView NAT rules generation  IPsec VPN
  • 48. Solsoft Policy Server (Cont)  Centralized repository  User roles, privileges and workflow management  Support for all major security device vendors including Cisco, Check Point Systems, NetScreen and Nortel Networks as well as a number of challengers  Compatibility and interoperability with other network management systems  IPsec VPN
  • 49.
  • 50. Solsoft Policy Server (Cont) Solsoft offers a true open platform for multi-vendor and multi-product support.
  • 52. The Expanding Access Environment
  • 53. What is AAA? AUTHENTICATION – Who is allowed access? AUTHORIZATION – What are they allowed to do? ACCOUNTING – What did they do?
  • 54. Cisco Access Control Server (ACS)
  • 56. Putting All Together: THE SECURITY DESIGN SOLUTION FOR EXIMBANK
  • 57. Catalyst 4003 Router 3620 with IOS Firewall Router 3620 CHỢ LỚN HÀ NỘI ĐÀ NẴNG CẦN THƠ VPN VPN VPN VPN Router 3620 with IOS Firewall Router 3620 with IOS Firewall 2 x Router 3640 Router 3620 with IOS Firewall HÒA BÌNH VPN VPN PIX Firewall 525 Web Server Mail Relay Proxy Antivirus Server WEB SenseWeb Cache Database Server Server Storage CA Server Aplication ServerMail Server IDS 4235 CrossBeam Firewall X45 Security Scanner HỘI SỞ Central Management Server URL filter and Antivirus Module DMZ Module APPLICATION SERVER MODULE DATABASE SERVER & STORAGE MODULE MANAGEMENT MODULE
  • 59. How Is TRUST Achieved? A handshake meant trust. But now in an e-Business world... How do you build an infrastructure of trust?
  • 60. Two-Factor Authentication Applications in Healthcare Intranet Mainframe Enterprise Unix Web Server Applications & Resources RAS RSA Agent Remote Access RSA ACE/Server Internet RSA Agent Internet Access VPN or Firewall E-Business Enterprise Access
  • 61. The Expanding RSA SecurID Family  RSA SecurID hardware tokens  RSA SecurID software tokens  RSA SecurID smart cards  RSA SecurID for the Palm Computing Platform
  • 62. Instrustion Prevention System  Assure the availability and security of desktops, application servers, and web service engines  Real-time detection and prevention of network intrusions against networks  Intelligent attack detection Identifying threats to business and blocking them Network Activity Example Overall Activity Approx 2.5 Gbytes/day Noise - Below the Radar One Effort – Looking Inside the Noise
  • 63. CiscoWorks Security Information Management Solution (CW SIMS) Provides:  Complete Event Monitoring for SAFE  Real-time Event Correlation  Advanced Visualization  Integrated Threat Assessment  Comprehensive Reporting & Forensics  netForensics is a Primary Component of CW SIMS
  • 64. netForensics SIM Technology Powerful and flexible 3-Tier architecture scales to any enterprise size  All netForensics components are fully distributable from one server to many  Console for Centralized configuration, reporting & maintenance of software  Agents Perform Event Collection & Normalization  Engines Aggregate & Correlate Events  Integrated database facilitates reporting, auditing & analysis  Master Engine supports Visualization of Correlated Events
  翻译: