ENTERPRISE INFORMATION SECURITY SOLUTIONS

Improving security in a dynamic environment

In the networked business environment, security is not only critical; it has taken on a level of complexity that has affected organizations of all sizes worldwide. Network security today includes constant monitoring and management of both internal and external network operations. In order to retain their competitive agility and time-to-market responsiveness, businesses find they must maintain a level of openness and connectivity with vendors, partners, customers, and/or employees working remotely. This increased need for external connectivity places network infrastructures at greater risk than ever before.

Datanet Systems offers a full range of solutions for implementing and managing the security of the IP networks, based on the state-of-the-art Cisco Systems security product portfolio complemented by the professional services ensured by the technical teams of the company. Datanet Systems is a Cisco Gold Partner and Advanced Security Specialized partner and delivers through its technical staff, including CCIE, CCDP, CCSP, CCSI certified specialists, professional services for customizing each security implementation according to your business needs.

Recent changes in the IT&C security landscape and new problems induced

The vulnerability-threat window is continuing to close. The historical period of six months to address an identified vulnerability is no longer being afforded. For example, in August 2003, MSBLAST followed identification of the associated RPC DCOM vulnerability by only 26 days and the more recent Sasser worm - April 2004 - followed the Windows LSASS vulnerability by only 17 days. The propagation times for threats is rapidly decreasing. Slammer doubled its infection count every 8.5 seconds, reaching 90% of vulnerable hosts within 10 minutes. Mobility is another example with the additional consequence of diminishing the effectiveness of traditional Internet – Demilitarized Zone based approaches to providing security. The number of potential unauthorized entries in the networks is rapidly increasing and the implementation of the security policy should be changed accordingly. Need to comply with various governance and privacy regulations, such as the Sarbanes-Oxley Act, is another important factor influencing the security landscape. 

Those changes require that IT security professionals find solutions for the following problems:

● Drawing a distinction between an external and an internal threat is increasingly pointless. The source of a threat has simply become less relevant as network perimeters have become less well defined.

● Perimeter-oriented security strategies, while at one time adequate, are not now and never will be sufficient.

● The scale of the environment requiring protection is significantly greater, involving numerous networks and potentially thousands of systems.

● The scope of the environment is significantly greater, involving a much wider variety of both business applications and underlying protocols - not just HTTP, SMTP and the others associated with the DMZ.

● More types of users or groups must be managed.

● The internal network involves greater throughputs.

● Antivirus and Intrusion detection systems products are limited by their dependency on foreknowledge of attack signatures.

● Most firewalls lack sufficient application coverage and performance capabilities.

● Switch and other network infrastructure based products typically lack the visibility above the network layer.

 

The traditional information security approach is to build the defense system on several layers in order to reduce the chances of an attack to neutralizing all layers. This has led to the concept of “Defense in Depth.”

How to address the new problems in information security management

Until recently, most companies selected and implemented point products for reducing threats: anti-virus, intrusion detection systems, intrusion prevention systems, enhanced VPNs, firewall technologies, patch and configuration systems. Physical security, patching and configuration completed the implementation of the security policy for OS hardening, user administration and system audit.

In order to address the above problems there are some measures that essentially contributes to reducing the security risks that lead to a smarter, more reactive network designed to protect the hosts. Such a network will identify and correct attacks as close to their points of ingress into the network as possible. Compared with the perimeter security approach, the network and the corresponding operational processes should provide an enhanced security system with improved performance and because of the increased complexity of the attacks and security devices, enhanced management.

The most important measures to reduce the security risks today are:

- Internal segmentation - using routers, switches, and virtual LAN technology, supports logically or physically separating resources that require different levels of security.

- Internal firewall - provides the benefit of providing a more effective security barrier where needed.

- Operating system hardening - is essential at least for the most critical application platforms.

- User administration - involves explicitly provisioning which resources users have access to. Stronger user authentication is also very important. Reliance on simple username and password combinations was demonstrated to be insufficient in the long run.

- Monitoring for suspicious activity and attack protection - provides the ability to detect and stop both known and unknown threats from acting within otherwise allowed traffic streams. The goal is to stop both automated attacks, such as worms, and manually generated malicious activity.

- Application awareness and control - insures the ability to protect communications and computing resources based on application-layer information.

- Endpoint policy enforcement - provides access to networked services be conditional upon the findings of a real-time audit of the security and configuration status of the involved client device.

- Endpoint Protection - A new generation of host IPS products is implementing forms of behavioral security to detect and prevent viruses and worms from gaining a foothold on an endpoint system and prevents them from propagating across a network.

- Enhanced Management - The security solutions implemented shall have centralized management. In addition, support for scalable and flexible management of policies and configuration settings is important.

Security solutions provided by Datanet Systems

The security solutions provided by Datanet Systems are designed to provide the following main features:

• ● Remain active at all times,

• ● Perform unobtrusively,

• ● Minimize propagation of attacks,

• ● Quickly respond to as-yet unknown attacks.

The main blocks of the security solutions provided by Datanet Systems are:

The Threat Defense System - that comprises several critical technologies and products enabling security integrated in routers, switches and appliances: firewalls, network-based intrusion protection sensors, detection instrumentation, traffic isolation techniques and endpoint protection. The following products deliver these technologies:

• ● Endpoint Security

• ● Integrated Firewalls

• ● Network Intrusion Prevention

• ● DDoS Attack Detection and Mitigation

• ● Content Security

• ● Management and Monitoring

The Secure Connectivity System - that uses encryption and authentication capabilities to provide safe transport across unsecured networks. The system uses IPSec, SSL and MPLS VPN technologies along with standard authentication mechanisms. This system includes the following products:

• ● Site-to-site VPNs

• ● Remote Access VPNs

• ● Voice Security

• ● Wireless Security

• ● Solution Management and Monitoring

The Trust and Identity Management System – that provides access to business applications and networked resources based on a user’s specific privileges and rights. The system focuses on network-based admission control. After validating the identity of a user or device, and its compliance with corporate security policy, access to certain resources or portions of the network can be enabled. The Cisco Trust and Identity Management technology is comprised of three solution categories:

• ● Identity Management

• ● Identity Based Networking Services (IBNS)

• ● Network Admission Control (NAC)

All the measures to reduce the security risks described previously are implemented by Datanet Systems using appropriate products and services:

 

Ø Internal segmentation and firewalling - is ensured by the award-winning routers and firewalls offered by Datanet Systems, such as Cisco IOS routers with advanced security features (VLAN, firewall, IPSec VPN) and Cisco security appliances and security application modules provisioned in the LAN switches.

Ø Operating system hardening - is ensured as a service by Datanet Systems professional services team using the latest recommendations and best practices guidelines from different vendors.

Ø Controlled access to network resources - is ensured by access control servers and Network Admission Control technologies; enhanced user authentication is ensured by Datanet Systems by delivering CryptoCard One Time Password and X.509 digital certificate systems.

Ø Monitoring and attack protection - is ensured by implementing Cisco Systems IPS products. Those products provide enhanced protection based on application-layer information.

Ø Endpoint policy enforcement - is a central role of the Cisco Self Defending Networks solution provided by Datanet Systems. Cisco NAC Appliance (formerly Cisco Clean Access) is an easily deployed Network Admission Control (NAC) product that uses the network infrastructure to enforce security policy compliance on all devices seeking to access network computing resources.

Ø Centralized management - all the security solutions provided by Datanet Systems includes centralized management. In addition, Datanet Systems offers specialized solutions for centralized security log management.

Download Solution Presentation