architecting security across global networks

Download Architecting Security across global networks

Post on 19-Jan-2017

64 views

Category:

Documents

2 download

Embed Size (px)

TRANSCRIPT

  • Confidentiality level C1 | 8 August 20111

    Architecting Security

    across global networks

    Presented by Marco Ermini8 August 2011

  • Confidentiality level C1 | 8 August 20112

    A huge topic: where to start?

    Divide et impera

  • Confidentiality level C1 | 8 August 20113

    A huge topic: where to start?

    This will not be about how to architect a network, or about network

    security in general - it is about network visibility.

    Divide et impera

  • Confidentiality level C1 | 8 August 20114

    A huge topic: where to start?

    This will not be about how to architect a network, or about network

    security in general - it is about network visibility.

    You land in this complex company (or you acquire it) and you divide

    your tasks:

    Divide et impera

  • Confidentiality level C1 | 8 August 20115

    A huge topic: where to start?

    This will not be about how to architect a network, or about network

    security in general - it is about network visibility.

    You land in this complex company (or you acquire it) and you divide

    your tasks:

    1. Identify the networks

    Divide et impera

  • Confidentiality level C1 | 8 August 20116

    A huge topic: where to start?

    This will not be about how to architect a network, or about network

    security in general - it is about network visibility.

    You land in this complex company (or you acquire it) and you divide

    your tasks:

    1. Identify the networks

    2. Identify the challenges

    Divide et impera

  • Confidentiality level C1 | 8 August 20117

    A huge topic: where to start?

    This will not be about how to architect a network, or about network

    security in general - it is about network visibility.

    You land in this complex company (or you acquire it) and you divide

    your tasks:

    1. Identify the networks

    2. Identify the challenges

    3. Identify the alternatives

    Divide et impera

  • Confidentiality level C1 | 8 August 20118

    Architecting Securityacross global networks

    Identify the networks

    Identify the challenges

    Identify the alternatives

  • Confidentiality level C1 | 8 August 20119

    Identify the networks

    Network maps anyone?

  • Confidentiality level C1 | 8 August 201110

    Identify the networks

    Network maps anyone?

  • Confidentiality level C1 | 8 August 201111

    Identify the networks

    Network maps anyone?

  • Confidentiality level C1 | 8 August 201112

    Identify the networks

    Network maps anyone?

  • Confidentiality level C1 | 8 August 201113

    Identify the networks

  • Confidentiality level C1 | 8 August 201114

    Identify the networks

    Asset DB anyone?

  • Confidentiality level C1 | 8 August 201115

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

  • Confidentiality level C1 | 8 August 201116

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

  • Confidentiality level C1 | 8 August 201117

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

  • Confidentiality level C1 | 8 August 201118

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

    cs_os_name cs_os_versionnumber

    SOLARIS 10 IDM-AP3-P | SOLARIS 10 9/10 10 9/10 | 10 9/10

    SOLARIS 10 177

    SOLARIS 10 1/06 820

    SOLARIS 10 10/08 1413

    SOLARIS 10 10/08 | SOLARIS 10 10/08 1

    SOLARIS 10 10/09 1554

    SOLARIS 10 11/06 2164

    SOLARIS 10 3/05 35

    SOLARIS 10 5/08 259

    SOLARIS 10 5/08 | SOLARIS 10 5/08 3

    SOLARIS 10 5/09 725

    SOLARIS 10 6/06 278

    SOLARIS 10 8/07 397

    SOLARIS 10 8/11 3

    SOLARIS 10 9/10 3442

    SOLARIS 10 IDM-AP3-P | SOLARIS 10 9/10 1

    SOLARIS 10 X64 10

    SUN SOLARIS 10 4

  • Confidentiality level C1 | 8 August 201119

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

  • Confidentiality level C1 | 8 August 201120

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

    DB and Computers counted as different entities

  • Confidentiality level C1 | 8 August 201121

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

    DB and Computers counted as different entities

    80+ support groups (!!!) many of which clearly legacy or duplicated

  • Confidentiality level C1 | 8 August 201122

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

    DB and Computers counted as different entities

    80+ support groups (!!!) many of which clearly legacy or duplicated

    No unique correspondence between Asset DB entry and physical reality

  • Confidentiality level C1 | 8 August 201123

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

    DB and Computers counted as different entities

    80+ support groups (!!!) many of which clearly legacy or duplicated

    No unique correspondence between Asset DB entry and physical reality

    IP address field has space for only one entry (!!!)

  • Confidentiality level C1 | 8 August 201124

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

    DB and Computers counted as different entities

    80+ support groups (!!!) many of which clearly legacy or duplicated

    No unique correspondence between Asset DB entry and physical reality

    IP address field has space for only one entry (!!!)

    No way to do an automatic import, therefore many departments dont use it

  • Confidentiality level C1 | 8 August 201125

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

    DB and Computers counted as different entities

    80+ support groups (!!!) many of which clearly legacy or duplicated

    No unique correspondence between Asset DB entry and physical reality

    IP address field has space for only one entry (!!!)

    No way to do an automatic import, therefore many departments dont use it

    It relies on a special tool to fetch the data, but the tool is not ubiquitous

  • Confidentiality level C1 | 8 August 201126

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

    DB and Computers counted as different entities

    80+ support groups (!!!) many of which clearly legacy or duplicated

    No unique correspondence between Asset DB entry and physical reality

    IP address field has space for only one entry (!!!)

    No way to do an automatic import, therefore many departments dont use it

    It relies on a special tool to fetch the data, but the tool is not ubiquitous

    Almost 35000 entries, but no one knows if the data is qualitatively relevant

  • Confidentiality level C1 | 8 August 201127

    Identify the networks

    Asset DB anyone?

    Examples of our Asset DB:

    OS, OS version number, support group, IP address and DB version are free

    text fields

    OS: circa 240 counted, without including the version number!

    DB and Computers counted as different entities

    80+ support groups (!!!) many of which clearly legacy or duplicated

    No unique correspondence between Asset DB entry and physical reality

    IP address field has space for only one entry (!!!)

    No way to do an automatic import, therefore many departments dont use it

    It relies on a special tool to fetch the data, but the tool is not ubiquitous

    Almost 35000 entries, but no one knows if the data is qualitatively relevant

    No one is accountable for the data, only for the Asset DB tool in itself

  • Confidentiality level C1 | 8 August

Recommended

View more >