Distributed Network Security

Agenda

Examples

Problems

Solutions?

Analysis

Effective solution

Network Partitioning Overview

What is Network Partitioning?

Typical applications

Why Network Partitioning versus others security techniques?

Does Network Partitioning satisfy everyone?

When use and advice Network Partitioning?

Performance issues of Network Partitioning

Scalability of Network Partitioning

Limitations of Network Partitioning

Application layer controls

Network Partitioning & Intrusion Detection Systems

VLANs, VPNs & IPsec management

Future of Network Partitioning

Network Partitioning Concepts

Domain

Service Flow

Class

Security Policy Enforcement Point (SPEP)

Security policy enforcement at network layer vs. application layer

Policy-Based Network Security Management

Policies

Policy trends & terminology

Security Policy

Network access security policy

Authentication

User policy

What is Policy-Based Network Security Management ?

How to go to Policy-Based Network Security Management ?

Abstraction level of Policy-Based Managment

Partitioning process

Tasks

Case with internal NOC within the company

Case with network service provider

Determine domains to partition

Determine service flows between domains

Apply the security policy on the service flows

Apply the service flows on filtering devices

Audit & validate the filtering devices policies

Update the service flows drawings

Organization

Security Office

Network Operation Center

Hardware & Software

Filtering Devices

Policy Definition Tool & filter generation

First configuration set-up

Cases studies

Internet security

Internet & extranet security

E-Commerce platform

ISP

Community ISP

Industry meshed network

Industry meshed & branches network

Bank branches network

Conclusion

References & resources

® © Hervé Schauer Consultants December 1999 - 142, rue de Rivoli - F-75001 Paris - France Phone: +33 141 409 700 - Fax: +33 141 409 709 - Email: <secretariat@hsc.fr>

- Page 2 -