Network Security Tough Love David Strom Sonicwall Sales Meeting 1/24/08 (new)
-
Upload
stephen-york -
Category
Documents
-
view
214 -
download
0
Transcript of Network Security Tough Love David Strom Sonicwall Sales Meeting 1/24/08 (new)
Network Security Network Security Tough LoveTough Love
David StromDavid Strom
Sonicwall Sales MeetingSonicwall Sales Meeting
1/24/08 (new)1/24/08 (new)
Security industry Security industry trendstrends
ExploitsExploits aplenty aplenty Vista is Vista is no cure-allno cure-all, quite the , quite the contrarycontrary
NAC going NAC going nowherenowhere Managed servicesManaged services bonanza bonanza
Exploits aplentyExploits aplenty
Symantec, Trend, others show Symantec, Trend, others show that hackers are getter smarter that hackers are getter smarter and more sophisticatedand more sophisticated
The browser is still a security The browser is still a security sinkholesinkhole
IM and p2p vectors gaining IM and p2p vectors gaining prominenceprominence
Lots of Lots of zero-dayzero-day attacks and attacks and bot bot netsnets
It is so easy to secure XP It is so easy to secure XP – NOT!– NOT!
-install latest patches, and enable Windows Update-install latest patches, and enable Windows Update-disable file and print sharing, disable DCOM-disable file and print sharing, disable DCOM-turn off several Windows services-turn off several Windows services-use autoruns and msconfig to disable more stuff-use autoruns and msconfig to disable more stuff-disable extension hiding and file sharing in Explorer-disable extension hiding and file sharing in Explorer-secure IE, then install and use Firefox & noscript -secure IE, then install and use Firefox & noscript
pluginplugin-install a firewall-install a firewall-install antivirus, antispyware, and Security Task -install antivirus, antispyware, and Security Task
ManagerManager-install a new hosts file to block ads and malicious -install a new hosts file to block ads and malicious
sitessites-create and always use an unprivileged account-create and always use an unprivileged account-if my kids will be using the computer, then use -if my kids will be using the computer, then use
Microsoft's Software Restriction PoliciesMicrosoft's Software Restriction Policies
(from SANS Internet Storm Center diary 10/17/07)(from SANS Internet Storm Center diary 10/17/07)
Vista is no panaceaVista is no panacea
First off, First off, fewfew IT shops are buying IT shops are buying Built-in firewall Built-in firewall stillstill comes up comes up lackinglacking
SANS comments SANS comments aren’t thrillingaren’t thrilling Graphics resources required are Graphics resources required are immenseimmense
Why are we still dealing with Why are we still dealing with driver issuesdriver issues nearly one year nearly one year post-launch?post-launch?
NAC is nowhereNAC is nowhere
Cisco, Microsoft both Cisco, Microsoft both loserslosers Agents everywhere and no one Agents everywhere and no one wants anything to do with themwants anything to do with them
One hacked laptop can still One hacked laptop can still ruin an ruin an entire networkentire network
Major vendors are still on Major vendors are still on 11stst generationgeneration tools, just barely tools, just barely
The bonanza of managed The bonanza of managed servicesservices
Hyper-specializationHyper-specialization for different for different kinds of MSPskinds of MSPs
Every small city now has its own MSPEvery small city now has its own MSP Outsourced Outsourced everythingeverything: data centers, : data centers, applications, backup, servers, even applications, backup, servers, even virtual PBX’svirtual PBX’s
Get away from break/fix and box Get away from break/fix and box pushingpushing
Two words: Two words: recurring revenuerecurring revenue!!
Old sayingOld saying
To keep your children totally To keep your children totally safe: don't let them out at allsafe: don't let them out at all
To keep your systems safe, To keep your systems safe, don't do any business at alldon't do any business at all
Now, let’s talk the real world Now, let’s talk the real world and assess and manage our and assess and manage our networks networks
Parental tough loveParental tough love
When to say “When to say “nono”” Let your kids Let your kids make their ownmake their own mistakesmistakes
Facing Facing consequencesconsequences Blended families Blended families have special have special issuesissues
When to say noWhen to say no
How to block the wrong kinds of How to block the wrong kinds of traffic (exploits and viruses)traffic (exploits and viruses)
How to block evil things like How to block evil things like p2p and IMp2p and IM
When your clients are using the When your clients are using the wrong gear wrong gear
When yes really means noWhen yes really means no
Learning from one’s Learning from one’s mistakesmistakes
Understanding IDS and firewall Understanding IDS and firewall logslogs
Know when to Know when to outsourceoutsource your your securitysecurity
Know when Cisco and Juniper Know when Cisco and Juniper don’t have the right solutions don’t have the right solutions for your clientsfor your clients
One VAR’s product mixOne VAR’s product mix
Juniper for VPNsJuniper for VPNs Avaya for VOIPAvaya for VOIP Extreme for routers and Extreme for routers and switchesswitches
Why isn’t Why isn’t Sonicwall in this mixSonicwall in this mix??
Facing consequencesFacing consequences
Under-powered firewallsUnder-powered firewalls Under-funded IT supportUnder-funded IT support Virtualization can open up Virtualization can open up security loopholessecurity loopholes
Blended family issuesBlended family issues
M&A doesn’t always work outM&A doesn’t always work out Cisco is still on a Cisco is still on a buying bingebuying binge
Aventail now part of our family Aventail now part of our family ((but a distant cousin stillbut a distant cousin still))
Even Even HPHP is buying security is buying security companies!companies!
More blended families: More blended families: the user perspectivethe user perspective
Merged IT systems means a lot Merged IT systems means a lot of finger-pointingof finger-pointing
Which alpha male dominates when Which alpha male dominates when it comes to security systems?it comes to security systems?
The user just wants to get his The user just wants to get his work done!work done!
So how does this So how does this translate?translate?
Learn how to Learn how to listenlisten to your to your customerscustomers
Treat them as Treat them as adultsadults even when even when they act as kidsthey act as kids
Don’t assume that Don’t assume that security by security by obscurityobscurity will keep working for will keep working for youyou
My potential Sonicwall My potential Sonicwall threatsthreats
LinksysLinksys will finally take hold will finally take hold of business marketsof business markets
SymantecSymantec will figure out how to will figure out how to sell security hardwaresell security hardware
MicrosoftMicrosoft will release a secure will release a secure version of Windowsversion of Windows
JuniperJuniper will integrate Netscreen will integrate Netscreen and Neoteris and become the NAC and Neoteris and become the NAC championchampion