Professional Documents
Culture Documents
Agenda
What is ESP Goals of the ESP ESP Technology Overview
firewalls and intrusion detection systems Automated intrusion detection software developed for the ESP environment
2000 by Carnegie Mellon University
ESP Infrastructure
The Internet
Router
Firewall
Web Servers
To: George Marty From: Steve
Workstation
2000 by Carnegie Mellon University
Database Servers
Firewall
Router
Firewall
Web Servers
To: George Marty From: Steve
Workstation
2000 by Carnegie Mellon University
Database Servers
Firewall
10
11
The Internet
The Internet
Router
Firewall
Web Servers
To: George Marty From: Steve
Workstation
2000 by Carnegie Mellon University
Database Servers
Firewall
12
The Internet
The ESP technology makes one
assumption about the Internet
You can not trust it!
13
SSL Security
The Internet
Router
Firewall
Workstation
2000 by Carnegie Mellon University
Database Servers
Firewall
14
Firewall Strategy
The Internet
Router
Firewall
Multiple inline firewalls create more complex maze for intruders to navigate
To: George Marty From: Steve
Web Servers
Workstation
2000 by Carnegie Mellon University
Database Servers
Firewall
15
Firewall Strategy
Multiple firewalls randomly inserted
into the network topology
Sidewinder 5.0 www.securecomputing.com Guardian www.netguard.com Cisco Secure PIX Firewall www.cisco.com Linux IPchains www.linuxdocs.org
2000 by Carnegie Mellon University
16
Network Monitoring
The Internet
Router
Firewall
Passive network monitoring tools assist and automate the intrusion detection process
To: George Marty From: Steve
Web Servers
Workstation
2000 by Carnegie Mellon University
Database Servers
Firewall
17
Network Monitoring
Several passive network monitoring
agents are used to detect signs of intrusion
Real Secure 3.2 www.iss.net Snort 1.6.3 www.snort.org
18
Router
Firewall
To:
Web Servers
Workstation
2000 by Carnegie Mellon University
Database Servers
Firewall
19
20
Database Security
The Internet
Router
Firewall
The database only responds to authenticated requests from the Web servers
To: George Marty From: Steve
Web Servers
Workstation
2000 by Carnegie Mellon University
Database Servers
Firewall
21
Database Security
Database servers only except
communications from an authenticated IPsec session
www.ietf.org\rfc\rfc2401.txt
22