Embed Size (px)
Citation preview
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險
陳見綸陳見綸陳見綸陳見綸 ((((Richard Chen)Richard Chen)Richard Chen)Richard Chen)
講師介紹講師介紹講師介紹講師介紹
陳見綸 (Richard Chen)
� 友訊科技 乙太網路暨資訊安全產品處 專案經理
� 專業證照
─ CISSP-ISSAP, ISSMP
─ CISA, CISM, Security+
─ ISO27001 Lead Auditor
─ MCSE, MCDBA, MCSD
─ CCNA, RHCE, SCWCD
� 專業經驗
─ 資訊安全系統規劃及建置
─ 資訊安全管理系統 (ISMS) 建置導入
─ 資訊內控查核
─ 弱點偵測暨入侵偵測診斷評估
Agenda: 企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險
Risk Management
ERM (Enterprise Risk Management)
CSI 2007 Survey
D-Link’s Actions
Live Demo
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- Risk Management
依據 ISO/IEC27001:2005 本文之相關規定,羅列如下:
3.9 殘餘風險 (Residual Risk)
� The risk remaining after risk treatment
3.10 可接受之風險 (Risk Acceptance)
� Decision to accept a risk
3.11 風險分析 (Risk Analysis)
� Systematic use of information to identify sources and to estimate the risk
3.12 風險評鑑 (Risk Assessment)
� Overall process of risk analysis and risk evaluation
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- Risk Management
依據 ISO/IEC27001:2005 本文之相關規定,羅列如下: (續)
3.13 風險評估 (Risk Evaluation)
� Process of comparing the estimated risk against given risk criteria to determine the significance of the risk
3.14 風險管理 (Risk Management)
� Coordinated activities to direct and control an organization with regard to risk
3.15 風險處理 (Risk Treatment)
� Process of selection and implementation of measures to modify risk
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- Risk Management
依據 ISO/IEC27001:2005 本文之相關規定,整理如下:
風險管理 (Risk Management)
� 風險評鑑 (Risk Assessment)
─ 風險分析 (Risk Analysis)
─ 風險評估 (Risk Evaluation)
� 可接受之風險 (Risk Acceptance)
� 風險處理 (Risk Treatment)
� 殘餘風險 (Residual Risk)
Agenda: 企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險
Risk Management
ERM (Enterprise Risk Management)
CSI 2007 Survey
D-Link’s Actions
Live Demo
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- Enterprise Risk Management
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- Enterprise Risk Management
Key activities
Inputs
(S.O.R.)
Outputs
(Deliverables)
MeasureChange?
Resources Criteria Records
Ownership
資料來源:BSI資料來源:BSI
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- Enterprise Risk Management
資料來源:COSO Framework資料來源:COSO Framework
Agenda: 企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險
Risk Management
ERM (Enterprise Risk Management)
CSI 2007 Survey
D-Link’s Actions
Live Demo
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- CSI 2007 Survey
資料來源:CSI資料來源:CSI
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- CSI 2007 Survey
資料來源:CSI資料來源:CSI
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- CSI 2007 Survey
資料來源:CSI資料來源:CSI
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- CSI 2007 Survey
資料來源:CSI資料來源:CSI
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- Enterprise Risk Management
Interested PartiesInterested PartiesInterested PartiesInterested Parties有關單位團體有關單位團體有關單位團體有關單位團體
OrganizationOrganizationOrganizationOrganization企業組織企業組織企業組織企業組織
LitigationLitigationLitigationLitigation爭訟爭訟爭訟爭訟
Internal/External AuditInternal/External AuditInternal/External AuditInternal/External Audit內外部稽核內外部稽核內外部稽核內外部稽核
ShareholdersShareholdersShareholdersShareholders股東股東股東股東
EmployeesEmployeesEmployeesEmployees員工員工員工員工
CustomersCustomersCustomersCustomers客戶客戶客戶客戶
Integrity完整性完整性完整性完整性
Availability可用性可用性可用性可用性
Confidentiality機密性機密性機密性機密性
Risk風險風險風險風險
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- Enterprise Risk Management
Interested PartiesInterested PartiesInterested PartiesInterested Parties有關單位團體有關單位團體有關單位團體有關單位團體
OrganizationOrganizationOrganizationOrganization企業組織企業組織企業組織企業組織
LitigationLitigationLitigationLitigation爭訟爭訟爭訟爭訟
Internal/External AuditInternal/External AuditInternal/External AuditInternal/External Audit內外部稽核內外部稽核內外部稽核內外部稽核
ShareholdersShareholdersShareholdersShareholders股東股東股東股東
EmployeesEmployeesEmployeesEmployees員工員工員工員工
CustomersCustomersCustomersCustomers客戶客戶客戶客戶
People人員人員人員人員
Process流程流程流程流程
Technology技術技術技術技術
RiskManagement風險管控風險管控風險管控風險管控
Agenda: 企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險
Risk Management
ERM (Enterprise Risk Management)
CSI 2007 Survey
D-Link’s Actions
Live Demo
Enterprise Network� Joint Security
� Endpoint Security
� Gateway Security
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- D-Link’s Actions (End-to-End Security, E2ES)
NetDefend IPS/UTM Firewall Family
ICSA Labs Certified “Firewall 4.1 Corporate” Security Products
ICSA Labs Certified “IPSec 1.2 Enhanced” Security Products
Integrated firewall/VPN appliance
Multiple user-configurable Ethernet/Gigabit interfaces
Sufficient security features and outstanding performance
Unified threat management:
Intrusion Prevention Service (IPS)
Anti-Virus (AV) protection
Anti-SPAM
Web Content Filtering (WCF)
Bandwidth management
Fault tolerance
ZoneDefense
Unrestricted user support
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- D-Link’s Actions (Gateway Security)
Authentication 802.1X Authentication
Web-Based Access Control (WAC)
MAC-Based Access Control (MAC)
Authorization Dynamic VLAN Assignment
Guest VLAN Identity Based VLAN/QoS
Traffic control Traffic Segmentation Access Control List (ACL)
Node/Address Control
Port Security IP-MAC-Port Binding Loopback Detection
Attack Mitigation Content-based ACL IP-MAC-Port Binding Broadcast Storm control
D-Link has added various security features to xStack for the purposes of achieving threat control and containment. Features which include endpoint authentication, authorization, quarantine, and security policy enforcement help to ensure that only valid traffic is allowed through the switch.
Market proven from the success with ETTH/ETTB, campus network, and enterprise markets.
xStack Switch Endpoint Security :
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- D-Link’s Actions (Endpoint Security)
What D-Link Joint Security can provide?
An integrated total solution that provides access control and real-time defense
• Microsoft NAP
Evaluates security compliance before connection is permitted
Quarantine and remediate non-compliance users
Identity-based network admission control
ZoneDefense
Any malicious traffic detected by a NetDefend firewall can trigger an xStack switch to block them in real-time.
ZoneDefense technology allows NetDefend firewalls and xStack switches to jointly work as one big virtual security system, where NetDefend firewall is in charge of traffic inspection, and the xStack switch performs wire speed filtering at port level.
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- D-Link’s Actions (Joint Security)
Server
Client
Guest
Wireless
Radius
Remediation
DHCP
Applications
Router
xStack Switch
System Health Server
MicrosoftNetwork Policy Server
DHCP Enforcer
Hackers
Kiosk
Mobile User
Telecommuter
Partner
Thieves
NetDefend
UNPROTECTED
WAN
On-DemandPolicy Manager
802.1x Enforcement
Compliant Scenario:Before connection, you shouldhave username/password ortoken. After login, the system will check the compliance policy. If compliant, you are allowed to connect to the network
Password
Token
User Name
StatusEAP
Patch Updated
Service Pack Updated
Personal Firewall On
Anti-Virus Updated
Anti-Virus On
StatusHost Integrity Rule
Patch Updated
Service Pack Updated
Personal Firewall On
Anti-Virus Updated
Anti-Virus On
StatusHost Integrity Rule
Non-Compliant Scenario :
If client’s patch is not updated, it just can go to remediation server, health server and network policy server
Remediation Scenario :The client gets patch/virus pattern etc, To correct its health status
Guest Access Scenario :Guests are assigned restrictive access right to the network
NetDefend
Worms
If malicious attack happens!
Firewall informs xStack switch to block malicious
attacker’s IP traffic
Integrated Client-to-Gateway Protection that Ensures Secure Network
企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險- D-Link’s Actions (E2ES Summary)
Agenda: 企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險企業如何控管營運的資安風險
Risk Management
ERM (Enterprise Risk Management)
CSI 2007 Survey
D-Link’s Actions
Live Demo
