Safeguarding OECD Safeguarding OECD Information AssetsInformation Assets

Frédéric CHALLALFrédéric CHALLAL

Head, Systems Engineering TeamHead, Systems Engineering Team

OECDOECD

AgendaAgenda

Network SecurityNetwork Security Remote AccessRemote Access Anti-Virus ProtectionAnti-Virus Protection E-mail Content Filtering and BlockingE-mail Content Filtering and Blocking Possible Future Directions Possible Future Directions

Network SecurityNetwork Security

Private NetworkPrivate Network

ExternalExternalFirewallFirewall

InternalInternalFirewallFirewall

Internet DMZInternet DMZ

Extranet DMZExtranet DMZ

SITASITA

X25X25

InternetInternetInternetInternet

Network SecurityNetwork Security

2 levels of firewalls for access control2 levels of firewalls for access control 2 separate DMZs to protect sensitive 2 separate DMZs to protect sensitive

informationinformation Outgoing Internet access through Outgoing Internet access through

application relaysapplication relays Intrusion detection systems on both Intrusion detection systems on both

DMZsDMZs Vulnerability scanning on a regular Vulnerability scanning on a regular

basisbasis

Intrusion Detection SystemIntrusion Detection System

Network sensor watching for attack Network sensor watching for attack signaturessignatures

Responses to suspicious activity:Responses to suspicious activity: Connection terminationConnection termination Alerts sent by E-mailAlerts sent by E-mail Session recordedSession recorded Other …Other …

Remote AccessRemote Access

Exchange Web SQL

Remote AccessRemote Access

For portables and Outlook Web Access For portables and Outlook Web Access users to access the OECD network, users to access the OECD network, two-two-factor authentication based on:factor authentication based on: A PIN number (known by the user)A PIN number (known by the user) An authenticator (either hardware or An authenticator (either hardware or

software) software)

Also based on Windows authentication Also based on Windows authentication to access network resourcesto access network resources

Anti-Virus ProtectionAnti-Virus Protection

NetworkNetworkServerServer

Gateway &Gateway &FirewallFirewall

InternetInternet

Poi

nt o

f E

ntry

Poi

nt o

f E

ntry

Point of EntryPoint of Entry Point of EntryPoint of Entry

E-mail & E-mail & SMTP relaySMTP relay

ClientClient

Prevention And DetectionPrevention And Detection Anti-Virus products from 2 different Anti-Virus products from 2 different

vendors installed on:vendors installed on: Desktops and laptopsDesktops and laptops File ServersFile Servers E-mail ServersE-mail Servers SMTP RelaysSMTP Relays

Signature updates on a weekly basisSignature updates on a weekly basis Scanning on PCs and servers on a weekly Scanning on PCs and servers on a weekly

basisbasis User EducationUser Education Being Prepared Being Prepared

Basic Network SecurityBasic Network Security Standard Disaster Recovery ProceduresStandard Disaster Recovery Procedures

E-mail Content Filtering and BlockingE-mail Content Filtering and Blocking

Implemented after the ILOVEYOU Implemented after the ILOVEYOU virusvirus

SMTP relay level filtering of all SMTP relay level filtering of all incoming and outgoing Internet incoming and outgoing Internet messages:messages: Scan for virusesScan for viruses Block « program » attachments and Block « program » attachments and

HTML scripts for 2 daysHTML scripts for 2 days Search for « suspicious » text strings in Search for « suspicious » text strings in

subjectsubject

Reporting to managementReporting to management

E-mail Content Filtering and BlockingE-mail Content Filtering and Blocking

W32/Navidad

W32/Navidad-B

Possible Future DirectionsPossible Future Directions

Outsource detection and reporting of Outsource detection and reporting of network vulnerabilitiesnetwork vulnerabilities

SSL for Outlook Web AccessSSL for Outlook Web Access Use RTBL to prevent spammingUse RTBL to prevent spamming Content inspection on HTTP/FTP Content inspection on HTTP/FTP

downloadsdownloads

Comments and Questions?Comments and Questions?