safeguarding oecd information assets frédéric challal head, systems engineering team oecd
TRANSCRIPT
Safeguarding OECD Safeguarding OECD Information AssetsInformation Assets
Frédéric CHALLALFrédéric CHALLAL
Head, Systems Engineering TeamHead, Systems Engineering Team
OECDOECD
AgendaAgenda
Network SecurityNetwork Security Remote AccessRemote Access Anti-Virus ProtectionAnti-Virus Protection E-mail Content Filtering and BlockingE-mail Content Filtering and Blocking Possible Future Directions Possible Future Directions
Network SecurityNetwork Security
Private NetworkPrivate Network
ExternalExternalFirewallFirewall
InternalInternalFirewallFirewall
Internet DMZInternet DMZ
Extranet DMZExtranet DMZ
SITASITA
X25X25
InternetInternetInternetInternet
Network SecurityNetwork Security
2 levels of firewalls for access control2 levels of firewalls for access control 2 separate DMZs to protect sensitive 2 separate DMZs to protect sensitive
informationinformation Outgoing Internet access through Outgoing Internet access through
application relaysapplication relays Intrusion detection systems on both Intrusion detection systems on both
DMZsDMZs Vulnerability scanning on a regular Vulnerability scanning on a regular
basisbasis
Intrusion Detection SystemIntrusion Detection System
Network sensor watching for attack Network sensor watching for attack signaturessignatures
Responses to suspicious activity:Responses to suspicious activity: Connection terminationConnection termination Alerts sent by E-mailAlerts sent by E-mail Session recordedSession recorded Other …Other …
Remote AccessRemote Access
Exchange Web SQL
Remote AccessRemote Access
For portables and Outlook Web Access For portables and Outlook Web Access users to access the OECD network, users to access the OECD network, two-two-factor authentication based on:factor authentication based on: A PIN number (known by the user)A PIN number (known by the user) An authenticator (either hardware or An authenticator (either hardware or
software) software)
Also based on Windows authentication Also based on Windows authentication to access network resourcesto access network resources
Anti-Virus ProtectionAnti-Virus Protection
NetworkNetworkServerServer
Gateway &Gateway &FirewallFirewall
InternetInternet
Poi
nt o
f E
ntry
Poi
nt o
f E
ntry
Point of EntryPoint of Entry Point of EntryPoint of Entry
E-mail & E-mail & SMTP relaySMTP relay
ClientClient
Prevention And DetectionPrevention And Detection Anti-Virus products from 2 different Anti-Virus products from 2 different
vendors installed on:vendors installed on: Desktops and laptopsDesktops and laptops File ServersFile Servers E-mail ServersE-mail Servers SMTP RelaysSMTP Relays
Signature updates on a weekly basisSignature updates on a weekly basis Scanning on PCs and servers on a weekly Scanning on PCs and servers on a weekly
basisbasis User EducationUser Education Being Prepared Being Prepared
Basic Network SecurityBasic Network Security Standard Disaster Recovery ProceduresStandard Disaster Recovery Procedures
E-mail Content Filtering and BlockingE-mail Content Filtering and Blocking
Implemented after the ILOVEYOU Implemented after the ILOVEYOU virusvirus
SMTP relay level filtering of all SMTP relay level filtering of all incoming and outgoing Internet incoming and outgoing Internet messages:messages: Scan for virusesScan for viruses Block « program » attachments and Block « program » attachments and
HTML scripts for 2 daysHTML scripts for 2 days Search for « suspicious » text strings in Search for « suspicious » text strings in
subjectsubject
Reporting to managementReporting to management
E-mail Content Filtering and BlockingE-mail Content Filtering and Blocking
W32/Navidad
W32/Navidad-B
Possible Future DirectionsPossible Future Directions
Outsource detection and reporting of Outsource detection and reporting of network vulnerabilitiesnetwork vulnerabilities
SSL for Outlook Web AccessSSL for Outlook Web Access Use RTBL to prevent spammingUse RTBL to prevent spamming Content inspection on HTTP/FTP Content inspection on HTTP/FTP
downloadsdownloads
Comments and Questions?Comments and Questions?