Jak nie dać się podejść...Ochrona przed atakami wewnętrznymina przykładzie sysytemuUAC Juniper Networks

Wojciech GłażewskiCountry ManagerJuniper Networks

Piotr KędraInżynier SystemowyJuniper Networks

Trendy

Dzisiejsza korporacja???

Dzisiejsza korporacja

Zagrożenia

RozwiązanieRozwiązanie

Jak to działa?

1.“Sales” user logs in from unpatched machine2.EX quarantines user – access patch server only – automatically remediated

4.User attempt to access “Finance” data blocked

3.Remediation success; full access grantedIC-EX establish VLAN, ACLs, and QoS for SessionUAC pushes role-based FW policies to SRXUAC pushes application-layer policies to IDP

Basic NAC Enforcement

1.“Sales” user logs in from unpatched machine2.Quarantined for automatic patch remediation

4.User attempt to access “Finance”5.data blocked

3.Remediation success; full access granted SA Session pushed to IC via IF-MAPUAC pushes role-based FW policies to SRXUAC pushes application-later policies to IDP

5. IDP Senses attack, informs IC SA terminates user sessionIC removes SRX/IDP access

Enterprise-wide Access Control

1.User accesses network

2.User attempts to access applications stored on Data Center

3. IDP detects network threat

4.Signals anomaly information to IC Series appliance

5. IC correlates network threat to specific user and device

6. IC pushes appropriate policy to UAC enforcement points

7.UAC enforcement points take appropriate access control actions against offending user and/or device

Coordinated Threat ControlUAC and IDP Series

UAC: Identity-Aware Securityand Access Control

Q&A

thank you